Using file-hiding rootkits for good

[Peter Gutmann]

I recently came across an example of a file-hiding rootkit for Windows that's
used for good instead of evil: It's a minifilter that hides (or at least
blocks, the files are still visible) access to executables on removable media,
with user-configurable options to block autorun.inf and/or all executables, as
well as making files on the media non-executable (although you could still map
them into memory and then execute them from there if you really wanted to).
This is a neat idea, since it stops a pile of exploits that take advantage of
the autorun capability.  More at http://blog.didierstevens.com/programs/ariad/.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com