Feeds

Vista raises the bar for flaw finders

But the battle's not over yet

HP ProLiant Gen8: Integrated lifecycle automation

That's not surprising, because PatchGuard is not really about stopping malicious software from subverting the kernel, but preventing any software from destabilizing the system, said Ken Johnson, a software developer at remote-access provider Positive Networks.

"As far as I can tell, (PatchGuard) is a mechanism to force third-party driver (developers) to clean up their act and stop releasing poorly written drivers that destabilize customer computers and introduce security holes," Johnson said.

In a recent article in the technical publication Uninformed, Johnson - writing under the pseudonym "Skywing" - described several deficiencies in the latest version of PatchGuard, version 2. Microsoft programmers are currently studying the claims, said the software giant's Toulouse.

Other security technologies included in Microsoft's Windows Vista are not as controversial.

Address Space Layout Randomisation (ASLR), which makes it harder for an attacker to reliably run code that exploits remote memory flaws, has garnered the approval of many security researchers. Microsoft's implementation of the technique has some weaknesses, but overall the company has added a good foil to attacks that have plagued Microsoft's software in the past, said Positive Network's Johnson.

"Vista's ASLR is, on a whole, still a significant 'speed bump' that makes exploiting many vulnerabilities on Windows much more difficult to do reliably, especially in a 'fire and forget' fashion as typically used by worms," he said.

However, at least one other researcher has said the speed bump will not slow down the pace of exploits, because it can be circumvented.

"The ASLR implementation in Vista is not very resilient - it only randomizes the bases of certain system DLLs (dynamic link libraries) and not the rest of the loaded modules," Matthew Murphy, an application security engineer at Hypermedia Systems, stated in comments to a previous SecurityFocus article. "This means that today's attackers will still succeed tomorrow, because all they'll have to do is slightly tweak the jump points in their exploits."

Data Execution Prevention (DEP), a technology included in Windows XP Service Pack 2, monitors for attacks - or software bugs - that attempt to run code from a non-executable part of memory. While included in Windows XP SP2, the service is only activated by default on systems with 64-bit processors. With Windows Vista, Microsoft has set the technology to automatically monitor all essential Windows services.

Microsoft's Toulouse emphasised that Windows Vista is not the end of the software giant's fight to protect its customer from online threats.

"There are certain classes of attacks that we might see, after widespread deployment of Windows Vista, starting to go away, but none of this is to say that we can be complacent," Toulouse said. "We will still try to provide our users with tools that help them know what's going on their PC. And, we still urge customers that criminals are still out there, and you need to be cautious."

Windows Vista went on sale yesterday.

This article originally appeared in Security Focus.

Copyright © 2007, SecurityFocus

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.