首页
社区
课程
招聘
[原创]关于滴水的VT调试器
发表于: 2009-8-19 22:34 350562

[原创]关于滴水的VT调试器

2009-8-19 22:34
350562
收藏
免费 9
支持
分享
最新回复 (295)
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
51
市场方面我们不过多讨论

原来AMD的CPU已经支持Nested hypervisors,太牛X了,不过Intel的还不支持。单机太不容易检测了,还是靠网络吧~~

TLB那个方法我听说过,我不懂原理就不多说了
2009-8-25 14:42
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
52
检测VT方法很简单,比较内存转换的效率即可!具体的技术细节就不说了,你们自己好好研究研究吧。---所谓猥亵的方法就是让大家一起崩溃吧。呵呵呵,估计游戏厂商不想关门!
2009-8-25 18:12
0
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
53
一般玩家,不去调试,是不会崩溃的
调试,就重启,恢复钩子就蓝屏,例子:nProtect,XTRAP,TenProtect

人家活着好好的,不会关门的
2009-8-25 19:53
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
54
无语,不了解技术细节自然就会简单的这样认为了。期待有人能早点做出一个这样的anti来,这比什么都更有说服力。-这个世上会说的人很多,但会做的人不多,真正做出来的人就更少了。。。。。。
2009-8-25 20:03
0
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
55
我不知道你说的是什么技术,但是你也不知道我说的是什么anti。。。
猥琐的anti,不需要高深的技术
我只知道,游戏公司不会关门

双机版我没法尝试
等你的单机版出来再说
2009-8-25 20:27
0
雪    币: 4399
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
56
没有银弹呀
更没有万能的调试工具
wildox的DTdebug也许是不错,但是很明显海风月影更具有说服力,debug对于anti来说,就好比类似于病毒的存在,你的滴水适应不适应的了时代,还是得靠你的努力,而不是在这里搞人身攻击哦
pediy的牛人,可是远远超乎你的想象哦
2009-8-25 20:39
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
57
我们还是不要光说不做吧,少些争论,干点实事。我们已经做出来了,就等你的anti了。理论需要实践来证明。至少目前我们没有发现过不了的anti。。。。。。
2009-8-25 20:43
0
雪    币: 4399
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
58
其实你的意图大家都明白
其实你做的是reverseme
其实你仅仅想验证你的debug能不能被anti掉
等anti吗?可以,只要你开价的2倍,600w
2009-8-25 20:55
0
雪    币: 256
活跃值: (1699)
能力值: ( LV9,RANK:410 )
在线值:
发帖
回帖
粉丝
59
不是很懂,不过还是受益了!
2009-8-25 22:48
0
雪    币: 247
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
60
1. 怎么查看自己的cpu是否有vt呢

2. 争吵是没用的, wildox的DTdebug也许是不错, 不过还没有占领市场, 如果你有了市场, 网游公司才会考虑反调试吧
2009-8-26 10:45
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
61
下载DTdebug试用版,安装一下,程序自动检测VT。下载地址:www.dtdishui.com
2009-8-26 15:33
0
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
62
下载附件,运行
见图片:这样就是支持VT-x,并且BIOS开启了VT-x
上传的附件:
2009-8-26 15:36
0
雪    币: 253
活跃值: (11)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
63
感谢海风月影的科普
技术在进步啊 也支持一下DTdebug
2009-8-26 16:33
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
64
[QUOTE=海风月影;676844]下载附件,运行
见图片:这样就是支持VT-x,并且BIOS开启了VT-x
[/QUOTE]

