Posted on 04/22/2015 5:53:04 PM PDT by SeekAndFind
This seems to be offering a way to implement the same kind of protection to applications that Secure Boot does for the OS Kernel.
Well... in MSDOS days the file extension meant something about how to execute it, but not so much under Windows. Any file with an executable extension (exe/com/bat/scr/msc/...) is executed based on what the first few bytes look like, and no significance is placed on the extension with regard to HOW it is executed. You can rename FOO.EXE to FOO.BAT or FOO.SCR or any other executable extension and as long as it's got a given signature in the first few bytes, it'll get executed correctly.
Microsoft borrowed this feature from Unix/Linux, where executables have the 'x' perm set but typically do not have any extension, so the system figures out how to execute it using a variety of tricks including "magic" (/usr/share/misc/magic) values at the front of the file data. In Windows if you name a plain text file with one of the executable extensions, it generally won't execute (the system might try to read it as a script, depending).
But the real shame is that NTFS has plenty of execute permission control, and it's finer resolution than Unix/Linux. But the default for backward compatibility is to let any damn thing execute, so the control feature is usually wasted, at least on typical user systems.
*sigh*
Except it won’t. As long as you let users install software you’ll never get rid of malware. Users are the unclosable security hole and are the primary vector malware uses.
If used properly it will prevent them from being able to run a program that claims to be from a know, trusted source (Microsoft, Adobe, etc.) but really isn’t.
If used properly. Which is always the problem with users. Eventually they’re always going to install those damn emoticons.
One question and they’ll hang up -
“what IP are you seeing these from?”
I understand the sentiment. Sometimes I think “This would be a great job if we could just get rid of the users.”
It was on my landline that I’ve had since 1989. Near as I can tell it was just regular telemarketer robo-dialing.
The first time I got one of those calls was in the early 1990s. It was before Algore invented the Internet. I had a 1200 baud modem that I only used to connect directly to other PCs.
That's what I am thinking too. A cgroup, zone, container; etc..UNIX and Linux have been at this for quite some time now. Java does it now (under the hood).
I told them “I’m glad you called. I got a virus and someone got in my accounts and took all my money. How can you help?”
No words from them .......
AppLocker was available starting with Server 2008 R2, IIRC. It’s domain-controlled, so it’s not something a retail/home user can just turn on.
Ah, so. Didn't have occasion to use it with my Server installations, at least until now, so I didn't realize that. Thanks.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.