Hacker News new | ask | show | jobs
by bubblesnort 601 days ago 

    > possible by gaining kernel code execution as an administrator
The root user can install rootkits as usual. Don't forget to brand it a cool name.... Oh wait:

    > The researcher published a tool called Windows Downdate
There you go, here's your 0xF minutes of fame, well played.
2 comments
jojonas 601 days ago
The concept that there is a root/superuser account that can do anything they like is quite a common one, but it is an OS design choice. Any user account is just an object in the operating system and one can as well design an OS that enforces certain rules against all user accounts, even if that means limiting superuser accounts.

Legitimate reasons I can think of would be for example to protect certain secrets even in the event of an administrator compromise (like a TPM) or just to prevent administrators from accidentally messing up their systems to an extent that they wouldn't boot. Another (more controversial) goal is to enforce DRM.

Anyways, that's exactly what Microsoft is attempting to do with Windows: the OS tries to prevent administrative accounts from interfering with the kernel/installing rootkits (for whatever reason).

Also note that it's always important in this discussion to differentiate between administrative user accounts (in the OS) and "administrators" (people) with physical/hardware access.

link
ruthmarx 600 days ago
> here's your 0xF minutes

Writing '15' would have been easier here. Nothing wrong with writing 0xF but it's a weird choice that irked my curiosity. You just did it for style reasons?

link
ddingus 600 days ago
> here's your $F minutes

Another weird choice, different syntax. I triggered a little when I saw the comment too.

0xF has always been hard to read for me. $F is hard to read for others, and it all seems to depend on where and on what we all started with.

link
ruthmarx 600 days ago
It's the decision to use hex at all which is weird. I don't think most of this crowd would be particularity impressed by it.
link
ddingus 600 days ago
Agreed.

I will start lists and notes from 0, and have dropped a few hex expressions in my time. Sometimes I am in an odd frame of mind and maybe am just signaling that to see what others may do or say.

link