Some grossly ignorant questions about Windows and HIPS

Discussion in 'other security issues & news' started by Gullible Jones, Feb 28, 2012.

Thread Status:
Not open for further replies.
  1. To what extent can driver loading on Windows be blocked from userspace?

    What about low-level disk writes? Attempts to flash firmware? Running of unrecognized executables?

    In short: do basic HIPS features require a kernel-mode driver?

    Also, can termination protection be done from user space?

    Finally, where can I find documentation on stuff like this?
  2. BrandiCandi

    BrandiCandi Guest

    To start with you need to specify which version of Windows you're using- 2000, xp, vista, win 7. I believe the answer will be different depending on the version.

    Apologies if I'm not understanding your question. At least when you try to run any executable, UAC would kick in on Vista & Win 7, which would pop up a dialogue box asking if it was OK to run (if you're an admin) or asking for a password (if you're a non-admin user). More on this feature:

    In regards to drivers, it looks like (from this thread) that drivers will also trigger UAC in Vista & Win 7.

    Win XP uses a different approach discussed here:

    Anyway, I've been interested in learning more about Windows user accounts and permissions in general, you've prompted me to get started on that. I'll be interested to hear from others.
  3. xxJackxx

    xxJackxx Registered Member

    Oct 23, 2008
    I am not great at explaining such things but I know where you are going with this. I expect 32 bit vs 64 bit and Patchguard will also come into this discussion. Decent HIPS probably requires a kernel-mode driver, but I am sure someone more knowledgeable then myself on this subject will chime in with more info.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.