Atsiv driver

The portable executable format is a data structure with the information necessary for the Windows Vista operating system loader to manage wrapped executable code. It's punching a big hole through the wall and allowing everything else to climb through," Whitehouse told ZDNet.

Using Atsiv, not only could unsigned drivers have been loaded directly to the kernel, but a side effect of the tool using its own PE loader was that it was not visible in Microsoft's standard drivers list, according to Whitehouse.

Whitehouse said on 27 July: "In order for Microsoft to mitigate the risk of malicious code utilising this signed driver to load their own, they are going to have to revoke the signing certificate. It'll be interesting to see how long it takes Microsoft to do this. Microsoft responded six days later, on Thursday, by blocking Atsiv. Its partner VeriSign revoked the code signing key.

Microsoft has worked with partners in the code signing certification authority ecosystem to assess the Atsiv issue. VeriSign has revoked the code signing key used to sign the Atsiv kernel driver, which means the code signing key will no longer be considered valid. In his blog, Field added that the security team at Microsoft is investigating adding the revoked key to the KMCS revocation list "as an additional defence-in-depth measure".

He tried to play down the significance of the Vista security vulnerability, saying that, to install the Atsiv driver, the user must have administrative privileges. He said that KMCS is "not a security boundary.

Rather, it is only one aspect of a defence-in-depth approach to security", adding that KMCS does not guarantee that signed code is not malicious. Instead, the security value of KMCS is that it provides a means to identify the author of a piece of code, according to Field. However, merely identifying the author of malicious code doesn't prevent that code from executing, said the authors of the Atsiv tool.

It just prohibits freedom to choose, which, on a general-purpose operating system, is simply not acceptable," said one of Atsiv's developers on rootkit. Absent any control over what the driver actually is or does, this provides no real additional security, other than removing author anonymity," said the Atsiv developer.

Developers are in short supply. Here are the skills and programming languages employers need. Time for a Linux smartphone? The painful shame of owning an Android phone.

McDonald's quietly revealed its stunning future -- and some customers will like it. If you use Google Chrome, you need to install this now. The summary is used in search results to help users find relevant articles. You can improve the accuracy of search results by including phrases that your customers use to describe this issue or topic. ActivDriver Interactive Software. Show actions for this object.

Drop Files. Upload Files Or drop files. ActivDriver - Windows bit. ActivDriver - Windows bit Oct ActivDriver - macOS. Unknown file type. ActivDriver - macOS Oct View All Files. Don't see what you're looking for? Preferred Language.

Promethean Support Support Community. Essential Always active Inactive.