That because no one will use it, there won't be any viruses?
Microsoft’s upcoming operating system is a step forward in security, at least according to a security researcher who is among the first to take a detailed look at early releases of Windows 8. Chris Valasek, a senior security research scientist at development testing firm Coverity, began examining the security features of …
See! Microsoft DOES understand security. With nobody using it, nobody will bother trying to exploit it.
On a more serious note, this business they have of releasing a "new" OS, complete with a host of pointless, marketing driven changes (so they can call it a *new* OS), will always be a thorn in the side of Windows' security. Found the flaws in XP? Well done. Must be about time to release Vista. Found the flaws Vis... oh look! W7 is being released. And on it goes.
It's not just the OS. Every time they release a "new" OS, it's the drivers, applications and all the other doo-hickeys which need to be made 'compatible' with the latest Windows (Could that be it? Is MS jealous of the vast strides Firefox is making... in their version numbers?)
- Posted on Firefox 13.0.1 If anyone replies, I'll probably be reading it on Firefox 27.0.0. :/
So this guy discovered that if you take away a users freedom then this user can do less damage to the system. Brilliant.
Question of course remains how much is that loss of freedom going to cost us in the longer run...
In the beginning of Windows you'd have to cough up big bucks before you could get hold of the required tools to write software for it. When stuff became more mainstream the prices also dropped up to the point where we are now. I get Windows 7, I can download the Visual Studio Express versions for free and from there on start writing software for my environment. Better yet; I can also resort to other free solutions such as Java.
But with this Windows 8 on the horizon it seems as if a new development is starting; one which brings back the lockdown and tries to enforce new limits on how we can use our computer.
VS Express? Rumours are it will only allow you to write Metro software. And of course you can't easily distribute Metro software without using the MS Store, and before you can do that you'll have to cough up some serious bucks.
Of course the desktop environment is still around with Windows 8, but by taking away the free tools to develop software for it I get the nasty feeling that MS is trying hard to push people away from it. Right into the Metro lockdown in which you can only seriously develop software after paying up again.
Makes you wonder what's next; with Windows 9 on the horizon perhaps the Express versions of VS will disappear in its entirety in order to "reduce the risk that people abuse it to write malware" ?
I think time has started to run backwards again.
"So this guy discovered that if you take away a users freedom then this user can do less damage to the system. Brilliant."
Wrong, Wrong, Wrong ! Does a user need the freedom that a (say) Powerpoint process will read C++ files ? Almost always, this would not be necessary, but a strong indicator of a pwned Powerpoint process trying to gather intelligence for $CountryInAsia.
Locking down processes/applications so that they cannot fuck with the kernel has been the single most important reason for making NT, Unix and the modern mainframe OSs stable and somewhat secure.
What they (apparently) do now is to lock down applications further so that they can only access the files they user allows them to do. Ideally, the "file select" dialog should be part of the operating system, NOT the application program. The OS can then grant the application very fine-granular access to that specific file.
This capability is extremely valuable to defend against Spearphishing: A spearfish PDF or Powerpoint document would only be able to fuck with itself (onanate, so to speak), but it would not be able to index and download these other 500 sensitive PDFs and Powerpoints.
Just ask Lockheed Martin and what they think about their F22 files being stolen via Spearfishing.
Not really, MS didn't ram through Secure Boot, they only said that in order to have a designed for Windows type of certification, the machine had to have Secure Boot. This doesn't mean that Windows won't work on machines which don't have UEFI/Secure Boot, just that it won't be certified as "desgned for", or whatever they call it.
MS have only said that ARM devices can't have secure boot disabled, they expect Secure Boot to have an on/off switch on other machines, but for obvious reasons don't mandate this in their Win8 spec.
Also, in order to mitigate some of the - unfounded - bad feeling in the FOSS community, they've worked with Red Hat/Fedora in order to make sure that they have a key to sign their own bootloaders.
Hardly evil, but then again people do so like to brandish about words like evil. I wonder what you'd do if you were actually confronted by something which is genuinely evil and not just your own hyperbole.
"it won't be certified as "desgned for", or whatever they call it."
