Slashdot Mirror
Gates on Winsecurity
xandroid writes "Just a couple days after talking about free hardware, Bill Gates has sent an email to customers saying that Microsoft will continue to focus on security, titled 'A Microsoft Progress Report: Security' (MSNBC story, PC Magazine story, Google News' related stories). The email mentions that fast-spreading and destructive viruses and worms are 'threatening the potential of technology to advance business productivity, commerce and communication', but says that to counter the threats, Microsoft will make 'major investments in customer education and partnerships that will help make the computing environment safer and more secure'. He also talks about the XP Service Pack 2, and says that Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'." Reader Zephyr_in writes "Macworld reports that the beta-release of Longhorn is likely to be postponed to early 2005 because Microsoft is concentrating first on a security-focused update (SP2) to Windows XP. Earlier this week Gates said Longhorn is 'not a date-driven release.' and said the speculation that the operating system will come out in 2006 is 'probably valid.'"
Itanium has it, so Intel deserves the mention. *shrug*
How the hell can anyone who actually read this garbage mod it interesting? Hello people, this comment is a great example of how to use a lot of words and say absolutely nothing.
a) Hardware will become nearly free and
b) If Microsoft security becomes hardware-based, it may even work!
Now, seriously, I'm your average M$-basher and could take this opportunity to make some mocking remarks.
But, you know what?
I find it sad when some software monopoly says things like "our systems are not engineered for security" and "our security will improve because we will resort to hardware" -- while still keeping a 95% desktop share.
*sigh*
I disagree, and, as opposed to modding you down, I will reply. I'm an intelligent, well-versed, apple user. I've been working with x86-based machines seriously since I was in 7th grade. I'm now about to graduate high school. Last year, I ""switched", as it were. I went out and found myself an old tibook. It's a good, solid, stable machine. I run linux and many versions of windows via work or at school. However, I like to come home to my Mac. Why? It just works. I putz around with pcs all the time, I am paid to do simple repairs and upgrades. Pcs are a hassle, and I spend a lot of my time working on them. I don't have to fool with my mac. It does exactly what I want, it's rock-steady, it's unix (I know this!), and most of all; It's pretty! Not all mac users are net-incompetent. Very few that I've met, in fact, are. That is a false assumption.
About freaking time. IBM's mainframe and midrange server architectures have been doing this for years. In OS/400, for example, the only things the processor will execute are program objects. Memory blocks marked as data cannot be executed, even in the event of a buffer overflow. The OS and hardware work together to ensure this.
All memory protection needs hardware support. Once code is executing, it is only the CPU that can generate trap which causes the operating system code to regain control.
You can have a software protected stack. SP2 will have components compiled with Microsoft's "latest" compiler software, which generates code to verify the stack hasn't been corrupted (Win2k3 was compiled with this too, apparently; which was why the MSBlaster worm had 2 'variations' to the buffer overflow attack -- one to attack Win2k/XP and one to attack Win2k3). As I just alluded to, depending on the layout of code in memory and where the overflow occurs, you can hack around software protections. It's a lot harder (apparently, it took the group that found the buffer overflow originally only a few days to create the attack for Win2k/XP, but a few weeks to find something that did more than DOS a Win2k3 box), and in some cases impossible, but not all cases.
... the latest version of Outlook does just that.
... maybe I should start bitching about Netscape 4.0 then...
The only way truely eliminate arbitrary code execution is to mark pages with data non-executable and have a processor level exception thrown when you try to execute code from a data page.
I do not believe OpenBSD has a software protected stack. However, given that OpenBSD runs on platforms which have hardware protected stacks, it does have the ability to guard against those kind of overflows. Just not on x86 hardware. Well, except maybe a version that runs on the AMD64 hardware...
Ditching ActiveX, does anyone actually use this for anything other than malware anymore?
Yes. Aside from the windows update site, there are a whole crapload of corp intranets that use ActiveX. To get rid of it would cause a lot of grief for their corporate customers. What they CAN do (and have done for Win2k3, and I suspect they'll be doing for XP SP2) is disable ActiveX components by default for non-trusted sites. You can do this today yourself if you really want, by going to the security tab in the IE->Tools->Internet Options dialog.
