Feeds

Vista raises the bar for flaw finders

But the battle's not over yet

Internet Security Threat Report 2014

That's not surprising, because PatchGuard is not really about stopping malicious software from subverting the kernel, but preventing any software from destabilizing the system, said Ken Johnson, a software developer at remote-access provider Positive Networks.

"As far as I can tell, (PatchGuard) is a mechanism to force third-party driver (developers) to clean up their act and stop releasing poorly written drivers that destabilize customer computers and introduce security holes," Johnson said.

In a recent article in the technical publication Uninformed, Johnson - writing under the pseudonym "Skywing" - described several deficiencies in the latest version of PatchGuard, version 2. Microsoft programmers are currently studying the claims, said the software giant's Toulouse.

Other security technologies included in Microsoft's Windows Vista are not as controversial.

Address Space Layout Randomisation (ASLR), which makes it harder for an attacker to reliably run code that exploits remote memory flaws, has garnered the approval of many security researchers. Microsoft's implementation of the technique has some weaknesses, but overall the company has added a good foil to attacks that have plagued Microsoft's software in the past, said Positive Network's Johnson.

"Vista's ASLR is, on a whole, still a significant 'speed bump' that makes exploiting many vulnerabilities on Windows much more difficult to do reliably, especially in a 'fire and forget' fashion as typically used by worms," he said.

However, at least one other researcher has said the speed bump will not slow down the pace of exploits, because it can be circumvented.

"The ASLR implementation in Vista is not very resilient - it only randomizes the bases of certain system DLLs (dynamic link libraries) and not the rest of the loaded modules," Matthew Murphy, an application security engineer at Hypermedia Systems, stated in comments to a previous SecurityFocus article. "This means that today's attackers will still succeed tomorrow, because all they'll have to do is slightly tweak the jump points in their exploits."

Data Execution Prevention (DEP), a technology included in Windows XP Service Pack 2, monitors for attacks - or software bugs - that attempt to run code from a non-executable part of memory. While included in Windows XP SP2, the service is only activated by default on systems with 64-bit processors. With Windows Vista, Microsoft has set the technology to automatically monitor all essential Windows services.

Microsoft's Toulouse emphasised that Windows Vista is not the end of the software giant's fight to protect its customer from online threats.

"There are certain classes of attacks that we might see, after widespread deployment of Windows Vista, starting to go away, but none of this is to say that we can be complacent," Toulouse said. "We will still try to provide our users with tools that help them know what's going on their PC. And, we still urge customers that criminals are still out there, and you need to be cautious."

Windows Vista went on sale yesterday.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

Choosing a cloud hosting partner with confidence

More from The Register

next story
Preview redux: Microsoft ships new Windows 10 build with 7,000 changes
Latest bleeding-edge bits borrow Action Center from Windows Phone
Google opens Inbox – email for people too thick to handle email
Print this article out and give it to someone tech-y if you get stuck
Microsoft promises Windows 10 will mean two-factor auth for all
Sneak peek at security features Redmond's baking into new OS
FTDI yanks chip-bricking driver from Windows Update, vows to fight on
Next driver to battle fake chips with 'non-invasive' methods
UNIX greybeards threaten Debian fork over systemd plan
'Veteran Unix Admins' fear desktop emphasis is betraying open source
Entity Framework goes 'code first' as Microsoft pulls visual design tool
Visual Studio database diagramming's out the window
Google+ goes TITSUP. But WHO knew? How long? Anyone ... Hello ...
Wobbly Gmail, Contacts, Calendar on the other hand ...
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.