Microsoft Drops Next-Generation Security Project [updated]

grooveFX points to this CRN article which starts "After a year of tackling the Windows security nightmare, Microsoft has killed its Next-Generation Secure Computing Base (NGSCB) project and later this year plans to detail a revised security plan for Longhorn, the next major version of Windows, company executives said..." grooveFX writes "Glad to see they actually listen to the gripes from the media and users." Update: 05/05 19:13 GMT by T : phil reed writes "Oops. According to this article on Microsoft Watch, Microsoft really isn't giving up on NGSCB (aka 'Palladium') after all. Microsoft spent much of Day 2 of its Windows Hardware Engineering Conference (WinHEC) here refuting a published report claiming the company has axed its Next Generation Secure Computing Base (NGSCB) security technology."

Ahead of its time

[l33t-gu3lph1t3]

Palladium was too ambitious. It's nice that they're atleast going with memory page protection.

Re:Ahead of its time

It's nice that they're at least going with memory page protection.

Heh. This seven years after Solar Designer released his no-exec stack patch for Linux 2.0

Re:Ahead of its time

[clem.dickey]

IIRC, Intel will only execute from the Code Segment. This has been true since the 8086. It's hard to fault Intel if certain OS's (Linux, and the current incarnations of Windows) map code, data, and stack to the same segment. :-)

Security != Trusted Computing?

[rburgess3]

So, what does this mean for 'Trusted Computing'?

Palladium

[Nexum]

Isn't NGSCB Palladium?

Surely this is pretty good news and indicates that MS might not be so able to force these kind of security measures on their custimers.

Although I imagine knowing Microsoft, the problems were at least as much technical than political, and they just gave up considering it to be "too hard and we can't be arsed", just like WinFS.

Re:Palladium

[VivianC]

Isn't NGSCB Palladium?

Yes it was. Bye bye Palladium! Can we all say thanks to Microsoft for getting rid of (or at least delaying and renaming) this crazy project? This could be the start of "Say something nice about Microsoft day!"

RTFA

[Dynedain]

This is Palladium, and it has not been "dropped", only shelved because it was too ambitious. They say they've invested too much on this not take advantage of it.

Re:A few suggestions

[NanoGator]

"1. Dump lots of features. While beta testing and what not irons out the performance bugs.. catching security bugs is another problem all together. The more code you have the intractable secuirty becomes"

Problem is, people (particularly Windows users) buy features before they buy security. Sad, but true. I've made a nice little freelance business out of it. Funny thing is, though, I haven't had to do a whole lotta worm fixing for them. If they're keeping up with their machine, then the value of being 'worm proof' goes down even further, thus making Microsoft sting from the lack of features driving their sales.

Does it suck? Sure. Real life is funny like that.

Re:A few suggestions

[Quarters]

You say to stop using buffer-over-run prone languages but then turn around and harp on .NET. Isn't the point of .NET and a managed language like C# to prevent things like buffer over-runs?

Possibly already too late

[ites]

We are getting to the stage where a fair chunk of PCs connected to the Internet are destined to die. It's reasonable to assume that MS has performed a kind of triage: - Home PCs are beyond the reach of any help. Whatever is done is already too late. Home PC users will have to migrate to Linux within 6-12 months or face working without the Internet. - SMEs can be protected with additional work. SMEs need better firewall security and better patching methods. - Most enterprise computing is safe as is. Many data centers will switch away from Windows for cost and reliability issues but the ones that can't will remain faithful Windows clients. So Microsoft has to concentrate on helping the people who can still be saved, namely SMEs that have several PCs behind a shared internet connection. Having seen three of my friends' PCs dead today from Sasser (MSIE rebooting without end, and no way to do anything else on the system), I'm rather sceptical that home computing can be saved.

Re:Possibly already too late

[Lispy]

The funny thing is that most users prefer to stick with Win98SE instead of upgrading since they were never hit by any RPC worms. That's what will kill Microsoft eventually. Users won't upgrade since they don't trust their new stuff. Okay, it's crystal clear to all /.ers that a Win98 box is a desaster waiting to happen, but in the users expirience, for example my girlfriends, it feels safe since whenever they hear about a worm it's all those Win2k/XP users that get all the fun. They will stick with their old boxes and hopefully move to another machine when their local Linuxguru is holding their hands (as I will with my girlfriend if she finally has the money for a new box).

