lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4D02E637.8080902@emmanuelcomputerconsulting.com>
Date: Fri, 10 Dec 2010 21:47:19 -0500
From: William Warren <hescominsoon@...anuelcomputerconsulting.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows is 100% self-modifying assembly code?
 (Interesting security theory)

On 12/9/2010 8:39 PM, John Jester Wilham Patrick III wrote:
>
> From Andrew Auernheimer's Diary / irc memories:
>
> Windows is written in pure, self-modifying assembly code. Notice how 
> you can install 15 gigs of data from a single Windows install DVD, 
> which can only hold 5 gigs? This is because the code is dynamically 
> generated to minimize attack vectors. Any attempt to observe the 
> static files on the disk will change how it looks in runtime. This is 
> also why Windows needs to be updated so often, so the running code 
> never looks like it did before.
>
> Does this sound true to you guys? Windows does seem to have updates 
> that take forever and speed wise it always felt there was something 
> going on.  Whenever I leave my laptop alone, even when it's offline, 
> indexing off, the computer is always working on stuff and you new know 
> what it is.
>
> Maybe all applications with Windows compile on runtime for dynamic 
> binaries, yet through .net's open, user-friendly API are still compatible?
>
> Balmer said he wanted to make Vista and 7 an OS that would not slow 
> down after usage, but instead speed up. Windows is constantly 
> reprogramming itself to suit the behavior of it's users and performing 
> security and performance auditing.
>
> This is likely true - Think about it:
>
> All viruses are just malicious scripts. It's like saying *nix is 
> insecure because script kiddies compile binaries and bash scripts that 
> rm /.
>
> No one ever has ever had an attack vector against Windows 7 or Vista. 
> Please confirm.
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Whoever wrote this is on something.  All you have to do is look at any 
decent security list to see the attack vectors that have been found..:)

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