W3C home > Mailing lists > Public > www-html-editor@w3.org > October to December 2003

RE: Re[5]: Protecting code and data in Windows

From: Richard Hollis <rich@littleredfrog.com>
Date: Mon, 6 Oct 2003 07:45:14 +0100
To: <secprog@securityfocus.com>
Message-ID: <HIELJMBDMCJFPMFPDCLKMEPLCMAA.rich@littleredfrog.com>

> You're right. The biggest issue here is the debugger. So i wonder
> whether Microsoft could re-implement their debugging privilege or
> susbystem, you name it. e.g. Windows could give the debug privilege
> to the developer only for debugging his own software.

One of the nicer ideas, but won't the hackers just crack the privilege and
then offer tools/kits to gain access to the debugger/OS?  In some ways it
would present an even bigger challenge for the hacker to hack the OS.
Hardware/device/driver developers are going to have a hard time without
their debugger, although I guess provision could be made for them.

On the subject of securing software, particularly end-user registration
systems, does anyone have any good book recommendations for this?  I just
bought "Writing Secure Code" and this is proving a good read, but are there
any books that deal with registration systems for commercial software at all
in depth?

Received on Monday, 6 October 2003 13:38:16 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:08:51 UTC