From: "Rich" 

This is a multi-part message in MIME format.

------=_NextPart_000_0748_01C6B790.B1987490
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

   Not that I can think of.  The ones I know of patch the kernel to =
intercept APIs which they then return incorrect or filtered results.

Rich
  "Geo"  wrote in message
news:44d2c0b8$2{at}w3.nls.net...
  Don't some of the rootkits use an API to hide themselves?

  Geo.
    "Rich"  wrote in message news:44ce17e6$1{at}w3.nls.net...
       I don't know names but I would suspect all rootkits plus more.  =
Beyond that some bad software does, apparently including the crap sold = by
the company the sales and marketing guy shills for.

    Rich

      "Geo"  wrote in message =
news:44cd150c$1{at}w3.nls.net...
      What trojans or malware are known to modify the kernel or other =
kernel mode components?

      Geo.
        "Rich"  wrote in message news:44cac451$1{at}w3.nls.net...
           The sales and marketing guy being quoted is either an idiot =
or a liar.  The protection present in x64 systems protects against =
trojans and other bad code that attempt to modify the kernel or other =
kernel mode components.  Well behaved code that calls system APIs is not =
affected in any way.  What makes this guy an idiot or a liar is that =
using the well documented Windows API provides the means to remain =
compatible.  Patching and modifying random code or data in the kernel or =
other components is not portable or compatible from version to version.  =
Even you, mike miller, should be able to see this as you have whined in =
the past when a firewall you used or liked broke because it did stupid =
stuff like this.

           As for making it easy for third parties to provide firewalls, =
Microsoft makes a significant effort to not only allow for this but it =
recently made it much easier with the Windows Filtering Platform =
(http://windowssdk.msdn.microsoft.com/en-us/library/ms758462.aspx).

        Rich


------=_NextPart_000_0748_01C6B790.B1987490
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable








   Not that
I can think =
of.  The=20
ones I know of patch the kernel to intercept APIs which they then return =

incorrect or filtered results.
 
Rich

  "Geo" <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net>
wrote=20
  in message news:44d2c0b8$2{at}w3.nls.net...
  Don't some of the rootkits
use an API =
to hide=20
  themselves?
   
  Geo.
  

    "Rich" <{at}> wrote in message news:44ce17e6$1{at}w3.nls.net...
       I
don't know names but =
I would=20
    suspect all rootkits plus more.  Beyond that some bad software =
does,=20
    apparently including the crap sold by the company the sales and =
marketing=20
    guy shills for.
     
    Rich
     
    

      "Geo" <georger{at}nls.net>=20">mailto:georger{at}nls.net">georger{at}nls.net>=20
      wrote in message news:44cd150c$1{at}w3.nls.net...
      What trojans or malware
are known =
to modify=20
      the kernel or other kernel mode components?
       
      Geo.
      

        "Rich" <{at}> wrote in message news:44cac451$1{at}w3.nls.net...
          
The sales and =
marketing guy=20
        being quoted is either an idiot or a liar.  The protection =
present=20
        in x64 systems protects against trojans and other bad code that =
attempt=20
        to modify the kernel or other kernel mode components.  Well =
behaved=20
        code that calls system APIs is not affected in any way.  =
What makes=20
        this guy an idiot or a liar is that using the well documented =
Windows=20
        API provides the means to remain compatible.  Patching and=20
        modifying random code or data in the kernel or other components =
is not=20
        portable or compatible from version to version.  Even you, =
mike=20
        miller, should be able to see this as you have whined in =
the past=20
        when a firewall you used or liked broke because it did stupid =
stuff like=20
        this.
         
          
As for making it =
easy for=20
        third parties to provide firewalls, Microsoft makes a =
significant effort=20
        to not only allow for this but it recently made it much easier =
with the=20
        Windows Filtering Platform (http://windowssdk.msdn.microsoft.com/en-us/library/ms758462.aspx"=
>).http://windowssdk.msdn.microsoft.com/en-us/library/ms758462.aspx).=
FONT>
         
        Rich
         
         

------=_NextPart_000_0748_01C6B790.B1987490--

--- BBBS/NT v4.01 Flag-5