Slashdot Mirror
Windows XP SP2 Could Break Some Applications
Denver_80203 writes "An article from InfoWorld states that the upcoming Windows XP Service Pack 2 could break some 'unsecure applications.' In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.' Or: 'The great bulk of applications will not be affected by memory protection. The number one that leaps to mind is execution environments with just-in-time code generation. The .Net Framework is one.' Fortunately for us, they are offering a course to guide the unsecure masses."
When this same problem affects many Linux distributions. Some, like Xandros, will simply break if you install KDE 3.2, or upgrade the kernal to 2.6. - You'll have to wait for a full new stable release for these things to work.
I'm surprised MS would allow this, so it must really be a small minority of applications that will break.
But lets not bag on MS with general crap, this affects Linux too.
Yeah. When the open source guys break insecure applicications at least they get fixed in minutes, or it just takes a recompile. :0
How are you suppose to correct these apps? I bet some don't even have company's behind them anymore.
I really like the direction Microsoft is heading.
Granted it was needed as their reputation, in regards of security, has always been low to none.
I really hope this will rid Windows XP of future remote exploits, since that's still the biggest threat Windows is facing.
Having said that, this wont fix all security problems, there will always be the luser that executes whatever is mailed to him/her, but it's still a step in the right direction.
...when one realises that most of this effort is fruit of a tiny 5kb worm which actually had asked mr gates to repair his software... I'm still working on my sig
First, they decided to postpone Longhorn "Until it's done", rather than releasing a shoddy product early.
Second, they've gone so far as to break application compatibility in order to clean up a number of deeply embedded security holes in Windows.
Personally, I think this is a Very Good Thing(tm). Microsoft may finally be "Getting it"
' In a quote from Tony Goodhew, a product manager in Microsoft's developer group says 'It doesn't really matter how long it is going to take you to do the work; security is an important issue and developers need to start doing that work now.' Let's see how this works.., We have a broken security model so the onus is on you to fix your apps because of our piss poor planning (ease of use vs security/functionality) Hmmm...,
It's hardly new for Windows to drop backwards compatibility in areas. Many applications which are partly 16-bit and partly 32-bit won't run on Windows XP, but do run on Windows 95/98/ME for example
Windows XP has application compatibility features which allow you to set the OS version to previous releases and provide compatibility with older registry layouts, for example. That kind of compatibility feature is unlikely to help with stricter security controls of course (unlesss there's an option simply to turn off the new security features).
My operat~1 system unders~1 long filena~1 , does yours?
In the past, MS has broken Windows 95/98 applications, but Windows XP/2000 had compatibility modes available for the older applications. If it is as they say, and newer apps will be intentionally broken without any way of going into a compatibility mode, this will be bad.
I have difficulty believing MS would not include some kind of compatibility mode, however. It'll be interesting to see what they do. It won't really affect me though, I don't use XP and can't stand that OS (Windows 2000 is still my favorite Microsoft OS; Windows XP is just 2000 with some pretty GUI changes and some compatibility fixes.)
Actually, only the Itanium and AMD K8 are affected by this immediately; Microsoft isn't yet marking memory nonexcutable by default on the good old x86 processors that we all use.
Regardless, it is trivial for developers to update their code for things like JIT compilers, with a simple function like this:
I added that piece of code to my company's JIT compiler some years ago, just to ensure that the proper flags were set. I figured Microsoft would eventually switch to nonexecutable data and stack segments, much like the OpenWall project has done with their Linux patches. Glad to see Microsoft is finally taking the first steps.
It's hard for thee to kick against the pricks.
I've run into this many times. Or if the company exists, they have dropped support for the older version. And many times, the newer versions are not providing anything useful *except* support for the new OS. Not worth the upgrade price.
With open source, I can nearly always manage the problem - recompile works most of the time, and if not, I can either fix it myself, or find someone who has or will fix it, either for free or for a reasonable fee. More and more of my clients are starting to see the value of Linux and open source applications, especially in the server area. And these are small to medium sized businesses who tend to be very conservative about how they spend their computing money.
I even have customers asking about switching to Mac - something that hasn't happened in ages, if ever!
