When people ask for security holes as features

Alex Alten alex at alten.org
Fri Aug 19 10:32:14 EDT 2005


At 07:37 PM 8/18/2005 +1200, Peter Gutmann wrote:
>Raymond Chen's blog has an interesting look at companies trying to bypass
>Windows XP's checks that a driver has been WHQL-certified:

These guys are amateurs.  There are registery flags and COM functions that
will prevent the dialogs from popping up.  I've done it myself when developing
a driver and having to reinstall it dozens of times each day.  I've even 
disabled
XP's personal firewall to install stuff that needed to use a private port 
during
install. This was for a appliance, where we controlled the OS version, 
hardware,
etc.  So any updates to the OS we validated before allowing the user to patch
the appliance.

As a small firm we couldn't afford both the time or money to go through
Microsoft every time we updated a driver.  For other firms not using the
appliance approach to shipping software, probably thay are trying to reduce
support costs, which is not unreasonable these days.

- Alex
--

- Alex Alten


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list