Kernel Mustard

Matt Miller and Ken Johnson have published a brilliant bit of reverse engineering in the January uninformed: Bypassing PatchGuard on Windows x64. It’s a great look at a highly motivated and resourceful software publisher’s attempt at security by obfuscation.

From the article:

While most consider security through obscurity to be no security at all in the face of a sufficiently motivated engineer, it does indeed raise the bar enough that most programmers and third-party entities would not have the interest in finding a way to bypass it and instead would be more motivated to find a condoned method of accomplishing their goals.

Irony notwithstanding, I knew this would happen eventually. The only solution to this problem will be hardware-based, and I am extremely concerned on that point for a lot of reasons.

At any rate, if you’re planning on writing security-by-obfuscation software, you ought to read Matt and Ken’s paper first.

This entry was posted on Wednesday, January 4th, 2006 at 4:31 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.