开眼界了。这个东东在虚拟机里也能检测出VT,头一次见过虚拟VT CPU,神奇啊。。。。。。什么人做的什么东东啊,这玩意也能相信?
2009-8-26 19:53
0
雪    币: 8209
活跃值: (4528)
能力值: ( LV15,RANK:2473 )
在线值:
发帖
回帖
粉丝
65
也许人家可以跨虚拟机检测出真机呢
2009-8-26 20:27
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
66
是比较特征码的东东?不是真正的VT cpu检测吧,试试我们程序自带的VT检测跟这个东东有什么区别?下一个试用版安装包试试吧!
2009-8-26 20:44
0
雪    币: 8209
活跃值: (4528)
能力值: ( LV15,RANK:2473 )
在线值:
发帖
回帖
粉丝
67
没什么诱惑力,不浪费带宽
2009-8-26 21:06
0
雪    币: 2067
活跃值: (82)
能力值: ( LV9,RANK:180 )
在线值:
发帖
回帖
粉丝
68
没源码没真像
源码放出来看看吧.
2009-8-26 21:08
0
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
69
说这个话你就太有失水平了
1,这个东西是权威的检测CPU安全性的小工具,检测是否支持64位,DEP,硬件虚拟化3个功能,大家都是用这个去检测
2,50和51楼已经说了,AMD的CPU支持嵌套虚拟化,因此,在虚拟机里面继续开VT,不是难事(而且已经有人做出来了,你们居然还没做出来?

另外,在虚拟机里面能检测出来,也有可能说明你的虚拟机太烂了

千万不要说开了你们VT调试器后能检测出VT,那样我会到的

不多说,大家用VMWARE 6.5.0以上版本测试,上图:
上传的附件:
  • 1.jpg (195.82kb,41次下载)
2009-8-26 21:24
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
70
哦,原来VMWARE6.0以下都是垃圾,6.5以上才是好东西。。。。。。。VMWARE6.0以下都不支持,还什么权威。。。。。晕!难道这个东东要跟VMWARE比谁更权威?
你应该直接检测我们的VT调试器而不是VT,看你的本事了!真不知道你想说什么。。。。。VT用得着反复检测嘛,检测VT有什么用啊。。。。。
上传的附件:
2009-8-26 21:45
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
71
“AMD的CPU支持嵌套虚拟化,因此,在虚拟机里面继续开VT,不是难事”---你说的虚拟机嵌套好像也不对哦!没有哪家公司的CPU支持VT嵌套。所谓的AMD嵌套是指分页嵌套,不是VT虚拟机嵌套,更不是嵌套虚拟化。你英文不好?建议你好好学学英文。。。。。。。。研究好了再说,误人子弟就不好了。。。。。。
2009-8-26 21:54
0
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
72
我英文真的不好,我只知道,别人的驱动DEMO,在AMD真机开了SVM后,可以运行VPC,VPC里面还可以继续用这个驱动DEMO开SVM。不知道这个是什么模式,不会描述

你上面的那个图我解释一下:
1,你的VMWARE 6.0确实可以升级了,这个算是小BUG,不过VMWARE 6.5修复了,但是没告诉你
2,Locked ON 和 YES的区别是:Locked ON表示MSR的0x3A位置读取成功,并且bit0 bit2都是1。
而YES的意思是MSR的0x3A位置读取失败,但是cpuid指令,eax传入1,ecx的bit5(VMX位)却是1。

你外面的显示是Locked ON,这个是BIOS已经开启,里面显示的是YES,表示BIOS不支持,但是CPU支持。难道测错了吗?你觉得是不是你vmware 6.0的小BUG吗?换vmware 6.5.x这个BUG已经修复了。

如果你说这个不权威,非常好,你去下载一个everest的最新版,去测试一下CPUID,是不是在Virtual Machine Extensions (Vanderpool) 后面打了一个勾。千万不要说everest不够权威。

最后,你可以说securable不够权威,但是我觉得securable比你的DT调试器测试版权威多了

补充一下everest的下载地址,防止你不知道
http://www.crsky.com/soft/5904.html
2009-8-26 22:52
0
雪    币: 21
活跃值: (44)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
73
这个DEMO跟你发的securable的BUG是一样的,在真实机里能检测到VT,在虚拟机里也检测到VT,只是检测,而不是开启运行!
我们的自带检测程序无论哪个版本的VMWARE检测都是正确的。应该说是securable的BUG,而不是VMWARE的BUG。
你真的该耐心细致的做些研究,打好基本功,切不可望文生义!你文章里说的错误太多,这里就不一一指出了。。。。。。。
在这里之所以回复,只是希望不要让更多的人受到误导而已。。。。。。谦虚使人进步。。。。。。
2009-8-26 23:14
0
雪    币: 7325
活跃值: (3803)
能力值: (RANK:1130 )
在线值:
发帖
回帖
粉丝
74
你又来了
我已经解释得很清楚了,先检测是Locked ON还是Locked OFF,如果读取失败,就判断cpuid,cpuid显示支持,那么就是YES。用鼠标左键点击一下那个大大的YES,看一下里面的解释,哪一句话告诉你可以开启运行了?