Re:A few suggestions

[Chanc_Gorkon]

First off:

1. Dumping Features would break lots of stuff. I suggest that they don't ADD any more and fix what they got!

2. Um, gcc prevents this?? There's no language that prevents these types of things. Even if you write with a language that supposedly does not have Buffer Overflows, you still rely on other modules that were written in a language that does allow them ot happen.

3. UNIX and Linux both have 20 ways to do things as well. It's called choice. You choose the best for your situation. I think what you mean is that ActiveX components used on the web should never be allowed to stray out of the web sandbox nor should they be allowed to execute code. And another thing...the mail client should NEVER be allowed to execute code with out asking the user forty times!

MS throws out way to many OS's..

[Bgilly]

It takes a MMORPG or a simple PC game 3+ years to make, MS seems to throw out OS's every couple years, whats wrong with this picture? There is no need for Windows 2003, they should have secured 2000 and waited to build a solid secured OS say in like 2006.. MS needs to buck up, get with the program and stop wasting peoples time. just my 2 cents.

Um, no.

[abh]

- WinFS wasn't cancelled. It was scaled back so they could deliver what worked in a reasonable timeframe.

- Microsoft hasn't announced hardware specs. What you're referring to is what a bunch of watchdog folks are GUESSING will be the hardware specs.

- WinXP is much more stable than 2k. If you consider stability a "boring" enhancement, well, I bet you're in the minority.

maybe...

[INeededALogin]

Home PCs are beyond the reach of any help. Whatever is done is already too late. Home PC users will have to migrate to Linux within 6-12 months or face working without the Internet.

So, you are saying that these people who click these e-mail virus, run without virus scanning software and run their network wide open to the internet should migrate to linux.

Just what we need is a bunch of Linux users with a root password of "password" that never get updated or patched. As most people know, an exploited Linux machine is a lot more powerful than an exploited windows machine.

I understand your point of view, but I don't think Linux currently offers any advantages for these people.

It's time to tighten up C++

[Animats]

Stop using languages/tools that allow you have buffer overflows in code. That'll cut out 90% of critical updates in one swoop.

Yes. I've been trying to get the C++ committee to tighten up that language for years, with little success. It's time to get more serious about this, and apply pressure via ANSI (which is supposed to insure that standards are safe) and the Department of Homeland Security's National Cyber Security Division. Like it or not, we need to go to full subscript checking for anything that could possibly be exploited. The resulting 10-20% performance hit is minor compared to the costs of dealing with these attacks.

I've sent this to the C++ committee:

• After the damage caused by the Sasser worm, the latest in a long series of buffer overflow exploits, perhaps the designed-in lack of safety in C++ should be reconsidered.

  The Sasser worm exploits a buffer overflow in Microsoft's LSASS service, which is, apparently, written in C++.

  Perhaps more weight should be given by the Standards Committee to tightening up C++ and making it a safer language. The Committee has consistently rejected most suggestions which tighten up the language, usually on the grounds that they would impact existing code or prevent some dangerous but valid code from being used.

  It is now appropriate to ask ANSI, and the Department of Homeland Security's National Cyber Security Division, to reevaluate the C++ committee's priorities in the light of the documented and substantial damage caused by weak safety features of the language. Whether the committee should be permitted to promulgate unsafe technologies with ANSI approval must be seriously questioned at this point.

That will probably be ineffective. The appropriate forum will probably be Congressional hearings on computer security, which were threatened last year after the SOBIG virus, and are likely to happen this year.

So what about the palladium bios?

[Pranjal]

So what happens to the palladium bioses that the bios companies were building? Are they also going to be shelved?

Re:Next goal for Microsoft

Glad to see they actually listen to the gripes from the media and users

Um, they always listen to their ACTUAL users and purchasers. They just dont really give a shit about the media or the Slashdot habitual complainers (and rightfully so).

Microsoft has always been about creating products to fill a need, as well as giving requested features. The main reason Slashdotters dislike MS is because they go by actual psychological studies which are created by analysing the way people work (or dont, as the case often is). The /. crowd would rather have the very vocal minority dictate how features and changes are made, rather than have need or logic dictate. You know, kind of like the schizophrenic development methods Linux distros use.

As for security, that is just another area MS is going to *continue* to steadily improve in, until they eventually overtake everyone else. Win2003 is already more secure than most Linux distros, and its far more useful.

If you dont believe my security statement, just wander on over to securitytracker.com - there are more discovered flaws in the recent past with Linux than with Windows.

Comments

[Walrus99]

Didja notice that there were no comments on the story on the actual page, but that there is a whole bunch of threads going here. Looks like Slashdot has become the message board of choice. Either that or no one actually looked at the story before commenting here, naaa no one ever does that.