Microsoft has pandered to broken applications for far too long. Maybe if they finally get over their "backwards compatibility at all costs" attitude, they'll get around to fixing some of the fundamental flaws in their OS.
I highly doubt that Linux authors would think twice about breaking buggy apps to force the issue.
Windows adds NX security to prevent buffer overflows, Slashdot bags on Microsoft for breaking a few apps in the process (apps which were arguably broken in the first place, just the spec was never enforced).
I understand there's a slight bias on this site, but Jesus Christ you guys.
that the memory protection was only usable w/ processors that flagged memory.
I do security
This is a good thing that OSes like Solaris have had available for years. OpenBSD has recently changed their default memory page allocation permissions on architectures where it's possible for a similar effect. Patches exist under Linux to do it. However, I believe in all these cases that you can still REQUEST memory allocations that do NOT have the restriction if you are doing JIT compilation or whatnot.
/' string somewhere in memory).
Microsoft isn't stupid. I'm sure they'll figure out a way to allow old apps to run with the old allocation behavior. Their entire business relies on legacy compatability. At worst you'll need to set some flag on the application launch.
The other thing to note is that crackers have also had ways to defeat execution-protected memory for years as well. It makes a buffer overflow exploit a bit more difficult, but where there is a will there is a way.
For example, even if the protection prevents you from writing executable code directly into memory, you can still typically do things like overwrite the stack and hijack the program's execution to a system call with malicious parameters (in Unix, the classic call to hit is system()...no custom code execution required, just a 'rm -rf
Braddock Gaskill
You evidently don't understand how Microsoft works as a business. Unlike most software shops, they take the long-term perspective. Many of their competitors have learned this the hard way. (E.g., "Internet Explorer is a failure." As of version 3, it was a failure in terms of market penetration, but MS didn't care.) Full Microsoft product cycles typically take about ten years.
Every major new Microsoft product or technology takes the better part of a decade to take over the desktop. By about 2007-2008 or so, once there starts to be a large installed base of Longhorn machines (which will have .NET preinstalled), .NET will really start to take off for shrinkwrap applications. Five years down the line from there, it will be just about ubiquitous. In the meantime, programmers are learning it and it's becoming a familiar feature of Visual Studio (an excellent IDE).
Microsoft Windows is, fittingly, the official Desktop OS of Olig
You don't realize how true this is after the W2K source leak. Microsoft has to take drastic measures if they are to stem the flood of exploits.
Making sure nothing can buffer overrun to execute with even user privileges is a neccessity now that countless local holes are known (Overflow on loading a bitmap? How in the hell did they manage to screw that up?).
No, it's soooo 2004. Anti-MS/pro-Linux bias was restricted to very small groups of hackers in the 1990's, but it's progressively growing into the collective conscience, as more and more security failures in MS software get more and more people pissed-off.
Dude at 210 megs you're running the beta with all the debug stuff. It's not going to be anywhere close to that big when final release is compiled.
Yes, as discussed in the previous article, these types of applications will need to use the VirtualProtect() API to tell Windows to make their pages executable.
.NET along with SP2 (?), but if you need Java you'll probably have to wait for your JVM vendor to issue an upgrade...
Unfortunately, this will mean patches will have to be released to just about everything that does this. Presumably, MS will include a patch for
The thing is that in 2-4 years pretty much every one will have the .NET frame work as part of the OS (even MONO on Linux) so they will not have to down load it. Then .NET will become mainstream.
Art is the mathematics of emotion
Think of apple, they were never to worried about backwards compatibility and their os is more stable because of it. All those programs that weren't compatible with osx had to be updated to ensure they'd work with the changed operating system. True, the change was big because they went to a unix varient, but they still had the balls to tell developers to adjust or lose customers.
.NET, this is very smart for them. It makes it easier and cheaper for developers to make consistant apps in current and future versions of windows. If developers rely on ms code to handle the grunt work and they just do the stuff that makes their program, then they have a lot less overhead. And with microsoft grabbing it's balls and betting on security and stability, they can handle the backend bugs with their updates. True, that requires them to actually patch, but if they start with a much more stable and efficient groundwork, you'll see a lot less patches then now.