还不承认是VMWARE的BUG,为什么我的高版本VMWARE不能重现???难道这个工具会辨认VMWARE版本??那你换everest测试啊

明天我去公司找一个VMWARE 6.0,用everest截一个图发给你看看

你们调试技术强大,为什么不逆一下securable的判断流程呢?
最后,我copy一段securable里面的判断流程给大家看一下:
004020F7               .  F705 A2784000 00000100 test    dword ptr [4078A2], 10000                            ;  Case 3 of switch 00402027
00402101               .  74 18                  je      short 0040211B
00402103               .  BB 6E744000            mov     ebx, 0040746E                                        ;  ASCII "LockedOff"
00402108               .  F705 A2784000 00000200 test    dword ptr [4078A2], 20000
00402112               .  74 52                  je      short 00402166
00402114               .  BB 78744000            mov     ebx, 00407478                                        ;  ASCII "LockedOn"
00402119               .  EB 4B                  jmp     short 00402166
0040211B               >  BB 36744000            mov     ebx, 00407436                                        ;  ASCII "NoVirt"
00402120               .  F705 A2784000 00200000 test    dword ptr [4078A2], 2000
0040212A               .  74 3A                  je      short 00402166
0040212C               .  BB 3D744000            mov     ebx, 0040743D                                        ;  ASCII "YesVirt"
00402131               .  F705 A2784000 40000400 test    dword ptr [4078A2], 40040
0040213B               .  75 29                  jnz     short 00402166
0040213D               .  BB 45744000            mov     ebx, 00407445                                        ;  ASCII "YesVirtNoAdmin"
00402142               .  F705 A2784000 01000000 test    dword ptr [4078A2], 1
0040214C               .  74 07                  je      short 00402155
0040214E               .  BB 54744000            mov     ebx, 00407454                                        ;  ASCII "YesVirtWin9x"
00402153               .  EB 11                  jmp     short 00402166
00402155               >  F705 A2784000 02000000 test    dword ptr [4078A2], 2
0040215F               .  74 05                  je      short 00402166
00402161               .  BB 61744000            mov     ebx, 00407461                                        ;  ASCII "YesVirtWin64"
00402166               >  53                     push    ebx                                                  ; /Arg2
00402167               .  68 BC7A4000            push    00407ABC                                             ; |Arg1 = 00407ABC
0040216C               .  E8 62100000            call    004031D3                                             ; \securabl.004031D3

2009-8-26 23:24
0
雪    币: 251
活跃值: (15)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
75
这个软件不会去试一下开个虚拟机然后判断cpu是否支持虚拟化
主要是用CPUID检测,还有一个32位的驱动读MSR
一般正常的虚拟机不太会去篡改CPUID,至于MSR,虚拟机是肯定不能让你乱写的,读的话就不太清楚了,或许要看虚拟机的实现。所以在虚拟机里能检测到一些信息,至少是否支持的信息应该是准确的了。

[32Bits]

Only 32-Bit Processing

This processor does not offer 64-bit modes of operation. This means that this system will not be able to run the significantly more secure 64-bit versions of Microsoft's XP or Vista operating systems.

However, since 64-bit Windows systems experience significant application and driver compatibility challenges, especially with older "legacy" hardware, it is not clear how practical running 64-bit Windows on older systems would be anyway.

[64Bits]

64-Bit Processing Available

This processor does offer 64-bit modes of operation. This means that this system is able to run the significantly more secure 64-bit versions of Microsoft's Windows XP and Vista operating systems.

