Feeds

Vista raises the bar for flaw finders

But the battle's not over yet

Secure remote control for conventional and virtual desktops

That's not surprising, because PatchGuard is not really about stopping malicious software from subverting the kernel, but preventing any software from destabilizing the system, said Ken Johnson, a software developer at remote-access provider Positive Networks.

"As far as I can tell, (PatchGuard) is a mechanism to force third-party driver (developers) to clean up their act and stop releasing poorly written drivers that destabilize customer computers and introduce security holes," Johnson said.

In a recent article in the technical publication Uninformed, Johnson - writing under the pseudonym "Skywing" - described several deficiencies in the latest version of PatchGuard, version 2. Microsoft programmers are currently studying the claims, said the software giant's Toulouse.

Other security technologies included in Microsoft's Windows Vista are not as controversial.

Address Space Layout Randomisation (ASLR), which makes it harder for an attacker to reliably run code that exploits remote memory flaws, has garnered the approval of many security researchers. Microsoft's implementation of the technique has some weaknesses, but overall the company has added a good foil to attacks that have plagued Microsoft's software in the past, said Positive Network's Johnson.

"Vista's ASLR is, on a whole, still a significant 'speed bump' that makes exploiting many vulnerabilities on Windows much more difficult to do reliably, especially in a 'fire and forget' fashion as typically used by worms," he said.

However, at least one other researcher has said the speed bump will not slow down the pace of exploits, because it can be circumvented.

"The ASLR implementation in Vista is not very resilient - it only randomizes the bases of certain system DLLs (dynamic link libraries) and not the rest of the loaded modules," Matthew Murphy, an application security engineer at Hypermedia Systems, stated in comments to a previous SecurityFocus article. "This means that today's attackers will still succeed tomorrow, because all they'll have to do is slightly tweak the jump points in their exploits."

Data Execution Prevention (DEP), a technology included in Windows XP Service Pack 2, monitors for attacks - or software bugs - that attempt to run code from a non-executable part of memory. While included in Windows XP SP2, the service is only activated by default on systems with 64-bit processors. With Windows Vista, Microsoft has set the technology to automatically monitor all essential Windows services.

Microsoft's Toulouse emphasised that Windows Vista is not the end of the software giant's fight to protect its customer from online threats.

"There are certain classes of attacks that we might see, after widespread deployment of Windows Vista, starting to go away, but none of this is to say that we can be complacent," Toulouse said. "We will still try to provide our users with tools that help them know what's going on their PC. And, we still urge customers that criminals are still out there, and you need to be cautious."

Windows Vista went on sale yesterday.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
Redmond top man Satya Nadella: 'Microsoft LOVES Linux'
Open-source 'love' fairly runneth over at cloud event
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.