Feeds

Windows 8

Apple iOS 7 makes some users literally SICK. As in puking, not upset

Excessive zoom and 3D-effect graphics in Apple's latest iOS is leaving some users reaching for the sick bucket

Windows 8 'harder for malware to exploit', says security analysis

Getting penetrated doesn't mean they own you

Top 5 reasons to deploy VMware with Tegile

Microsoft’s upcoming operating system is a step forward in security, at least according to a security researcher who is among the first to take a detailed look at early releases of Windows 8.

Chris Valasek, a senior security research scientist at development testing firm Coverity, began examining the security features of Windows 8 last autumn, before the consumer previews of the upcoming revamp of the new Microsoft OS came out.

Windows 8 will come with a radically redesigned user interface, dubbed Metro, which was designed in part to give Windows that same feel across smartphones, desktops, laptops and tablets. Despite radical changes, it seems the innards of the operating system are much the same as those found in Windows 7. Valasek described the leap between Windows 7 and 8 as less than that between XP and Vista.

One major change between Windows 7 and 8 is the addition of more exploit-mitigation technologies, however. Windows Memory Managers (specifically the Windows Heap Manager and Windows Kernel Pool Allocator) are designed to make it far harder for attackers to exploit buffer-overflow vulnerabilities and the like to push malware onto vulnerable systems.

The technology is aimed at thwarting the abuse of software bugs rather than preventing or even minimising the occurrence of vulnerabilities in the first place. "There are always going to be vulnerabilities but you can make it difficult to leverage vulnerabilities to write exploits," Valasek explained. "It'd be naive to think there'll be no new vulns."

Another big change comes with the app store that goes with Windows 8.

Applications for the next version of the operating system will feature more granular controls. Applications will be restricted to functions necessary to performing their declared function, unlike the current situation where installed applications are given free rein. Apps will have limited permissions to perform actions consistent with their declared intent. The restrictions, along with other factors, will reduce the scope for malware to do mischief, even if it does find its way onto a Windows 8 system.

"These new Windows 8 Apps will be contained by a much more restrictive security sandbox, which is a mechanism to prevent programs from performing certain actions," Valasek explains. "This new App Container provides the operating system with a way to make more fine-grained decisions on what actions certain applications can perform, instead of relying on the more broad ‘Integrity Levels’ that debuted in Windows Vista/7."

"Overall I'd far rather write exploits against Win 7 than Win 8," Valasek explained.

Windows 8 also comes with a new version of Internet Explorer, Microsoft's browser software. Internet Explorer 10 will come with a mode that disables support for third-party plug-ins such as Flash and Java. However, Valasek added that users will "probably be giving some things up” in this mode. Even outside this mode, plug-ins will be hooked to memory randomisation – another development that will make it more difficult for miscreants to develop exploits.

One of the most contentious security-related revamps in Windows 8 is a secure boot feature which open-source advocates have argued would lock out alternative operating systems. Valasek said assessing the pluses and minuses of this feature from a security perspective was outside the scope of his study. Open-source advocates have come up with possible workarounds, such as this one from Matthew Garrett, but the situation remains far from ideal for open source-fans.

Windows 8 remains a work in progress and further changes are more than likely before its eventual release. Valasek's study is based in part on reverse engineering of Windows Heap Manager and analysis of executables using disassembler tools such as IDAPro.

Valasek is putting together a paper on Windows 8 security that he hopes to present at the Black Hat Briefings in Las Vegas in July. ®

Beginner's guide to SSL certificates

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.