top | item 41955206

(no title)

    > possible by gaining kernel code execution as an administrator

The root user can install rootkits as usual. Don't forget to brand it a cool name.... Oh wait:

    > The researcher published a tool called Windows Downdate

There you go, here's your 0xF minutes of fame, well played.

discuss

jojonas|1 year ago

The concept that there is a root/superuser account that can do anything they like is quite a common one, but it is an OS design choice. Any user account is just an object in the operating system and one can as well design an OS that enforces certain rules against all user accounts, even if that means limiting superuser accounts.

Legitimate reasons I can think of would be for example to protect certain secrets even in the event of an administrator compromise (like a TPM) or just to prevent administrators from accidentally messing up their systems to an extent that they wouldn't boot. Another (more controversial) goal is to enforce DRM.

Anyways, that's exactly what Microsoft is attempting to do with Windows: the OS tries to prevent administrative accounts from interfering with the kernel/installing rootkits (for whatever reason).

Also note that it's always important in this discussion to differentiate between administrative user accounts (in the OS) and "administrators" (people) with physical/hardware access.

ruthmarx|1 year ago

> here's your 0xF minutes

Writing '15' would have been easier here. Nothing wrong with writing 0xF but it's a weird choice that irked my curiosity. You just did it for style reasons?

ddingus|1 year ago

> here's your $F minutes

Another weird choice, different syntax. I triggered a little when I saw the comment too.

0xF has always been hard to read for me. $F is hard to read for others, and it all seems to depend on where and on what we all started with.