Feeds

Vista raises the bar for flaw finders

But the battle's not over yet

The smart choice: opportunity from uncertainty

That's not surprising, because PatchGuard is not really about stopping malicious software from subverting the kernel, but preventing any software from destabilizing the system, said Ken Johnson, a software developer at remote-access provider Positive Networks.

"As far as I can tell, (PatchGuard) is a mechanism to force third-party driver (developers) to clean up their act and stop releasing poorly written drivers that destabilize customer computers and introduce security holes," Johnson said.

In a recent article in the technical publication Uninformed, Johnson - writing under the pseudonym "Skywing" - described several deficiencies in the latest version of PatchGuard, version 2. Microsoft programmers are currently studying the claims, said the software giant's Toulouse.

Other security technologies included in Microsoft's Windows Vista are not as controversial.

Address Space Layout Randomisation (ASLR), which makes it harder for an attacker to reliably run code that exploits remote memory flaws, has garnered the approval of many security researchers. Microsoft's implementation of the technique has some weaknesses, but overall the company has added a good foil to attacks that have plagued Microsoft's software in the past, said Positive Network's Johnson.

"Vista's ASLR is, on a whole, still a significant 'speed bump' that makes exploiting many vulnerabilities on Windows much more difficult to do reliably, especially in a 'fire and forget' fashion as typically used by worms," he said.

However, at least one other researcher has said the speed bump will not slow down the pace of exploits, because it can be circumvented.

"The ASLR implementation in Vista is not very resilient - it only randomizes the bases of certain system DLLs (dynamic link libraries) and not the rest of the loaded modules," Matthew Murphy, an application security engineer at Hypermedia Systems, stated in comments to a previous SecurityFocus article. "This means that today's attackers will still succeed tomorrow, because all they'll have to do is slightly tweak the jump points in their exploits."

Data Execution Prevention (DEP), a technology included in Windows XP Service Pack 2, monitors for attacks - or software bugs - that attempt to run code from a non-executable part of memory. While included in Windows XP SP2, the service is only activated by default on systems with 64-bit processors. With Windows Vista, Microsoft has set the technology to automatically monitor all essential Windows services.

Microsoft's Toulouse emphasised that Windows Vista is not the end of the software giant's fight to protect its customer from online threats.

"There are certain classes of attacks that we might see, after widespread deployment of Windows Vista, starting to go away, but none of this is to say that we can be complacent," Toulouse said. "We will still try to provide our users with tools that help them know what's going on their PC. And, we still urge customers that criminals are still out there, and you need to be cautious."

Windows Vista went on sale yesterday.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Securing Web Applications Made Simple and Scalable

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.