Vista Security Mostly Invisible But Thorough Microsoft's Trustworthy Computing Meets Black Hat Andy Patrizio
A common knock on Vista has been that it's just Windows XP with a prettier face. But under the hood, Microsoft has made a mighty effort to secure the platform. Now the software giant is seeking help in an unusual forum:the Black Hat conference.
Black Hat isn't quite as outlaw as its name implies. Defcon, which follows the show this weekend, is much more of an anything-goes event. Black Hat founder Jeff Moss started the show in 1997 to provide education to security professionals, and expose flaws in software.
That's why Microsoft (Quote, Chart) is there. The company has attended prior Black Hat shows, but this year will see a first for the company: it's devoting an entire track to security in Windows Vista and Internet Explorer 7. Microsoft is signed on as a "Platinum Sponsor" of the event, along with Cisco Systems (Quote, Chart) and Ernst & Young, an IT consultancy.
"One of the key benefits of presenting at Black Hat is that Windows Vista is still a product in development," said a Microsoft spokesperson in a statement to internetnews.com. "While Trustworthy Computing has already significantly improved code quality and provided customers with better defense in depth, we believe that no matter how few security vulnerabilities remain, security researchers will have a hand in helping customers stay ahead of contemporary security threats."
Trustworthy Computing is Microsoft's fancy name for public beta testing of its security products. Since 2002, Microsoft products have been readily available to customers in very early form, often through monthly releases called Community Technology Previews. The company has encouraged constant feedback throughout the development cycle.
Vista has been no different. There have been two public betas, the second coming in June. Microsoft has certainly gotten a lot of help. The Vista blogging site Longhorn Blogs alone reported 28,000 bugs within one month of Vista's release, and 20,000 were fixed.
So will the Black Hat crowd prove as helpful?
"It never hurts to talk to people, even if they're mostly on the other side," said Rob Helm, director of research for Directions on Microsoft. "Black Hat, despite the name, isn't uniformly people who break security for amusement purposes. There are legitimate security consultants there."
Jonathan Hassell, a security consultant and author of Hardening Windows, a well-regarded book on Windows security, said Microsoft's appearance at the conference shows the company wants to be taken seriously when it comes to Vista security.
"Microsoft has traditionally welcomed its products being tested by the types of people who attend Black Hat; now they're taking it a step further," said Hassell. "They really believe they've crossed a threshold of integrity and reliability with their suite of Vista security technologies and they are ready to trumpet it loudly."
Hassell said that on paper Vista's security looks good, but in practice "it may be too intrusive. It's a mixed bag. I've been very critical of several decisions, both regarding security and usability. I think Vista is a few steps forward in the interminable attack against All Things Insecure."
A Lot Under The Hood
Microsoft has good reason to seek as much help as possible. There is a lot new with Vista, some of it evolutionary carryover from Windows XP and some of it entirely new.
Vista is the first operating system built from the ground up using the Security Development Lifecycle (SDL) model. SDL is a process of secure design, coding, testing, review and response designed to remove vulnerabilities and minimize exposure to attacks.
One reason why malware (define) has been able to run rampant on Windows XP machines is because every user runs in Administrator mode.
If you ran Windows XP in anything less than Administrator mode, you often were unable to do the simplest of things, like change time on the clock or add a printer.
To remedy this, Microsoft introduced the User Account Control (UAC) feature, which is designed to add some layers of protection and functionality lacking in XP's all-or-nothing security.
UAC is designed to allow the user to run outside of Administrator mode and still be able to change settings or install new software. If the user attempts to perform a task that requires administrative access, such as installing a new application or modifying system settings, they are prompted for an administrator password.
This is done because malware often makes changes to the operating system and computer settings without the user knowing it. MacOS and Linux both have similar security measures.
On a network level, Microsoft is adding Network Access Protection (NAP), which will allow network administrators to block computers that don't comply with "health policies" as they have defined them. That could mean patch levels or running an antivirus program.
The Root Of The Problem
The advent of rootkits (define) has only upped the ante in the malware battle, as rootkits are much harder to detect. To block rootkits, Microsoft has a two-pronged approach. The first is Windows Defender, currently in beta 2 but due with Vista. Defender will be available for Windows XP.
Defender monitors components of the operating system commonly abused by malware, such as the Startup folder and registry keys. Like UAC, if an application attempts to make a change to a protected area of the operating system, Windows Defender prompts the user to either allow or reject the change.
The second part of that solution is for the 64-bit version of Vista only. The 64-bit version of Vista supports a kernel patch protection technology known as PatchGuard, which prevents unauthorized software from modifying the Windows kernel. Kernel-mode drivers cannot extend or replace operating system kernel services with this feature.
Enlisting Hardware Help
One of the most common tricks by virus writers to take control of the system is a buffer overrun. Microsoft insists that the SDL development process will help minimize buffer overruns, but it's not stopping there.
CPU vendors AMD and Intel have added the NX feature, or No Execute. NX enables software to designate specific portions of memory for data, so code can't execute in that space, which is how buffer overflow viruses work.
There's another measure of security more geared at data protection than malware. Vista will use BitLocker full disk encryption, so data is encrypted as it's written to disc. That way, if data is lost or stolen, it cannot be accessed without a recovery key.
A Trusted Platform Module (TPM) chip is required on the motherboard or USB flash memory device to support BitLocker.
