Slashdot Mirror
Windows Vista still Rife with Insecure Code
osxpetition writes "As noted in a News.com article, Symantec researchers have been testing the latest Microsoft Windows Vista build (Beta 2), and have found that the code is 'complete with new corner cases and defects' in the networking component. Symantec describes how Microsoft scrapped the old networking stack code from Windows XP in favour of newer, rewritten code. 'Microsoft has removed a large body of tried and tested code and replaced it with freshly written code.' Since January 2002, Microsoft has put a stronger emphasis on protecting PCs by attempting to implement stable, secure code into Windows XP and their new operating system. This latest report from Symantec brings attention to Microsoft's trustworthy computing campaign, and shows how it will be a long way before it is ready for the mainstream."
Considering that they even have legislation to require wiretappable telecom infrastructure, I wouldn't be surprised.
In fact, I think it's the only way to explain how many security bugs are in Windows. Don't buy the excuse of it taking a lot of resources -- Microsoft has a *LOT* of resources including billions of dollars in the bank; and the OpenBSD group have a near perfect track record with a better performing OS with a budget thousands of times smaller than what Microsoft pays as dividends to shareholders.
If they wanted to fix their security problems, they could and OpenBSD is proof of that. The fact that instead they pay out dividents to shareholders (which is what a company does when it can't think of a better use for the money) means that they have some reason not to want to fix the problems.
Clearly it's not a marketing decision - it's bad press every time another one of these backdoors is exposed -- and it's not a feature corporate customeres want -- so it most likely is a policy decision with governments.
How is a shatter attack a configuration error? Any application can send a windowing message to any other.
The security model is built on "window stations" -- If you put a privileged window into an unprivileged window station, then you have made a configuration error. Period.
The author of the paper stated that *nix/X11 is just as vulnerable to these types of attacks, BTW, so *nix is just as irrevocably mis-designed as Windows. The only difference is that *nix programmers are smart enough not to write interactive software that runs as root.
Whenever I hear the word 'Innovation', I reach for my pistol.
This "shatter attack" has been known about and acknolwedge for MANY YEARS. (Long before the 2002 paper cited in this thread.) Every once in a while people will bring it up as proof that Windows has design flaws.
This was a design decision with known trade-offs. Attaching security tokens to window messages would result in MAJOR overhead that would, even on today's beefy hardware, kill performance. Having to do a permissions check every time the mouse is moved is not feasible.
So Microsoft decided that they would rely on "best practices" information as apposed to enforced security in the OS to prevent "shatter attacks". The best practices are pretty simple: If your service/application is running with elevated permissions (such as SYSTEM), do not display a GUI on a desktop owned by a lower privledged user.
There have been examples of applications, in particular some poorly written anti-virus applications, that liked to display GUIs to the user despite the fact they were running as SYSTEM. For the most part, however, very few major applications exist today that have this issue.
Applications that run with high privs that need to display a GUI typically launch their GUI with the privs of the user, or display the GUI on a secure desktop. (Like Winlogon.exe.)
This is really a non-issue and hasn't been for a very long time. Please, ignore the FUD.
In fact, I think it's the only way to explain how many security bugs are in Windows.
I think you perhaps need to take some lessons in critical thinking. This is the equivelent of saying, "The only reason auto-manufactuers put problems into cars so they have to recall them is because the government makes them, which is why Japanese cars are better than American cars."
Large monolithioc systems are inherently more complex that smaller componant built systems. (Although those have problems too along the boundary interfaces.) Auto-makers put lots of time and money into making a car that A) doesn't fall apart and B) doesn't require a multi-billion dollar recall effort. Microsoft puts lots of time and money into trying to make their software more secure.
On the whole, I'd say the auto companies do a better job. :-) Thowing money at a problem very rarely solves the problem. The need to have an understanding of the problem, and how to fix the underlying problem is vital. I think that is where Microsoft fails. The systems they have in place (from what I hear) are more frustrating to the engineers than helpful.
I also have problems believing MS engineers are really motivated these days. Many of Microsoft's security issues have stemmed from their own code interactions which they implemented as deliberate features. Many more have been from sloppy programming (such as buffer overruns).
Trying to blame MS security issues on government mandated back doors smacks of plain political diatribe with a nice glossy veneer of ignorance on the top to give it a nice sheen.
I am not a resource! I am a free man!
There are a myriad companies that Microsoft has bought, then put to good use. Some were then thrown off a cliff (like McAfee does/did with Network General and OilChange) while others made them smarter. They need the brains. And they need a new authentication methodology, a new networking stack, and a new registry protection mechanism not made of tissue paper. That doesn't mean they'll get it. So many people have blown up Vista (yes, I know it's not RC+ yet) that Microsoft must be rattled to their very core (yes, Bill-- you, you crummy half-assed programmer) before they'll believe their customers. It's a classic case of Sales Department Rules (Ballmer) and everything else drools. Hit the sales department in the wallet, and things change. Look for a big change from Microsoft soon when they report that XP sales are down and that Windows 2003 server's recent sales peak has now hit the skids, and the X360's are costing a fortune. Mark these words.
---- Teach Peace. It's Cheaper Than War.
From the October 2000 MSDN magazine, "Windows Sockets 2.0: Write Scalable Winsock Apps Using Completion Ports" Ironically, it's TDI that's being replaced for something more sockets-like.
I think this is yet another example of Microsoft not understanding code that was previously written by someone no longer available, causing the new developers to misunderstand the original design, who then feel the only option is a rewrite. I've yet to hear any technical comparisons between TDI and "Next Generation TCP/IP", showing how the TDI architecture could never do those things. I bet TDI can support these new features with some new code, but it just wouldn't be as glamorus that way.
To adapt an old saying about LISP and UNIX, "Those who fail to understand NT are doomed to reimplement it. Poorly"