Windows 64 bit OS security question--speculation.

[Nothinman]

hmm... I thought the Explorer (regular Explorer, not IE, that's what I ment.) was something that had rights to the system stuff all the time.

Only services run as admin or higher (SYSTEM is higher than admin, it's nearly root equiv) anything run by the user (including his shell) is run with his credentials.

 

[dawks]

Originally posted by: drag

kernel a complete standalone piece, and everything plugs into it.. sort of deal.. or if the OS is one big program

NT kernel is a Micro kernel.

Unlike Linux which is a monolythic kernel.

The difference is that everything is compiled into a monolythic kernel. The drivers, system calls, blah blah. Everything is integrated into the kernel. Although Linux is getting more and more modular. Everything operates in kernel code. This is the traditional method. Except for the GPL liscence linux is very conservatively designed.

The NT kernel is designed just to handle system calls. One device want's to talk to the hardware it has it's own address space sends messages to the kernel, the kernel then sends that message to another module for the hardware.

Basicly the microkernel design is suppose to be superior from a technical stand point. It makes it easier to utilize new hardware and a bad driver isn't suppose to directly affect the kernel. IE kernel panic. If a driver compiled into Linux is badly designed or has a flaw in can cause a crash and a kernel panic.

The major disadvantages of the microkernel design is speed and size(memory footprint). Memory isn't a issue much anymore, and as software technology increases microkernels go faster and faster. But then again so are Monolythic kernels.

But most of that is academic.


edit. Another example of a microkernel is the Mach kernel used by Apple in OS X.

Good stuff, where can a brother read up on this? Do they often teach this in Universities?

 

[drag]

Originally posted by: Nothinman

hmm... I thought the Explorer (regular Explorer, not IE, that's what I ment.) was something that had rights to the system stuff all the time.

Only services run as admin or higher (SYSTEM is higher than admin, it's nearly root equiv) anything run by the user (including his shell) is run with his credentials.

ok,

Seems like I just have to much Win9X crap floating around my head. Thanks

 

[drag]

Originally posted by: DaZ

Originally posted by: drag

kernel a complete standalone piece, and everything plugs into it.. sort of deal.. or if the OS is one big program

NT kernel is a Micro kernel.

Unlike Linux which is a monolythic kernel.

The difference is that everything is compiled into a monolythic kernel. The drivers, system calls, blah blah. Everything is integrated into the kernel. Although Linux is getting more and more modular. Everything operates in kernel code. This is the traditional method. Except for the GPL liscence linux is very conservatively designed.

The NT kernel is designed just to handle system calls. One device want's to talk to the hardware it has it's own address space sends messages to the kernel, the kernel then sends that message to another module for the hardware.

Basicly the microkernel design is suppose to be superior from a technical stand point. It makes it easier to utilize new hardware and a bad driver isn't suppose to directly affect the kernel. IE kernel panic. If a driver compiled into Linux is badly designed or has a flaw in can cause a crash and a kernel panic.

The major disadvantages of the microkernel design is speed and size(memory footprint). Memory isn't a issue much anymore, and as software technology increases microkernels go faster and faster. But then again so are Monolythic kernels.

But most of that is academic.


edit. Another example of a microkernel is the Mach kernel used by Apple in OS X.

Good stuff, where can a brother read up on this? Do they often teach this in Universities?

I just learned it from random crap here and there. I am interested in OS design and study this stuff as a hobby. Beats watching re-runs of "Freinds". 😉

Do a search on microkernels vs monolithic in google.

You could probably learn this stuff in Universities. If you pursue some computer science degree I bet you'd take a few OS design classess. Probably start talking about this stuff if you pursue a bachlors degree.

 

[kylef]

Originally posted by: drag

Originally posted by: DaZ

Good stuff, where can a brother read up on this? Do they often teach this in Universities?

I just learned it from random crap here and there. I am interested in OS design and study this stuff as a hobby. Beats watching re-runs of "Freinds". 😉

Do a search on microkernels vs monolithic in google.

You could probably learn this stuff in Universities. If you pursue some computer science degree I bet you'd take a few OS design classess. Probably start talking about this stuff if you pursue a bachlors degree.