The biggest challenge for 64-bit Windows systems is the fact that existing 32-bit device drivers cannot be used by the 64-bit operating system kernel. So if you do plan to try switching to 64-bit Windows, you should be sure to have a means for reverting to 32-bit operation if your system's hardware turns out to be incompatible with 64-bit operation. Many people have reverted to 32-bit operation after bravely giving 64-bits a try for a short time.

[YesDEP]

Hardware DEP Available

This processor does support hardware-based data execution prevention (DEP).

When hardware DEP support is teamed up with a properly configured operating system (and that part is crucial), computer security mistakes involving the deliberate overrunning of communications buffers can be automatically detected and prevented throughout the entire computer system. This makes data execution prevention, when available and active, the single most promising improvement for PC security ever. Really.

It is very important to note, however, that hardware support for DEP is only one of several enabling requirements that must be met before any benefit can be obtained. GRC will be following up the release of SecurAble with another powerful tool, DEPuty, that will help to properly configure, test and verify the operation of your system's critical DEP subsystem.

[NoDEP]

Hardware DEP not Available

This processor does not offer Data Execution Prevention.

Unfortunately, this system's hardware is unable to assist in the prevention of the execution of code deliberately injected into communications buffers as a means for remotely infecting systems during Internet communications.

Properly written software could and should prevent this - and most software certainly does. But years of experience with widely exploited "buffer overrun" vulnerabilities, even years after they had been clearly and repeatedly identified as the biggest security problem in the PC industry, proves that adding hardware-enforced system-wide prohibition against the inadvertent execution of data can do more for system security than any other technology the industry has created.

DEP technology is such a powerful solution to this largest of all Internet-related security problems that you should verify that any future systems you acquire absolutely offer hardware DEP support.

This free SecurAble utility may be used to quickly and easily verify any system's hardware DEP support at any time.

[DEPdisabled]

Hardware DEP Disabled!!

This processor does offer hardware support for valuable Data Execution Prevention (DEP) ... but it has been disabled.

Hardware DEP support is so important and powerful that Microsoft has obtained the commitment from all system manufacturers to begin enabling DEP support in all system BIOSes. However, early BIOSes either disabled hardware DEP in the interest of compatibility, or allow their users to optionally enable it through BIOS setup screens ... but still disable it by default.

SecurAble has confirmed that this system's processor does offer valuable support for hardware DEP, but that it has been deliberately disabled by the BIOS. You should shutdown and restart this system, and enter the BIOS setup screens as the system restarts. Then locate and enable the system's support for "Execution Disable" or "No Execute Bit" or something similarly named. Then restart your system and re-run this utility to verify that hardware DEP support has been enabled. (And please also click the Hardware D.E.P. icon again to receive additional help for the next steps to take.)

If you are unable to locate anything in your BIOS to allow hardware DEP support to be enabled please keep an eye out for our follow-on utility, DEPuty, which will provide solutions for users having very stubborn BIOSes.

[Win64]

Hardware DEP Disabled?

Although hardware DEP is not currently available to the operating system, this motherboard BIOS might be disabling the processor's hardware DEP support at boot time.

32-bit Windows applications, such as this SecurAble utility, run under 64-bit version of Windows inside of a 32-bit emulation system known as WOW64 (Windows On Windows). This prevents SecurAble from determining whether this system's processor actually does support hardware DEP.

You should shutdown and restart this system, then enter the BIOS setup screens as the system restarts. Locate and enable the system's support for "Execution Disable" or "No Execute Bit" or something similarly named. Then restart your system and re-run this utility to verify that hardware DEP support has been enabled. (And please also click the Hardware D.E.P. icon again to receive additional help for the next steps to take.)

[Win9x]

Hardware DEP Disabled?

Although hardware DEP is not currently available to the operating system, this motherboard BIOS might be disabling the processor's hardware DEP support at boot time.

While running under Windows 95/98/ME, this program cannot determine whether this system's processor actually does support hardware DEP, but even if it did, this operating system is unable to take advantage of it to protect from malicious buffer overruns.

You should shutdown and restart this system, then enter the BIOS setup screens as the system restarts. Locate and enable the system's support for "Execution Disable" or "No Execute Bit" or something similarly named. Then restart your system and re-run this utility to verify that hardware DEP support has been enabled. (And please also click the Hardware D.E.P. icon again to receive additional help for the next steps to take.)

