EU And Microsoft Clash Over Vista Security

An anonymous reader wrote to mention coverage of further clashes between Microsoft and the EU, this time over security in Windows Vista. Microsoft is 'urging' the EU to allow all of the security elements of Vista to remain intact. The EU seems to be under the impression it's not asking for security to be lax; it just wants the software company to ensure a fair playing field for all businesses. From the Newsday article: "European Union officials warned Microsoft Corp. on Tuesday not to shut out rivals in the security software market as the company plans to launch its Windows Vista operating system with built-in protection from hackers and malicious programs. EU spokesman Jonathan Todd told reporters that the European Commission is "ready to give guidance to Microsoft" concerning Vista but added that it was up to the U.S. software maker 'to accept and implement its responsibilities as a near monopolist to ensure full compliance' with EU competition rules."

One Microsoft Way

[Doc+Ruby]

Microsoft spends most of its time producing new OS features in collaboration with other vendors. DRM, drivers, APIs all designed to make MS OSes work better with the rest of the products people will buy. That takes much longer, and more code, than the rest of the OS does.

But its "security" features are MS only. Of course that must be to protect the MS "near monopoly", always its #1 priority. Since the security market is neither very profitable nor already dominated by MS, I expect that their "security" also protects revealing other serious defects of the OS. Whether more monopoly protection, unnecessary security problems, or just bad coding. Therefore I don't see Microsoft opening those facilities for the EU before Vista is released, if ever.

Re:You don't see the problem.

[djaj]

And if the "whole infrastructure [is] extremely vulnerable," third-party applications will be created to shore it up.

What's the problem again?

Re:You don't see the problem.

[databyss]

--- Begin Sarcasm ---
Right!

We need to have the EU sue apple and linux producers too for destroying the anti-spyware market in their areas too!

We have to make sure that every OS is insecure so that other companies can profit!

--- End Sarcasm ---

Look, I'm no fan of Microsoft, (I figure I'll be wholly on linux by the time Vista comes out) but you can't force the company to make an (more?) insecure operating system so that security companies can make their dime.

I don't understand why all the dissention.

[DoctorDyna]

It seems as though Microsoft is / will have it's security products built into Vista, and will most likely build them into the TCP/IP stack at some level. Here is what most people seem to be ignoring here, and it's pretty simple.

As it always has been, you can choose to use or disable any part of any feature in Windows. As it sits now with RC1, you can enable / disable features at will. Wireless networking configuration is built into Windows XP, but as everybody here knows who has a wireless network device of some sort, upon driver / software installation, that application takes over the duties of the Windows feature, usually by default. I don't know why anybody would have a reason to think that this would be any different from having a firewall in the OS, which, at the request of the user (by way of installation) gets replaced by some other product. We'll leave the discussion about inferiority for another time.

People really should stop talking about a feature of Vista as if its sure to be some set in stone incumberance, and it most likely will not be.

Oh, but it's built into TCP/IP! Anybody here ever installed the Novell client in Windows? Ever see what it does to your network protocols? Microsoft has said time and time again that it is keeping with backwards compatibility, are we naive enough to think that this won't include clients, protocols, craptastic software firewalls and anti-virus-viruses? Not so much. For those of you that need to experience a Novell client install for yourselves, go ahead. It's uninstallable. http://download.novell.com/SummaryFree.jsp?buildid =l1o2uFAj23U~/

Re:Sounds like the EU wants it both ways

[InsaneGeek]

But is it in the best interest of the public to cripple the security of an OS because a market around bugs has cropped up? Is it in the best interest of the people to remove security out of a product so that they individuals will have to turn around and buy something? Seems pretty darn insane if you ask me.

Re:I think i know what the EU means...

[MooUK]

However, the major security companies have already found ways to hack round all this to make their products work - and if they can, so can malicious people. So what's the point in having it? It just makes the security companies have to spend more money, increasing the cost to the user in most cases. That's about it.

Re:The solution

[WhiteWolf666]

Let me quote some AppArmor literature. It's really vastly superior to Vista, in that AppArmor isn't a "hacked on" bandaid, but a fundamental hook into the lowest levels of the system; AppArmor has incredibly fine grained controls; and AppArmor is not terribly difficult to work with.