Now microsoft has always tried to make it easy to run old programs. Think of how long dos lasted so businesses could use their old proprietary programs. This caused a lot of problems with windows crashing. Windows xp was supposed to fix that shit, but now a new slew of shit has come about. Now what they're saying with sp2 is that they recognize their customers want security and stability over backwards compatibility.
The reason they're finally starting to do this is probably to compete with linux since those people most likely had to leave their old familiar apps with new ones. They see that people would rather deal with the adjustment of a new look and feel over constant reboots.
Now while everyone can point fingers and laugh at
Remember guys, microsoft isn't stupid.
Which is what happens when you let a product manager talk about technical issues.
There applications that will break are _not_ (necessarily) insecure. They just behave in a way that makes it impossible for Windows to tell isn't somebody trying to execute some code in an overflowed buffer.
Typical MS press relations, blame everyone else.
I'm no Microsoft fan, in fact quite the opposite.
But by and large, these look like common sense changes that will likely cause a great deal less trouble than the move from 2000 to XP did for application vendors.
Uh, well I don't know what source code generation has to do with protected memory. So I assumed they meant binary code generation which is one phase of JIT.
--t
The plural of company is companies.
You have to bag on MS for this?
Ok, imagine this alternate Slashdot headline:
MS sales buries secure XP
Itoldyouso writes - A leaked memo indicates that the Microsoft developers created a much more secure version of their flagship operating system. However, because it would have caused problems with a small number of applications that were designed insecurely, the Sales & Marketing teams vetoed the new secure version, in an attempt to avoid a customer backlash. It is now official - Microsoft's commitment to trustworthy computing is a complete joke.
I have a feeling that post would rile a lot more people here.
NX bit may not be a panacea, but it's still very useful. There's a reason OpenBSD is trying to support it. Is it supported in Linux yet? And if not, why not? "Don't allow this to execute" is a basic permission, like read-only, that should have been in the VM system from day 1 -- and I think it was, in many other architectures.
/. if MS didn't release this.
And yes, I do think you'd find a shitstorm on
The enemies of Democracy are
I've seen the format. I've seen worse, and bmp is hardly bad enough to mess up an implimentation for.
I don't feel it's harsh at all to criticise over this. The Apache Group should also be embarassed for the same.
(what, you assumed I'm yet another anti-MS/pro-OSS zealot?)
Integer overflows are easily avoided, and the very fact that they crop up so often is the reason programmers keep such a sharp eye out for them (at least where I work, anyway).
Let me get this straight: Microsoft is making XP more secure in a way that could break some programs (sort of like the grsecurity linux kernel patches break some programs), and you're against that? Sure, it would be nice if it was optional---but it's Microsoft! Doing something about security! Even if it means actually announcing that some programs may be broken!
Frankly I can't see why anybody is whining over this, unless it's the instinctive MS bashing of Slashdot.
They are adding a security feature that will improve the overall security of the operating system at the cost of breaking older, insecure, applications. This is done everywhere and for some odd reason it's usually considered a good thing.
I am looking forward to this, any my question is only when this kind of features can be implemented in linux to improve the security here too... (Or is it perhaps in there allready?)
You don't gain new customers by inconveniencing your current ones. Companies don't buy computers as temples of virtuous computing. They buy them because the computer can be used as a tool to make them money.
As such, they aren't interested in MS breaking their applications just because "it's the right thing to do".
Compatibility should always be of prime importance. You clearly can argue that compatibility is useless if your machine is infected with viruses, so at times you might have to sacrifice some of it.
But this idea of breaking compatibility just to force everyone to clean up their act is foolish. As long as Linux doesn't understand the value of binary compatibility, there won't be much of a threat to MS on the desktop.
Finially, they're biting the bullet and doing the right thing. A sensibly configured default firewall - it's one of the things they should've been doing for years. The memory protection is also interesting - and probably a good move, so long as developers don't start using it as a crutch.
Now, if we see built-in virus protection, tainting or sandboxing of executable code recieved by email, proper MIME handling, and flagging of double extensions, AND AUTOMATIC UPDATES THAT ARE ON BY DEFAULT, it'll be mostly there.
Even forcing users to take an extra step (like the 'chmod u+x' required on *NIX) to make emailed and downloaded files executable would help a _lot_. Sure, viri would just start saying "click properties, then tick 'executable'" in the messages; but it'd stop a lot of the worst offenders from viewing things without thinking.
