Hello all. I have little time lately to blog. Also the latest episodes of Security Now seem to contain less and less errors, allowing me to do one post for three episodes.
Steve Gibson says:
But frankly, you know, a personal firewall, a third-party personal firewall is also a kludge because, you know, it’s doing something to Windows that Windows was never designed to have done to it - I have to take issue with that. The kernel of windows is very extensible. Actually there are at least three documented and supported interfaces to write firewalls (one that is not mentioned there is an NDIS filter driver). An other good link listing the possible extension points in the Windows network stack: http://www.ndis.com/papers/winpktfilter.htm. I repeat: the Windows kernel (and the whole system) is very extensible (this is one of the difficulties when trying to configure a secure system - you have to know all the possible extension points).
kernel mode printer drivers - with this one I don't know exactly what's the situation, it may be that MojoPac support people don't know what they are talking about. Since Windows 2000 the printer drivers are implemented in user mode, as you can read on the Microsoft site (click on
Is there any advantage to rewriting an existing kernel-mode driver to run in user mode?).
It was fairly good, however there were two topics I wanted to mention, both of which I've talked previously on my blog: Third party cookies and transparent proxys (in the context of counting podcast downloads).
I actually can't complain regarding anything that was said in episode #65. It was a good (and philosophic) one.