Security Through LSM: Linux Security Modules Interface
To achieve security (non-bypassability) mediation methods like AppArmor need to be inside the kernel. AppArmor originally was a kernel patch, but that imposes major problems for distribution and deployment, especially for enterprise users. To achieve kernel-grade security without requiring a kernel patch, Immunix Inc. (who developed AppArmor prior to Novell's acquisition) developed a feature for Linux 2.6 called LSM: Linux Security Modules interface. LSM provides a kernel API for modules that allows loadable modules to do effective access control mediation. Other participants in LSM development included the SELinux community, IBM, and assorted other open source community developers.
Mediation at layers other than the kernel, e.g. in libraries, leads to bypassability: if an attacker can induce arbitrary code execution in a confined application (e.g. buffer overflow) then they can cause the program to call the kernel directly instead of through the library, thus bypassing the mediation. Moreover, such mediation is best done deep inside the kernel, rather than by intercepting system calls
Transparancy Through Familiarity
To achieve transparency, AppArmor uses all-classical UNIX security semantics, but applies them to programs. An AppArmor policy specifies the set of POSIX.1e capabilities that a program can have, and specifies the set of files it can access. The POSIX.1e capabilities are specified by name. The files are specified by absolute path names, including embedding shell-syntax wild cards, followed by access modes (R, W, and X, with a bit of embellishment). So an AppArmor policy to confine ntpd (the network time protocol daemon) looks like this: /usr/sbin/ntpd {
#include
#include
#include
capability ipc_lock,
capability net_bind_service,
capability sys_time,
capability sys_chroot,
capability setuid, /etc/ntp.conf r, /etc/ntp/drift* rwl, /etc/ntp/keys r, /var/lib/ntp/drift rwl, /var/lib/ntp/var/run/ntp/ntpd.pid w, /var/lib/ntp/drift/ntp.drift r, /drift/ntp.drift rwl,
}
Keep in mind this stuff can be created from GUI.

From here, it would be relatively straightforward to hand-craft security policy for applications through a combination of expert knowledge and trial and error. However, that would be so tedious that the vast majority of developers and users would refuse to put in the work. To further improve transparency, AppArmor includes a "learning mode" to allow policy to be built by running the application and observing what it does. In learning mode, the rules are not actually enforced, but violations are logged, and process forking is tracked, so that the log of an application's execution builds up a characteristic description of the application's activities. AppArmor includes a log analysis program that scans the log, prompts the user with questions, and automatically creates a program profile. Learning mode and the log analyzer are also capable of incremental improvement of the profile if one already exists, but omits some necessary rules.

Application Security and System Security

An individual application can be secured using an individual profile, but how to secure a system? A vital question in securing any system is "against what threats?" We could profile all of the programs on the system, but that would be a lot of effort, and in most cases unnecessary. For instance, consider the network threat model: we wa

Re:Vista does do that..

[DaveWick79]

The underlying thought here is that some people think it is better that Windows not implement security features, based on that they would be in competition with products that provide those security features. This whole premise is absurd - to leave a necessary feature, especially a security feature, out of windows because it might step on someone else's toes.

What is Microsoft's other choice? Leave out security software and be roasted for leaving it out? What makes you think 3rd party vendors could provide security packages that are better than Microsoft's? You'd just end up with multiple patches and multiple serious problems down the road. What happens when Joe user installs patch 1 from Vendor A, then 6 months later switches to Vendor B and installs their patch 2? What a mess.

The comparison of MS Word being used because it comes bundled is not realistic at all. If Word is not bundled on a machine (which much of the time it is not unless the user specifically chooses to have it pre-installed), that user will still have to find a product to use and install it. How does that differ from having Word and not being happy with it - all he has to do is find a different product to use and install it.

I absolutely agree that I'd rather not have to use third party software to keep my system secure. If they indeed do a good job. As long as you have the option to turn the default built in tools off and install your tool of choice, I think MS has done their best job. They would be seriously amiss to just ignore the issue and count on the end user to implement their own software - much of the time it's not going to be done and the system will be left vulnerable.