Robert King le escribe a Ron Bemis:

RK>  Protected mode means NOTHING to a skilled programmer. ALL
RK> protected mode means is that each applications MEMORY is
RK> protected from any other application running on the system,

Not quite.

RK> NOT that you cannot access an executable, juggle ring 0 - 3

If you cannot bypass the OS, you must use the OS. If the OS won't let you
do something, you can't do it. Since the OS locks open executables, you
can't do it without a bug in the system or a device driver.

RK> descriptors etc. I am a programmer and find it amazing that

That woud be most interesting to see done. Could you show us? I don't
recall such a function, and I don't see why one would be put in. I can see
why one _shouldn't_ be put in, though.

RK> potential virusi to the operating system. Anything that
RK> performs disk I/O, port level I/O etc. has the potential to

Look up the I/O control flags in an assembler book, please. You _must have
that ring level to use port I/O._ If someone has IOCL programs disabled,
they can't run. For obvious reasons, this is not togglable by a program. (I
suppose the config.sys file could be rewritten, however, I believe it
possible to write a sentry program to alert when IOCTL has been enabled. So
much for _that_ approach.)

Direct disk I/O isn't allowed.

RK> programmer, is the holy grail.  Frankly, instead of arguing
RK> "it can't happen..." we'd all be better off devising better
RK> detection methods in preparation for the day when it DOES
RK> happen, that day, is far to close already..

The only way that I can see would be a device driver, or a program that
merely deletes files. DEL *.* does that. And programs that stick around can
be seen in the task list.

loSmaH cha'

--- timEd-B9