[NoAdmin]

Hardware DEP Disabled?

Although hardware DEP is not currently available to the operating system, this motherboard BIOS might be disabling the processor's hardware DEP support at boot time.

If you will run this application with administrative privileges, it will be able to run some test code in the operating system's kernel to allow it to determine whether the BIOS is deliberately suppressing the availability of hardware DEP support.

[NoVirt]

No Hardware Virtualization

This processor does not offer advanced hardware support for hardware virtualization.

There is some suggestion that future operating systems of all sorts (Linux, Mac, Windows, etc.) may be able to use hardware virtualization to indirectly enforce greater security upon the operating system's "kernel" by preventing it from being modified as a means for thwarting dangerous "root kit" style exploits.

The idea is that our future operating systems would always be running inside a virtual machine under the watchful eye of an OS "hypervisor." This has not been practical before now, without hardware support for virtualization, because virtualization required too much real-time involvement of software which introduced an unacceptable amount of overhead and slowed everything down. Hardware virtualization means that virtual machines - and even the entire operating system running inside a virtual machine container - would be able to run at 100% full speed, thus making a persistent security-oriented OS "hypervisor" practical for the first time.

But don't hope for this to ever help with the security of 32-bit Windows platforms. Due to the amount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, "hypervisory kernel locking" could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to serious compatibility problems inherent in 64-bit systems, it's also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop.

However, the other current and real security-related application for hardware virtualization is for running your own virtual machines - at 100% full speed - on top of your host operating system. This is possible today with commercial and completely free software from Microsoft, VMware and Parallels. This has an indirect, though strongly positive, impact upon security since possibly unsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% contained within the virtual environment to make online activities much safer.

This can still be done, of course, without hardware virtualization support, but the virtual machine environment as well as the hosting operating system will be running at substantially less than full speed.

[YesVirt]

Hardware Virtualization

This processor does offer advanced hardware support for hardware virtualization!

There is some suggestion that future operating systems of all sorts (Windows, Linux, Mac, etc.) may be able to use hardware virtualization to indirectly enforce greater security upon the operating system's "kernel" by preventing it from being modified as a means for thwarting dangerous "root kit" style exploits.

The idea is that our future operating systems would always be running inside a virtual machine under the watchful eye of an OS "hypervisor." This has not been practical before now, without hardware support for virtualization, because virtualization required too much real-time involvement of software which introduced an unacceptable amount of overhead and slowed everything down. Hardware virtualization means that virtual machines - and even the entire operating system running inside a virtual machine container - would be able to run at 100% full speed, thus making a persistent security-oriented OS "hypervisor" practical for the first time.

But don't hope for this to ever help with the security of 32-bit Windows platforms. Due to the amount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, "hypervisory kernel locking" could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to serious compatibility problems inherent in 64-bit systems, it's also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop.

However, the other current and real security-related application for hardware virtualization is for running your own virtual machines - at 100% full speed - on top of your host operating system. This is possible today with commercial and completely free software from Microsoft, VMware and Parallels. This has an indirect, though strongly positive, impact upon security since possibly unsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% contained within the virtual environment to prevent any "contamination" from leaking into the host system.

This can still be done, of course, without hardware virtualization support, but the virtual machine environment as well as the hosting operating system will be running at substantially less than full speed.

[YesVirtNoAdmin]

Hardware Virtualization

This processor does offer advanced hardware support for virtualization. However, this program needs to be run with administrative rights in order to determine whether Intel's VMX virtual machine extensions are being locked on, locked off, or neither. Since there's a chance that your system's BIOS may be deliberately disabling support for hardware virtualization (some do) you should re-run this program, if possible, with administrative privileges under a 32-bit version of NT, XP, or Vista. That will allow SecurAble to run a bit of kernel-mode code in order to determine exactly what's going on. (Note that you can also poke around in your system's BIOS to see whether you're able to find any references to "hardware virtualization" or "VMX", etc.)