Correct... any decent Operating Systems course should cover kernel design principles. But this particular topic is more popular than most in OS design because it was a huge debate back in the 80's. Mach represented all that was new in OS design and was something of a bellweather for OS theory proposed in the 80's. Unix lovers did not want to ditch their old, proven kernels, and OS systems researchers were tired of dealing with the same old Unix kernel issues. So the battle lines were drawn. After all was said and done, Mach was important historically and theoretically, but was a popular failure. However, many of its design features have been incorporated by other projects (like NT, *BSD, OSX).

I remember reading once that Linus got in a flamewar on USENET with Dr. Andrew Tanenbaum (famous professor and OS textbook author) about monolithic kernel vs. microkernel architecture in the early 90s. Apparently Tanenbaum had called Linux a "toy" operating system because no respectable new OS would use a monolithic kernel. Linus replied that microkernels were OK in theory, but when it came to implementing a real-world, practical system, nothing could beat a do-it-all monolithic kernel. (He did not specifically mention that microkernels were less efficient due to reliance on user-mode subsystems, which cause too many kernel transitions do to IPC message passing.) The debate fizzled as quickly as it had started, but obviously Linus got the last laugh. Apparently millions of users don't think Linux is a toy! 🙂

IMHO, the whole microkernel vs. monolithic kernel debate is kind of like the debate between C and C++: sure, one is newer and has a fancier architecture than the other, but you can use either one to write a great application. The only difference is how you go about it, and what you have to do to get there.

 

[drag]

here is a link to that debate

All in all it is a interesting read. 🙂

Other amusing quotes from the professor include:

I don't have figures, but my guess is that the fraction of the 60 million existing PCs that are 386/486 machines as opposed to 8088/286/680x0 etc is small. Among students it is even smaller. Making software free, but only for folks with enough money to buy first class hardware is an interesting concept. Of course 5 years from now that will be different, but 5 years from now everyone will be running free GNU on their 200 MIPS, 64M SPARCstation-5.

I wished. Sorry the x86 legacy and all it's freakiness is going to be around for a long long time. 😛

Another one would be that he would of definately given Linus F's for his kernel design and designing it to run on 386 hardware.

I guess, sometimes worse is better.

 

[CQuinn]

No I don't think it is. Microsoft tried several times to fix the RPC stuff, they have like 3 or 4 different patches for it, and people just keep on finding new ways to break it.

The microsoft bulliten addresses a buffer overrun to run abratery code on the server. VERY SERIOUS.
The one described in my link is to create a race condition to create a DOS attack. Not so serious, but can make you computer vunerable to other types of attacks.

And if you read the bulletin I linked to, one of the issues that it provides a patch for is against DOS attacks.

 

[Nothinman]

IMHO, the whole microkernel vs. monolithic kernel debate is kind of like the debate between C and C++: sure, one is newer and has a fancier architecture than the other, but you can use either one to write a great application. The only difference is how you go about it, and what you have to do to get there.

The difference between micro and monolithic kernels is much larger than the difference between C and C++. Keeping kernel latency down is a big deal and if you have to delay a ms or even a few ns because you have to use IPC to pass messages between kernel threads it's going to add up very fast.

 

[drag]

Originally posted by: CQuinn

No I don't think it is. Microsoft tried several times to fix the RPC stuff, they have like 3 or 4 different patches for it, and people just keep on finding new ways to break it.

The microsoft bulliten addresses a buffer overrun to run abratery code on the server. VERY SERIOUS.
The one described in my link is to create a race condition to create a DOS attack. Not so serious, but can make you computer vunerable to other types of attacks.

And if you read the bulletin I linked to, one of the issues that it provides a patch for is against DOS attacks.

Ah, your right. Very good. 🙂


edit: That's weird MS03-036 states that it was last updated Sept, 4. However the one from SecurityFocus was originally dated Sept. 10 and updated on Oct. 14.

They stated that it proven by Symanptic that this worked on fully patched servers.

That's a whole month of difference between the two. I e-mailed the updates and corrections address for that SecurityFocus page. I am going to see if I get a response.

You don't happen to have a w2k server laying around to try it out on, do you?