"Microsoft service pack breaks applications." This is certainly nothing new. Microsoft service packs have had a history of breaking applications. So the real issue here is Microsoft taking more consideration for applications. I mean, for there to be a history of application breaking with service packs, one would think that Microsoft would have done something to help prevent future problems.
As anybody that has been running the beta of SP2 probably knows, this incredible application-breaking feature is ******OPTIONAL******* and can be ****TURNED OFF IF IT PRODUCES PROBLEMS****.
Furthermore, it doesn't even work in non-Opteron processors.
I mean, people are acting like upgrading to SP2 is going to suddenly destroy their ability to use applications when this option isn't even on by default.
Certainly you people aren't this ignorant, are you?
So now MS and 3rd party programmers will think to themselves "aw well, if my pointer arithmetic is poor the CPU will catch any over runs".
Give me a break. You might as well say that we should get rid of memory protection and preemptive multitasking, because having them makes the programmers lazy, thinking the OS will catch their errors.
The NX feature is very good for security and stability. All people including programmers make mistakes, and if you design your security policy on the basis that no one will ever make a mistake you are bound for trouble. The only sensible approach is to have multiple layers where mistakes in one will be caught in the next and prevented from becoming a bigger problem than it should.
If the OS+hardware completely disallow you from writing to code memory, or executing application memory, then any attempts to do so will be killed on the spot and the blame will be placed squarely on your application. The user will know that your program screwed up (or was being malicious) instead of blaming it on windows. So not only will this close off an entire class of exploits, it will provide incentive for programmers to do a better job!
The Good:
Microsoft needs to do some house cleaning of Windows, and this seems as if it really is a step in the right direction as far as fixing up some of the security problems.
The Bad:
Of course, this is Microsoft we're talking about. If Microsoft can get away with purposefully breaking third party applications and then making it seem like it is for "security" purposes, they will.
Naturally, one has to wonder what havoc this SP will cause with 3rd. party firewall and antivirus software. It is not hard to imagine Symantec and McAfee taking a huge loss in user base if SP2 breaks their software, and then Microsoft says, "Well, those apps weren't well written or else SP2 wouldn't have broken them. Fortunately firewall and antivirus are built into Windows now, so you can ditch that 3rd. party software."
And this also will not really do very much to stop the spread of viruses/worms/trojans and adware, at least not immediately. The reasons are:
1. Most home users never run Windows Update. MS can tout the new security features all they want, but most users will not have these features because they won't patch.
2. People will still find a way to purposefully click on email attachments. I've known people who can't get weird email attachments because their AV software blocks it, so they DISABLE their AV software to open it.
3. SP2 doesn't look like it will address IE/ActiveX control issues that Adware writers love to take advantage of.
And of course, Microsoft is still pushing their campaign to integrate everything and the kitchen sink into the OS. First it was IE, now it is media player that MS claims is a vital component of Windows. Next it will be firewall and antivirus. These improvements should be modular so that users who have an external firewall or prefer a 3rd. party solution can simply knock it out of their install.
"You spoony bard!" -Tellah
There are add-on utilities that can be coerced into working with C or C++, but the issue is that you don't really know the type of the data that you are working with. Languages that require the frequent use of casts, and which mean "think of this data in a different way" rather than, e.g., change this integer to a float, are fundamentally insecure unless there is hardware backup, or some other wrapper which emulates that effect.
C is such a language. C++ is such a language. In C and C++, type is merely a label of convience, and is subject to being overridden at whim. (Consider all the code that depends on untyped data stored in arrays of size zero. Possibly C99 has fixed this problem, as I haven't checked. But I really doubt it, because it would break too much old code. Possibly recent versions of C++ have fixed this, but I haven't heard the screams of anguish that would arise, so I doubt it.
However, if you want a popular language without this problem, you could pick Java. Now that gcj is available it's a compileable language. I don't think of it as suitable for systems programming, so I didn't mention it, but it avoids the problems. (At much greater cost in effort than the other languages that I mentioned, but it does avoid the problems.)
Now I will admit that my personal preference has been Python, or perhaps Ruby. It varies. But I don't think of them as suitable for system programming. And Smalltalk also doesn't suffer from the problem.