[YesVirtWin9x]

Hardware Virtualization

This processor does offer advanced hardware support for virtualization. However, while running under Win 95/98/ME, this program cannot execute its 32-bit kernel code to determine whether Intel's VMX virtual machine extensions are being locked on, locked off, or neither. Since there's a chance that your system's BIOS may be deliberately disabling support for hardware virtualization (some do) you should re-run this program, if possible, with administrative privileges under a 32-bit version of NT, XP, or Vista. That will allow SecurAble to run a bit of kernel-mode code in order to determine exactly what's going on. (Note that you can also poke around in your system's BIOS to see whether you're able to find any references to "hardware virtualization" or "VMX", etc.

[YesVirtWin64]

Hardware Virtualization

This processor does offer advanced hardware support for virtualization. However, while running under a 64-bit version of Windows this program cannot execute its 32-bit kernel code to determine whether Intel's VMX virtual machine extensions are being locked on, locked off, or neither. Since there's a chance that your system's BIOS may be deliberately disabling support for hardware virtualization (some do) you should re-run this program, if possible, with administrative privileges under a 32-bit version of NT, XP, or Vista. That will allow SecurAble to run a bit of kernel-mode code in order to determine exactly what's going on. (Note that you can also poke around in your system's BIOS to see whether you're able to find any references to "hardware virtualization" or "VMX", etc.

[LockedOff]

Virtualization Locked Off

This processor's advanced hardware support for virtualization has been disabled and "locked off" by some external influence - most likely by this system's BIOS as the system was booting. Since enabling hardware virtualization will allow faster and more secure virtual machines and their hosting operating systems to run at 100% full speed, you may wish to poke around in your system's BIOS to see whether you're able to find any references to "hardware virtualization" or "VMX", etc.

[LockedOn]

Virtualization Locked On

This processor's advanced hardware support for virtualization has been enabled and "locked on" to prevent virtual machine penetration compromise. This was probably done by your system's BIOS or by whatever desktop virtual machine system you are using, if any. But if neither are the case you may wish to determine what has done this since it could be a sign of an advanced root kit compromise.

[About]

About SecurAble

This "SecurAble" GRC freeware was an outgrowth from several "Security Now!" podcasts with Leo Laporte. These MP3 audio files are freely available for download from GRC's web site in both smaller-sized 16 kbps and higher-quality 64 kbps versions, and textual transcripts of the programs are also available:

http://www.GRC.com/SecurityNow

The following episodes will be of particular interest:

# 66 - Windows Vista Security
# 67 - Kernel Patch Protection
# 71 - SecurAble

What is "SecurAble" ?

Future PC security will increasingly rely upon specific hardware capabilities offered by modern processors:

As Windows makes the painful move from a 32-bit kernel to a new kernel running in 64-bit mode, Microsoft is working to avoid repeating mistakes made during the 32-bit era. Consequently, 64-bit versions of Windows will offer significantly stronger security than was ever available to Windows 32-bit operating systems.

Most modern computer vulnerabilities arise from communications buffers that can be overrun with malicious data. This allows remote attackers to inject their own code into vulnerable computers across the Internet. Modern processors incorporate explicit hardware controls to prevent the mistaken execution of remotely supplied data. This "data execution prevention" (DEP), when available and active, enables the most promising improvement in PC security ever seen.

To improve the performance of systems running "virtual machines" (VMs), modern processors added hardware support to allow securely encapsulated VMs to run at the same speed as non-VM systems. This benefits security by increasing the robustness of, and removing all performance penalties from, the continuous use of virtual machine technology. Since virtual machines allow "supervision" by their hosting environment, this supervision can be used to dramatically increase the system's overall security.

For the reasons described above, these three modern processor characteristics will play an important role in enhancing personal computing security in the future. But it's not readily clear from "outside the box" which features individual systems may contain. So I created this little "SecurAble" utility to allow anyone to quickly and easily determine which of these useful capabilities their system's processor supports.

Note: When running SecurAble, be sure to click on each of the three displayed items to receive additional details about the meaning of the display and the security-related implications of each processor feature.

[EndOfText]]
2009-8-26 23:27
0
游客
登录 | 注册 方可回帖
返回
//