Feeds

Windows 8

Apple iOS 7 makes some users literally SICK. As in puking, not upset

Excessive zoom and 3D-effect graphics in Apple's latest iOS is leaving some users reaching for the sick bucket

Windows 8 'harder for malware to exploit', says security analysis

Getting penetrated doesn't mean they own you

HP ProLiant Gen8: Integrated lifecycle automation

Microsoft’s upcoming operating system is a step forward in security, at least according to a security researcher who is among the first to take a detailed look at early releases of Windows 8.

Chris Valasek, a senior security research scientist at development testing firm Coverity, began examining the security features of Windows 8 last autumn, before the consumer previews of the upcoming revamp of the new Microsoft OS came out.

Windows 8 will come with a radically redesigned user interface, dubbed Metro, which was designed in part to give Windows that same feel across smartphones, desktops, laptops and tablets. Despite radical changes, it seems the innards of the operating system are much the same as those found in Windows 7. Valasek described the leap between Windows 7 and 8 as less than that between XP and Vista.

One major change between Windows 7 and 8 is the addition of more exploit-mitigation technologies, however. Windows Memory Managers (specifically the Windows Heap Manager and Windows Kernel Pool Allocator) are designed to make it far harder for attackers to exploit buffer-overflow vulnerabilities and the like to push malware onto vulnerable systems.

The technology is aimed at thwarting the abuse of software bugs rather than preventing or even minimising the occurrence of vulnerabilities in the first place. "There are always going to be vulnerabilities but you can make it difficult to leverage vulnerabilities to write exploits," Valasek explained. "It'd be naive to think there'll be no new vulns."

Another big change comes with the app store that goes with Windows 8.

Applications for the next version of the operating system will feature more granular controls. Applications will be restricted to functions necessary to performing their declared function, unlike the current situation where installed applications are given free rein. Apps will have limited permissions to perform actions consistent with their declared intent. The restrictions, along with other factors, will reduce the scope for malware to do mischief, even if it does find its way onto a Windows 8 system.

"These new Windows 8 Apps will be contained by a much more restrictive security sandbox, which is a mechanism to prevent programs from performing certain actions," Valasek explains. "This new App Container provides the operating system with a way to make more fine-grained decisions on what actions certain applications can perform, instead of relying on the more broad ‘Integrity Levels’ that debuted in Windows Vista/7."

"Overall I'd far rather write exploits against Win 7 than Win 8," Valasek explained.

Windows 8 also comes with a new version of Internet Explorer, Microsoft's browser software. Internet Explorer 10 will come with a mode that disables support for third-party plug-ins such as Flash and Java. However, Valasek added that users will "probably be giving some things up” in this mode. Even outside this mode, plug-ins will be hooked to memory randomisation – another development that will make it more difficult for miscreants to develop exploits.

One of the most contentious security-related revamps in Windows 8 is a secure boot feature which open-source advocates have argued would lock out alternative operating systems. Valasek said assessing the pluses and minuses of this feature from a security perspective was outside the scope of his study. Open-source advocates have come up with possible workarounds, such as this one from Matthew Garrett, but the situation remains far from ideal for open source-fans.

Windows 8 remains a work in progress and further changes are more than likely before its eventual release. Valasek's study is based in part on reverse engineering of Windows Heap Manager and analysis of executables using disassembler tools such as IDAPro.

Valasek is putting together a paper on Windows 8 security that he hopes to present at the Black Hat Briefings in Las Vegas in July. ®

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
Apple fanbois SCREAM as update BRICKS their Macbook Airs
Ragegasm spills over as firmware upgrade kills machines
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Captain Kirk sets phaser to SLAUGHTER after trying new Facebook app
William Shatner less-than-impressed by Zuck's celebrity-only app
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.