I am not talking about MS badging requirements (that's a different topic), I am talking about Secure Boot itself. The current design is cocked. Totally cocked. For example, the authenticode format only allow for a single signature. This means that even if you want to run Fedora, you'll still need the MS keys.
"[MS] worked with Red Hat/Fedora in order to make sure that they have a key to sign their own bootloaders."
Bullshit. Red Hat has to now buy their freedom from MS. Canonical is trying a different approach, but that has it's own issues.
This is exactly what MS want - competition cluster-fucked by a "standard" and some plausible deniability.
Now, with regards to MS's badging service; what "obvious reasons" are there for specifically excluding the user (you know, the owner of the device) from being able to load their own keys on a badged ARM device? If someone buys a badged Win8 ARM unit, they are now an MS hostage too.
The general idea of Secure Boot does offer some benefits. But not in the way it has been done. Now it is just another method for MS to exclude any competition.
It really is time for the regulators to get their whacking sticks out.
Secure boot is a double edged sword: while clearly a major step to preventing rootkits, it is also a good way of stopping freedom.
My own preference would be for a uniform and guaranteed way of turning it off, of cource with BIG MESSAGES ABOUT THE DANGERS so Joe Average is not fooled again by malware in to shafting himself.
The Linux option that blocks things like pci access, etc, to allow signing is not good in my view as I use that sort of thing in development. OK< I don't need secure boot, but would like the half-way house of knowing most of the boot process went OK and only the modules (or hardware access) were things to worry about.
@AC 11:10 - But that is the problem, one will find it very hard not to buy a PC without it due to that way Secure Boot has been implemented. One will be effectively forced to have MS keys installed (to resolve various driver issues with PCI cards) and then one is at the mercy of MS and any key revocations in the future.
Hi, John Leyden,
Security analysts do not have a great history of sustained success and are invariably paid to try and restrict access to key codes that trigger rogue drivers and renegade operations.
Windows 8 'harder for malware to exploit', says security analysis ...... Yes, well, we shall see if it is hardened against otherware exploiting phorms of phishes which may not be malware at all, but something completely different and attractively addictive.
Whenever an operating system is easy for malware to exploit, to make it harder to exploit does not mean that it is less easy to exploit for all that is introduced are novel alternate attack vectors and additional vulnerabilities?
Not for me, or you, presumably IT literate reg reader, but for the billions of ordinary users who can't tell a computer from a monitor.
Cant speak for you, but I'm always going to be able to build a PC from scratch, and hack it just so, the ones sold in the shops should be as idiot proof and remotely exploitable as a toaster.
Security Experts and Malware writers are generally not the same beast. Their center of interest, financial gain, usually don't deal with the same people and not on the same level.
The only way to know if a system is more secure is to release it to the public and wait until it gains a large user base.
The OS itself is only one element in the equation, it is also necassary to test and verify applications and their integration, plugins, drivers and the stupidity of users ...
The malware writers and vxers have time on their hand to discover exploits, they will patiently plug away until they find something.
MS are continualy publishing security updates updates for all of their OS's, my WSUS server has updates almost daily . It is hard to believe that this trend will slow down in the immediate future.
Although I would be more than happy to be proved wrong.
Unless this guy can see into the future I think he should just wait a little.........
As I pointed out in my other post, these are all very good measures.
But more could be done, such as not using unsafe-by-default C and C++ artifacts such as plain pointers, plain arrays and so on. Rather, safe-by default smart pointers and checked arrays should be used by default. Only if profiling discovers that these pose a performance problem at a few places, they unsafe approach should be re-introduced.
That would immediately kill more than 50% of exploits !
Software Engineers still use C and C++, despite having lots of other alternatives. Most of them will use plain pointers and STL vectors, which are unsafe in most instances.
The whole "programming" profession has extremely low professional standards and all arguments boil down to "money is truth; insecure software sells nicely".
Most software engineers are also intellectually lazy people who are "in it for the money". Their managers are even less equipped with a spine, so what do you expect ?
There is nothing wrong with C and C++ if you use it correctly.
Hell, look at the .NET framework itself - what do you think that was designed in? The fact of the matter is, C/C++ can be the best tools for the right jobs (insert list here), with plenty of documentation and efficient standards, that if followed (hah, microsoft), means you should have little to no issues.
