"Blue Pill" [Do not read if Paranoid]

Discussion in 'Ghost Security Suite (GSS)' started by TheQuest, Jul 26, 2006.

Thread Status:
Not open for further replies.
  1. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Jason R0

    Will the new AppDefend be able to deal with the 'Blue Pill'.

    Posted more in jest, then from being paranoid. :)


    Take Care,
    TheQuest :cool:
     
  2. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    You know that if you tell paranoid people not to read something then they absolutly have to. ;)
     
  3. Jason_R0

    Jason_R0 Developer

    Joined:
    Feb 16, 2005
    Posts:
    1,038
    Location:
    Australia
    It will be able to be "intercepted" from occuring (not that AD supports this exact interception atm, but AppDefend x64 would be better than nothing for intercepting parts of the attack) and should still be able to be detected in various ways. That's not to say it will be easy, it is obvious that the new technology they are putting into PC hardware (for Digital Rights Management and other uses) will also likely be misused. This isn't "new", as new technology is always fertile ground for fancy new attacks. The biggest problem comes from the hardware limiting what other software (in this case security software) can do.
     
  4. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Jason R0

    Thank you for your reply.

    I knew you will be able to keep abreast [or in front] and stop them. :D

    Take Care,
    TheQuest :cool:
     
    Last edited: Jul 26, 2006
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Joanna mentions there being 3 countermeasures to Blue Pill in her blog (I'd guess they would include opcode filtering to catch the special instructions used, installing a hypervisor beforehand and disabling the IOMMU which handles the address translation necessary for Pacifica) so this is unlikely to be an "undefeatable" technique for long. However it is another interesting case of how processor architecture can be exploited for nefarious ends.
     
  6. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Paranoid2000


    Thank you for your reply and input, as ever you understood what you was reading in the blog.

    Where I was not sure what it was saying. :oops:

    Take Care,
    TheQuest :cool:
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    I'm afraid you're being over-generous there! Joanna is being a bit of a tease (ladies, eh?) in not providing more details on the counters and the AMD documentation is, um, a little less than approachable. Hopefully things will be clarified soon and we won't have to guess further. ;)
     
  8. Jito463

    Jito463 Registered Member

    Joined:
    Jul 28, 2006
    Posts:
    16
    One possible alternative to block this is to be there first. The security software would do exactly what this "Blue Pill" software aims to do, so that the user (through the security software) will ultimately have more control over the system. So I consider this discovery a good thing. By the way, I thought you were told not to read this, Paranoid. ;)

     
Thread Status:
Not open for further replies.