Next: Memory Corruption
Up: Register Manipulation
Previous: Register Manipulation
Direct register access is not detected by existing anti-virus software. Current software in this field only watches for improper usage of the Palm OS API function calls (such as the DmEraseDatabase function).
Discerning a legitimate application from a malicious application is challenging when direct register access is involved. One solution is to prevent any third-party application from direct register access. While this would hinder legacy applications that did not adhere to the published API, the minor loss in backwards compatibility would most likely be deemed acceptable for the increase in security.
Kingpin
2001-05-09