Alex is right, i promise you if it made sense to do seccomp-bpf like things for Windows we would have done it by now. Windows is a different beast entirely. Hyper-v/WDAG containers are the best way we currently have to abstract away attack kernel surface.https://twitter.com/aionescu/status/1092263015699730437 …
-
-
I've very familiar with seccomp-bpf and what it can do :) My point is finding the APIs is hard enough, but not close to sufficient. I think total cost/work involved for developers to build an effective filter on windows is massive
-
Agree with this. It is microsofts biggest security failing imo. You need like a PhD in windows to write a half decent sandbox. Knowledge of SDs, low integrity, low box, jobs, desktops, sessions, and semi or undocumented process flags
- 3 more replies
New conversation -
-
-
But that would require 3rd party devs to know the internal API details that today are not exposed. Or it could be another mostly private API
-
It requires good quality tools, documentation, libraries, etc, yes. Doesn't everything?

- 3 more replies
New conversation -
-
-
so every app gets a bpf-filtered custom sandbox that would have to be recalculated for every Windows update that touches any syscall sub function?
-
Things are recalculated all the time, just loading a DLL has to recalculate offsets and relocations. I think I don't understand the complaint, the developer writes a policy, everything else can be automated.
- 6 more replies
New conversation -
-
-
Not that it affects your argument, but BPF isn't Turing complete. BPF programs have to be guaranteed to terminate, which rules out Turing completeness.https://lwn.net/Articles/773605/ …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.