Re:Next goal for Microsoft

[spacecowboy420]

Oh, I see how you came up with that. So when a third party Windows only app comes up with a vulnerability, it isn't windows, completely seperate and is not a reflection on the os.

When a linux only thrid party peice of software comes up with a vulnerabilty, it is grouped with "Linux" and raises the total "Linux" vulnerabilities.

That's a fair assesment if you're paid well enough.

psst, your bias is showing

4 linux kernel vulnerabilities (this includes all kernel vulnerabilities and distro specific stuff)
3 Microsoft recent vulnerabilities (this is only software listed with "Microsoft" in the title.)

Hey you're right, until you start counting activeX and asp, exchange and other Microsoft produced software/features. This does not include the vulnerabilities in a 3rd party app that is vulnerable because of a flawed MS implementation. It also ignores the fact that Linux vulnerabilities are actually fixed and not ignored for years. Sorry bro, I still must call bullshit. You're taking things out of context and twisting facts to support your bias. Do you work the Bush administration?

Re:A few suggestions

[RzUpAnmsCwrds]

"2. Stop using languages/tools that allow you have buffer overflows in code. That'll cut out 90% of critical updates in one swoop."

XP SP2 is being compiled using a new C compiler which automatically generates code resistant to buffer overruns. It's not perfect, but it is a start.

Combined with the new firewall and NX protection (on AMD64 systems), XP SP2 should be far more secure than its predecessor.

Security vs Safety

[master_p]

Windows are secure. They are not safe, though. Security is different than safety.

Something is not safe when its maker has made mistakes that all third parties to use it.

Something is not secure when it is not guarded, i.e. there is no one to watch over it.

Microsoft should increase the safety of its products, i.e. remove all the bugs. They are secure, already. There is no unguarded place in Microsoft Windows NT/2000/XP (unlike its baby O/S).

Palladium has nothing to do with safety or security. It only has to do with copyrights, i.e. to prevend from unauthorized access to media.

I am surprised that Microsoft has not made a tool to grep the code for buffer overruns and other potential problems. With all the compiler technology they have, it would be very easy for them.

Re:Fuck those Bullshit moderations

[brendanoconnor]

I debated whether or not to respond to this post. Many of the things you pointed out are indeed true. Groupthink does tend to lead to this at one time or another.

*Copyright laws. I could possibly careless either way. GPL seems interesting enough. RIAA has the right to do what they are doing, the artists signed the contract. DO I like RIAA or dislike them? I don't think about it eitherway. I personally can't stand most music out these days except some of the new rock, and country. I mostly listen to metal, classical, and country that covers the past 40 years.

*VA Linux? I could possibly careless about them. I run slackware. Every time they release a stable version I buy it from their site. I like them.

*Your hang up over the GNU/Linux thing is rather silly. Not everyone here sees this as a religion. I personally think this stuff is great. Being legally free is great. Do I care if all software is opensource, or free as RMS would think? No not really, but hey, he can believe whatever he likes.

*"Linux is ready for the desktop" I think so yes. Do I think normal (read non-geeks) should run linux? Absolutely not. In fact I hope linux gets just enough market share on the desktop to convince Blizzard (yes i like them, no I don't care about their fights with bnetd) to make games, then stops. Whenever anything (computer or not) gets popular it starts to suck.

*I just installed win98 on a spare box so my girlfriend could play all her old games. I had all the drivers for the hardware, and I am using an onboard NIC. It took windows several tries to load this damn driver, where as in linux it was just reconized. So really, linux was EASIER in this case. Not all hardware works with all software. It's just a fact of life. Accept this, move on, stop b*tching.

*Not everyone here even remotely agrees with the majority of the posters here. Look at my post records. It's really low. I'm fairly sure that if their is a way to look up the average post per userid, you'd see most people do not post.

This might get modded down or not at all, but I just had to respond.

Brendan

P.S. If you do not like what Slashdot says anymore, your free to find a new place to frequent.

Re:Just and unjust security criciticism of Linux

You just ruined your own argument by mentioning ACLs. The complexity of ACLs is the reason behind the Windows "Everyone needs to run as an administrator".

ACLs are too complex for the users. They are too complex for the IT department. And they are too complex for software developers at big companies like Microsoft, resulting in even GAMES requring administrator.

Windows will not become secure until they adopt a simple (KISS) permission scheme, like the one Unix and Linux had for years.