June 26th, 2006, 04:27 AM
Malicious Device Drivers
I've been reading about Windows lately, in particular about kernel mode and user mode. From what I understand, code running in kernel mode has access to just about any part of the operating system. Since device drivers run in kernel mode, what would stop someone from making a driver for, say, a usb flash drive and having it access the sam/syskey files to extract password hashes, and then paste them onto that very flash drive. Is there any built-in security to stop such things?
It is better to die on your feet than to live on your knees.