From: "Rich Gauszka" 


"Mike N."  wrote in message
news:nmg7331nb082vlbjebt37aqnsppfb54e5r{at}4ax.com...
> On Sat, 28 Apr 2007 10:20:58 -0400, "Geo."
 wrote:
>
>>I want to see them use hardware trusted mode with this, that would be
>>something new..
>
>   Unless I missed something, hardware trusted mode is the only current
> defense.  For this case, TPM + Bitlocker would detect the modified startup
> files at the next restart, before they could be loaded.   The user would
> have to first re-validate  (which they would probably do blindly; since
> their AV didn't alert them).

can a rootkit really be certifed for Vista?

http://www.physorg.com/news93262491.html
Moore is the founder of the Metasploit Project and a core developer of the
Metasploit Framework - the leading open-source exploit development platform
- and is also director of security research at BreakingPoint Systems. The
irony of his statement lies in the idea that Vista trusts
Microsoft-certified programs - programs that can include a hacker exploit
platform that walks through the front door for a mere $500 and a
conveyor-belt approval process.

Moore was one of a handful of white-hat hackers in the audience of a
session on Vista security here at Ziff Davis Enterprise's 2007 Security
Summit on March 14. The session, titled "Vista: How Secure Are
We?," was presented by David Tan, co-founder and chief technology
officer at CHIPS Computer Consulting.

By Moore's side were equally prestigious hackers Joanna Rutkowska -
security researcher at COSEINC - and Jon "Johnny Cache" Ellch,
author of "Hacking Exposed Wireless."

For her part, Rutkowska granted that yes, one way to own a Vista system is
by getting a rootkit certified, but if you want a compromised system, you
don't even have to waste your time and money with certification - "It
can be a graphics card with a stupid bug," she said. "You can't
do anything about it. You can't sue the vendor for introducing a bug. You
can't prove it was done intentionally."

--- BBBS/NT v4.01 Flag-5