2. Disabling the (Outlook) preview pane by default
Why? Fix cause of the problems; don't cripple the software. In this case, images should not be downloaded by default. And hey, guess what
3. Higher SSL Verbosity with IE 4
IE4? You're bitching about IE4?!? Geeze
4. IE URL-bar and statusbar should go into an "extra careful verbose mode" when it encounters hexadecimal encoding ( % ). IMO, these are all obvious things that should have been changed LONG ago, why are they still defaults?
Right, it was so obvious that it took how many years for the problem to be discovered? Everything is obvious in hindsight. Nothing is obvious until it has been done.
I do not believe OpenBSD has a software protected stack. However, given that OpenBSD runs on platforms which have hardware protected stacks, it does have the ability to guard against those kind of overflows. Just not on x86 hardware. Well, except maybe a version that runs on the AMD64 hardware...
From here:
(NOTE: i386 and powerpc do not support W^X in 3.3; however, 3.3-current already supports it on i386, and both these processors are expected to support this change in 3.4).
You can use a little-known feature of x86 called "segments" to enforce non-executability of memory areas. It's just different from the regular paging system used to implement virtual memory, and COMPLETELY unique to x86. You can find a discussion about it here. The links in the thread have some good info.
My server
Can you provide a reference to back this up?
http://www.aceshardware.com/read_news.jsp?id=80000 460
There's always a chance that this is wrong, but this is just to prove that I didn't pull it out of midair ;)
/^[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}$/i
Sorry about the IE 4 bit. My formatting somehow got broken; there were supposed to be carriage returns between my bullets.
Of course "4" was supposed to be the next bullet, and the text for 3 was "Higher SSL Verbosity with IE."
Someone should ask him why they haven't fixed the latest "remote root" in IE even though it's been used by a worm since weeks, and it has been discussed in Bugtraq for several days ... and yes, Microsoft was notified of at least parts of the exploit months ago.
/ exploit.htm
Demo exploit here: http://ip3e83566f.speed.planet.nl/security/newone
(Remove any spaces Slashdot might put in the link. It's to an info-page, so it won't hit you without notice if you follow it)
it's in my head
98% is pretty unlikely. When people are a part of a group (slashdot readers), they assume that since they share one or a few traits, that they share *most* traits. This is a fallacy. I read slashdot for three years before using Linux on a regular basis. There are a lot of Slashdot readers who don't use Linux. There are many who don't play video games. And -GASP!- there are quite a few who even have social lives.
Those of you who assume that the rest of slashdot is just like you are truly naive.
What is a dangerous mindset? Allowing people to be connected? Allowing them access to information? What are you going to say next......That people should not be able to vote for whom they want?
I hate that phrase: "to be connected" (which is quite honestly the only reason I'm responding to this.) It just sounds like pure marketting hogwash. People can, and will do those things on whatever platform you provide them with. Some find windows easier to use, some find apple, some probably prefer X. (me for instance.)
As to doing things for you, yeah, when I want to plug in a hard drive, it is automatically mounted and I don't have to type in the CLI two or three lines of commands to get it mounted and shared. There are many other examples of this and why you perceive this as benevolent contempt completely escapes me.
This is where I have the problem with the Macs. I own a powerbook, and I think it's a pretty sleek design (though I could do without the fricking white glow and apple logo on the case).
I consider myself a poweruser, and an inquestivie one at that. I like to tweak my kernel, install multiple OSes on a given machine, and in general diagnose my own problems.
My largest qualm with apple is when people start saying "It just works."
Quite frankly, it doesn't. The documentation is often quite poor: Read every bit of the manual your machine comes with and see if you can find a solution to how to boot from a CD. (hold down C, and *then* hit apple - D otherwise it won't always boot up and just hang forever) The hardware is prone to crash the system w/o any clear sort of error message or dump (a poorly installed airport card, for instance will cause the machine to hang randomly) And it's prone to the same issues windows machines have (Third party software such as Limeware or Poisioned, are known to totatly screw up the filesystem serioulsy slowing down your machine)
I've actualy reinstalled my Laptop more times than I have any windows box. (mind you I use the laptop a bit more)
Don't get me wrong. I still like the machine, I just can't stand the zelotry that goes with it. Macs are good, but the fanboys who scream at you that apple rules and you suck when you say you prefer Nero to Toast, really gets under the skin.
