How does ProcessGuard protect physical memory?

Discussion in 'ProcessGuard' started by hake, Dec 19, 2006.

Thread Status:
Not open for further replies.
  1. hake

    hake Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    9
    What does ProcessGuard's physical memory protection protect against? Does it offer data execution protection?
     
    Last edited: Dec 19, 2006
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  3. hake

    hake Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    9
    Thanks for that reply, WSFuser. I followed your link. Reading between the lines of that thread, I imagine that ProcessGuard is detecting when programs circumvent use of virtual memory addresses where the physical memory address is provided through address translation mechanisms and programs, at least those outside ring 0, should not be able to see and therefore access physical memory directly. Since such technology is very mature, I would have thought that Windows 2000/XP, being successors of DEC VAX/VMS through the work of Dave Cutler, would have robust protection built in. Perhaps such assumptions are in error.

    It would be nice if DiamondCS were able to publish some information on this subject. I'm not asking for state secrets, just a few extra insights about the scope of protection provided by ProcessGuard. I am not yet a customer and need to better appreciate the value of this product before I throw it at my already very stable and secure system. :doubt:
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    It does - only processes with Administrator privileges can access physical memory. However if Joe User uses his Admin user all the time, then there is little that Windows' own security model can be expected to do to protect him.

    Reviewing a tool that exploits physical memory access like SDTRestore should help provide a better idea of what this restriction covers.
     
  5. hake

    hake Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    9
    Thanks Paranoid2000. I used to know the internals of Primos and if my memory serves my right, the PR1ME Computer system console user had privileges analagous to Administrator in Windows, i.e. processes run from the system console could access physical memory.

    Oh, what nostalgia (the cure for which is the memory of 1950s dentistry :ouch: ).
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Primos? Phew, that goes back a way - when manuals were measured by the filing cabinet (this Prime FAQ may bring back a few memories :) ). Most I ever did on that though was playing with Edit, Runoff and Emacs (and a teensy bit of programming) but then I wasn't allowed to look at the system manuals. :D

    It is interesting though to be able to see how Windows has (albeit slowly) grown-up to include most of the features offered by such OSes (ACLs, quotas, privilege levels) and also to see what has yet to be added.
     
Thread Status:
Not open for further replies.