Hacker News new | past | comments | ask | show | jobs | submit login

What part of a "persistence method" are not using vulnerabilities? If you infect the boot loader, bios, firmware, or some other methods to create persistence then those are vulnerabilities. That a system can get infected in such way is not by any intended design.

Could give an example of a persistence techniques that is using a intended feature of a computer system in order to hide the malware in unintended places in such a way that the system can't remove it (which itself is a unintended functionality).




That's like suggesting a programmable page table is a vulnerability, because it can be used to hide a malware stub from processes looking for malware.

However you want to litigate this on a message board, nobody working in platform security or even malware defense thinks that way.

The difference between a persistence vector and a vulnerability is that you can patch a vulnerability, but you can't patch "programmable page table".


One could argue that the ability to replace OS elements is a feature.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: