| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 10 Dec 2010 23:26:32 -0800 (PST)
From: Jhfjjf Hfdsjj <taser3000@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows is 100% self-modifying assembly code?
(Interesting security theory)
On 12/9/2010 8:39 PM, John Jester Wilham Patrick III wrote:
>
>>From Andrew Auernheimer's Diary / irc memories:
>
>Windows is written in pure, self-modifying assembly
>code. Notice how you can install 15 gigs of data from a
>single Windows install DVD, which can only hold 5 gigs?
>This is because the code is dynamically generated
>to
>
>minimize attack vectors. Any attempt to observe the
>static files on the disk will change how it looks in
>runtime. This is also why Windows needs to be updated so
>
>often, so the running code never looks like it did
>before.
>
>Does this sound true to you guys? Windows does seem to have
>updates that take forever and speed wise it always felt
>there was something going on. Whenever I leave my laptop
>alone, even when it's offline, indexing off, the computer is
>
>always working on stuff and you new know what it is.
>
>Maybe all applications with Windows compile on runtime for
>dynamic binaries, yet through .net's open, user-friendly API
>
>are still compatible?
>
>Balmer said he wanted to make Vista and 7 an OS that would
>not slow down after usage, but instead speed up. Windows is
>constantly reprogramming itself to suit the behavior of it's
>
>users and performing security and performance auditing.
>
>This is likely true - Think about it:
>
>All viruses are just malicious scripts. It's like saying
>*nix is insecure because script kiddies compile binaries and
>
>bash scripts that rm /.
>
>No one ever has ever had an attack vector against Windows 7
>or Vista. Please confirm.
>
Rofl!!! Do you seriously think that something that cool would be so crappy? Ive
heard of several attack vectors against windows 7 and vista, they are just 'new'
and the whitehat scene hasn't caught up quite yet. As for the inconsistent
storage size with installation, there is this nifty little thing called
compression, and most operating systems I know of have to dynamically create
certain files needed for post-installation, but that doesn't mean that it's 100%
dynamic code. Just some of it is necessary dynamic data. Afterall any c program
can get 'fat' during runtime by calling malloc one too many times :P Not to
mention the documentation on PE would totally screw with the whole constant
self-modification, you risk the chance of fucking with the binary portability
windows loves to bed with so much. And it has to be updated so often cause of
two reason 1.) It sucks and needs fixin or 2.) Operating systems simply go
through lots of change. Didn't linux used to be called the 'kernel-of-the-month
operating system'?
End point: you fail, commit seppuku.
Sincerely,
Some Kid....
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists