Until recently I had thought that Windows Safe Mode
was a minimal subset of the operating system that
only used Microsoft-supplied and Microsoft-verified
modules. In safe mode you were as safe as you could
be because only a prescribed collection of modules
were loaded, and these were somehow digitally signed
to prevent intruders.

However, and I wouldn't have believed this if I hadn't
seen it with my own eyes, but I've now seen viruses
in safe mode. One was a Blaster-like infection telling
me that LSASS was going to shut the computer down in
one minute, and the other was seeing our good friend
wmiprvsw.exe running.

Am I going crazy? If I can't trust safe mode that who/what
can I trust?

Jon Forrest
Computer Resources Manager
Civil and Environmental Engineering Dept.
205 Davis Hall
Univ. of Calif., Berkeley
Berkeley, CA 94720-1710
510-642-0904
forrest@ce.berkeley.edu

On Tue, 25 May 2004 17:05:13 -0700, "Jon Forrest"
<forrest@ce.berkeley.edu> wrote:
That's not what Safe Mode is. Safe Mode doesn't do any
verification. It just tries to get you to a running system by
omitting as many optional things as it can. But if somebody
installed a service and marked it as "required in safe mode" then
it will run in Safe Mode.

"Raymond Chen" <http://guest@weblogs.asp.net/oldnewthing/> wrote in message
news:ksd8b05f43a5kdjr5ilhgig1pg0n63i8ul@4ax.com...
And in this case such a "required" thing seems to be a none-
hotfixed base functionality.

- Sten