That you can avoid the problem by wrapping C in barbed wire (effectively), or possibly a spacesuit, doesn't mean that it isn't a language related issue.
Sorry, I don't remember the names of the utilities that will handle the problem for C, but the last time I checked they weren't cheap. And I was, so I adopted a less expensive solution. And I haven't regretted it. Once you are away from C for awhile, you start to really understand how many bad features it contains. There are good historical reasons for each of them. And C++ kept them all, for compatibility. And because of compatibility, C can never fix them. It would break too much. But at some point, the only sane decision is "ENOUGH!", and you start writing code in a better language. (I suspect that D should be that language, but there are many contenders. And most of them are significantly better than C given today's computers. Also given just how complex C++ has grown in the attempts to solve it's intractable basic problems.)
I think we've pushed this "anyone can grow up to be president" thing too far.
I never run games with admin privileges and I play a fair few games.
What I do is create a group (gamers) add it to my limited account and give this group full control of the games directories and associated registry keys.
This works on almost every game, so far with the exception of 'aliens vs predator 2' which totally refuses to cooperate; it complains 'no disc in drive'.
I think theres a bug in their copy protection implementation (civ3 conquests uses the same copy protection, but its fine).
Anyway, the workaround for this is to (ouch) download a cracked version wich copy protection turned off.
But thats just crazy; you have to run the cracked app as admin to install it. Do I trust it? Hell no. Not really.
But if I want to play the game I bought and not have to log in as admin to do it, thats preferable in my view. I am *not* going to surf the net and read email with admin privileges.
Oh and power user? Forget it; this group has write access to system folders and is almost as dangerous as administrator.
In the free world the media isn't government run; the government is media run.
That's the kind of thinking that will result in a 'golden age' of exploitable software. NX does not close the vulnerability left by a buffer overflow. All it does is require you to use a different class of attack.
So just because a burglar can break the window means that we shouldn't bother to lock the car door?
If you're a zombie and you know it, bite your friend!
Hack hack hack hack, remove hack, hack a hack, hack hack hack...
Their code is SO CHOCK FULL OF HACKS to support older applications, and even hack to hack old hacks, that eventually the OS will crumble under its own weight.
The Apple transistion from OS 9 to OS X was VERY slick. Give old apps a Classic mode, and as apps get rewritten you use the new rewritten version in the main OS, and only dip into Classic mode for the old/unconverted apps. After a few years, get rid of the Classic mode and yay, millions of people easily converted from one generation OS to the next. Watching Apple move people from OS 9 to OS X was what caught my eye and made me think "This company has a fucking clue!" And once I saw 10.3, I bought a Powerbook. Too good to refuse.
With windows, it's still hack hack hack hack... I can't wait to be ENTERTAINED when Longhorn comes out. It's going to be a great laugh at that mess. And great for self employed geeks like me that work as consultants. MS makes a mess every couple of years, and that keeps us geeks paid cleaning up the mess.
The fix, as I see it: MS, IMO, should write Longhorn without ANY HACKS for old apps, and include with the OS a free copy of Virtual PC running Windows XP. Treat Virtual PC (which they now own) as Apple did with their Classic mode.
Of course, MS won't do this, and couldn't do it right if they tried, and at the end you still have a crappy OS full of security holes and a bad GUI. Oh well.
So just because a burglar can break the window means that we shouldn't bother to lock the car door?
More like: Just because the alarm is enabled you can stop worrying over whether or not you locked the door.
It's nice having something like this to catch errors, but it could also lead to developers using it as a crutch and not bothering to make their code secure. In other words, it looks good on paper, but it's only marginally effective in practice and still doesn't fix the problem of poorly written code.
______-___--_-__-_---_-----__-_-___-_-_---_-----_
MS is far from perfect, but worrying constantly about reverse compatibility is one of the major reasons windows is so insecure IMO. Microsoft can't take any big leaps in security as long as they have to work around 5 years of hacks and tweaks to keep things working. Microsoft seems to be doing a good job of giving developers fair warning. Furthermore, Windows actually has an excellent method for rolling back service packs, so even if it does break that mission critical app you can roll back and wait for an update.