Hi, it’s Scott Field, Windows Security Architect, again. Microsoft recently became aware of a third party kernel mode driver named “Atsiv” which provides a deliberate means of loading code that conflicts with the Kernel Mode Code Signing (KMCS) policy included in Windows Vista x64 editions. In Windows Vista x64 editions, the default KMCS policy is to only allow code to load into the kernel if it has been digitally signed with a valid code signing certificate.
The Atsiv driver also provides a means to load unsigned kernel mode code in a manner that is not visible through operating system provided API interfaces (such as the EnumDeviceDrivers() API), and this may allow the code to hide from view of commonly deployed tools. Installing the Atsiv driver requires administrative privileges, so there is no security vulnerability related to the default case in Windows Vista where users run with limited permissions through the User Account Control feature.
Microsoft is committed to protecting its customers from potential as well as actual security threa[t]s; accordingly, we are responding to this issue as follows:
- Windows Defender released a signature update on August 2, 2007 that allows detection, blocking, and removal of the current Atsiv driver. Classification of the Atsiv software was done in accordance with the objective criteria used by the Windows Defender team to assess the characteristics of potentially unwanted software.
- Certificate revocation has occurred as of August 2, 2007. Microsoft has worked with partners in the code signing certification authority ecosystem to assess the Atsiv issue. VeriSign has revoked the code signing key used to sign the Atsiv kernel driver, which means the code signing key will no longer be considered valid.
- The security team at Microsoft is investigating adding the revoked key to the kernel mode code signing revocation list, as an additional defense in depth measure. The kernel mode revocation mechanism requires a system reboot in order for the new revocation list to take effect, which is consistent with other Microsoft updates which require and subsequently trigger a reboot.
Read the rest here
"Now that they’re 64 (bits, that is), personal computers are still searching for developers to need them and feed them.
In 2003, Advanced Micro Devices released 64-bit chips for PCs in the form of the Athlon 64, and Intel followed suit in 2005. But the software needed to take advantage of those chips is harder to find than a Beatles song on iTunes."
Read the rest here
My say: Its not so much as lack of drivers, but the lack in quality of the drivers for 64-bit Windows that developers are giving customers. I have been running 64-Bit Windows since 2005 and all my hardware has worked just fine with OS. Stability continues to be the main issue and I am not sure shy its still such a sticky issue. Some factors come to mind such as demand and or complexity to write device drivers for the platform.
"Byron has just posted his review of AMD’s Athlon 64 X2 6000+ Processor. Here is an excerpt:
AMD has been the king of 64-bit computing for some time now and no matter what Intel has attempted to throw in front of them, AMD have hurdled over it. With the release of the new AMD AM2 Motherboards and processors AMD are now not only pushing the envelope on the 64-bit and Dual Core front, they are reducing the amount of energy and power that the processors take up, thus producing quieter and cooler PC’s. The big question is, has the wait for the new AM2 processors and motherboards been worth it? Do we see any benefit from using DDR2 memory compared to the old DDR2 on the previous Socket 939 processors, read on and we’ll find out. This review will also concentrate on the future impact the processor will have when used with Windows Vista, we’ll be putting it through its paces on both the 32-bit and 64-bit versions of the new operating system to see what bearing they have on this chip."