Comments on: Protecting the protection code http://rdist.root.org/2007/03/23/protecting-the-protection-code/ Embedded security, crypto, software protection Tue, 16 Mar 2010 03:16:39 +0000 http://wordpress.com/ hourly 1 By: Nate Lawson http://rdist.root.org/2007/03/23/protecting-the-protection-code/#comment-6 Nate Lawson Wed, 28 Mar 2007 23:10:20 +0000 http://rdist.root.org/2007/03/23/protecting-the-protection-code/#comment-6 Thanks for the comments. Sorry for the delay -- I wasn't checking for moderation requests because I didn't think I needed to. I'll keep on it in the future. Regarding malware targeting forensic tools, there's some active research in that area, and I expect to see more in the future. It is somewhat mitigated by the fact that attackers only have one shot at compromising the tools so it's not as tempting in terms of controlling the forensic computer. However, in terms of hiding from forensic tools, that seems more interesting since the tool vendors would have to be actively involved in more investigations to find these exploits. Thanks for the comments. Sorry for the delay — I wasn’t checking for moderation requests because I didn’t think I needed to. I’ll keep on it in the future.

Regarding malware targeting forensic tools, there’s some active research in that area, and I expect to see more in the future. It is somewhat mitigated by the fact that attackers only have one shot at compromising the tools so it’s not as tempting in terms of controlling the forensic computer. However, in terms of hiding from forensic tools, that seems more interesting since the tool vendors would have to be actively involved in more investigations to find these exploits.

]]> By: Jon Bowie http://rdist.root.org/2007/03/23/protecting-the-protection-code/#comment-3 Jon Bowie Sat, 24 Mar 2007 14:30:31 +0000 http://rdist.root.org/2007/03/23/protecting-the-protection-code/#comment-3 And once again a layered approach to solving security problems prevails as best practice. Excellent series of posts so far, I look forward to reading more of them. And once again a layered approach to solving security problems prevails as best practice. Excellent series of posts so far, I look forward to reading more of them.

]]> By: Chris Rohlf http://rdist.root.org/2007/03/23/protecting-the-protection-code/#comment-2 Chris Rohlf Sat, 24 Mar 2007 13:42:56 +0000 http://rdist.root.org/2007/03/23/protecting-the-protection-code/#comment-2 Great post Nate. Your comments section even has a built in spell checker, sweet. Research into defeating analysis tools doesn't get the recognition it deserves. I write about it here and there on my blog. We rely heavily on analysis tools to pick apart malware, the second malware targets our tools were in for a rude awakening. Keep the posts coming :) Great post Nate. Your comments section even has a built in spell checker, sweet.

Research into defeating analysis tools doesn’t get the recognition it deserves. I write about it here and there on my blog. We rely heavily on analysis tools to pick apart malware, the second malware targets our tools were in for a rude awakening. Keep the posts coming :)

]]>