I'm just mouthing off anyways. I agree in seniment with everything you've said. The parent poster was a fair fool. *shrug*
I could be wrong ( it would require a lot of testing to be sure ), but it seems to me if we had gone with a Harvard type architecture, were data and code are separated at the chip level we wouldn't be discussing this at all.
Perhaps it would be prudent to re-visit the past, in order to move into the future.
Not too many current chips do things this way, though the 8051 series comes to mind.
---- Booth was a patriot ----
It modifies itself in memory, not on the disk.
If you set a flag to keep it from doing so, as in setting the code section as read only, then the wrapper would not function.
Of course this means viruses could modify it in memory as well. But that's the price you pay.
GNOME is on a strict 6-month release cycle. At this time in 2006, we will have GNOME 3.4.
We will have a fully hardware accelerate display server.
OpenOffice.org will be complete integrated with both GTK+ and QT as native widget sets.
We will have a comprehensive .Net GNOME development environment.
We will have Perl 6, and we already have Python, both with bindings for native desktop development.
The GNOME desktop may be entirely SVG based.
GNOME will have Dashboard, already more promising than Longhorn's "sidebar".
Multiple mainstream distros will have incorporated a full SE Linux security model by default.
Anyone else care to add to the list? Every one of these things is at least as certain as are Longhorn's alleged features.
says that Microsoft is 'working with microprocessor companies, including Intel and AMD, to help Windows...support hardware-enforced data execute protection (also known as NX, or no execute)'
Marking pages as being executable or not has been a feature of many processor families for decades. It's generally a useful feature, but it is neither necessary nor sufficient for making opearting systems secure: after all, Linux, BSD, and Solaris manage to be much more secure than Windows running on the same processors.
This feature will prevent ligitimate apps from running in the following cases:
1) They attempt to write to pages marked as executable instructions (self modifying code, various buffer overruns/heap/stack corruption)
2) They attempt to run code in a page marked as data
Basically, the two patterns listed above are how almost all remote ownage occurs on a box. There are a few legitimate reasons why you'd want to have self modifying code (JIT compilers being the biggest) but they can be worked around. I'd be willing to bet the reason your software is having problems is because there are bugs in the code that do 1 or 2 which do not result in app crashes (or easily repro'd crashes anyway...).
It may not be much fun to fix bugs, but if you're a tester that is what you need to push your devs to do. However, given that most of your customers are probably not using Itanium or AMD64 processors, they won't be effected.
But, I'd think that finding and fixing problems of this sort would be pretty easy if you have a global exception handler that outputs a minidump as part of the exeption handling -- you can create a minidump that saves all of the app memory, the register contents, stack frame, etc. Basically, you can see exactly what the state of the machine was when the crash occured -- or, in even plainer english, you can see what line of code the crash occured on and what the value of every variable was when the crash occured (though if you have a multithreaded app, the other threads are still running before you start the minidump, so the data being modidified by other threads may be different than it was when the crash occured; that generally only matters when you've got a crash caused by cross-threading issues, and generally when you have one of those issues both threads crash so it's pretty easy to figure out what caused it).
In Longhorn "most everything" won't be sandboxed at all. Longhorn has to retain backward compatibility with most existing applications out there otherwise people won't upgrade to it. And if old applications work, then so will plenty of old malware.
Are there some "damn smart people working at Micosoft"? Well, yes, by the laws of averages there must be. But they haven't been nearly as smart as securing their OS as the Unix/Linux/OS X smart people.
First, no, you don't have the same problems any time you have multiple pieces of code using a s ahred library. If that was true it would be impossible to have OS level security at all, because the difference between an OS and a shared library isn't that great. The problem is the design of the MSHTML control, not the fact that it's shared code.
Second, the problem with the MSHTML control is preciusely that you *do* have 20 pieces of code doing the same thing: you have every single application using it re-implementing a bunch of security code to decide whether it's safe to pass a request on or not.
A better design would be to have three or four pieces of code doing different things: one to render HTML, one to perform requests for potentially unsafe objects, and one to perform requests for safe objects. That way a program would never be faced with the question of whether it should allow something... it could call the HTML renderer knowing that it would never escape its control by opening a browser window or accessing network objects behind its back.