If you're incapable of using C++ properly, don't blame it for when your failing code causes the security vulnerability. I could write a .NET application that would contain a privilege escalation 'bug' - is that the fault of the framework, if it was caused by my poor code?
Don't blame the tools - it's the people using them that cause the problems.
"Valasek described the leap between Windows 7 and 8 as less than that between XP and Vista"
In Vista didn't I notice much difference apart from extra eye candy and an overactive UAC box yet in Windows 8 I can't work out how to have 4 apps on the screen at the same time, apps get stuck on the left hand side and I then can't get them out, my apps disappear as soon as I hit the Windows key O_O
I've turned into an idiot :'(
Time to read up on the Book of Wally
With the money out there in malware - I seriously doubt that the system will be ultra secure for long - as for having secure hardware - look at every device ever released that is "unhackable" and protected by some proprietary bit of hardware guaranteeing that it will always remain secure - then look at how exploits have been discovered in them all - from pre Chip 'n' Pin terminals, ATM's, Playstations, iPhones, Android phones - nothing is really *secure* especially not when you invest time and money into cracking it. Android is actually a pretty good example - the manufacturers lock down their phones - like HTC's "s-ON" preventing access to system partitions etc - but eventually it's figured out how to use some exploit to gain write access to the system and disable all the phones security - from what partitions you can write to - right through to not checking the signature of software you install to the phone. No programmer anywhere is infallible - and no vetting process will ever catch every hole.
Exploits in Windows 8 will be discovered, I'd even bet that the magical "factory reset" bit get's targeted in exactly the same way that System Restore did with Windows XP. I'd be willing to bet that within 2 years of release - there are reports of viruses that are incredibly difficult to detect and doing a factory reset doesn't get rid of them.
What you say is that essentially security efforts are pointless. I don't think this is true.
Looking at real-world examples such as Google Chrome seems to indicate otherwise. Sandboxing did raise the bar very high and only a very small number of exploits have been developed for Chrome so far.
M$ is also trying to spread the notion of "all systems are equally insecure", which is also not backed up by the number of viruses in the wild. Unix systems in general are more secure than Windows systems.
So there are differences in security and techniques such as sandboxing have proven to dramatically increase security. I would even say sandboxes could be made perfect, because their code size is quite moderate. Someone could actually do a Formal Correctness Proof for a major sandbox technology. Then we could put a lot of trust into it. But yes, even proofs are sometimes wrong.
Of the 4 main browsers chrome is right behind IE in terms of exploits with similar numbers so I don't think that's true. It's just that no one talks about chrome exploits like IE exploits. Even opera has some exploits but going by the news you'd swear they've had no problems.
As their market share grows they'll get targetted a lot more too.
Almost all past Chrome exploits have been contained by the sandbox. I don't know how that compares to the latest IE, which also does sandboxing, but AFAIK, Chrome was the first browser with a sophisticated sandbox.
The number of attacks which went past the sandbox walls in Chrome is less than 10. That's excellent.
"...thwarting the abuse of software bugs rather than preventing or even minimising the occurrence of vulnerabilities in the first place. "
So what they're metaphorically doing, instead of fixing the locks and the broken windows(!), is hiring more security guards to patrol the building in the hope of catching the bad guys before they do too much harm...
As long as C and C++ are used and lots of features are absolutely imperative, sandboxing is the only strong security concept around.
Have a look at Chrome or libpoppler code and you can easily see why sandboxing is clearly required. Nobody can really be sure all these pointers are actually valid all the time. I guess this is even more true with closed-source commercialware.
Applications will be restricted to functions necessary to performing their declared function
Infringing on AppArmor (1998) or SELinux (2000) patents?
Apps will have limited permissions to perform actions consistent with their declared intent.
WOW, innovative indeed, an app per unique uid? How about showing all the permissions app wants before the install... I know it is too much to expect from MS already, next decade maybe...
MS' constant wheel reinvention is getting a little boring. However, claims about innovation as well as patenting these wheels would be pretty well expected
Sounds a bit like the permissions on my Android when I install a new app. To be honest I rarely read the updated permissions, I'm sure I'm in the majority. I would expect the permissions to be very clear in Windows 8. How does that affect all the current programs out there?