Slashdot Mirror
64-Bit Vista Kernel Will Be a "Black Box"
ryanskev writes with news from RSA Europe, where a Microsoft VP spoke bluntly about the lock-down that will apply to 64-bit Vista. From the article: "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." While Microsoft has seemed to be making some concessions to the likes of Symantec and McAfee, considerable doubt remains as to their ultimate future.
Sounds like the right approach to me. We will soon find out whether Symantec and McAfee are helping or hindering security.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I know this isn't PC to say on Slashdot.. but MS shouldn't allow undocumented hooks to the kernel. Instead they should provide an API for that.
What's the difference between the 32 bit and 64 bit kernel? And what does a 'tabernacle of security' mean?
I don't think there's a significant difference in DRM hardware between 32bit and 64bit systems. Why make the distinction? If they're going to secure Windows - why not secure Windows?
Microsoft executive clarifies recent market confusion about Vista Security
Am I the only one who read the line "Making concessions to Symantec and McAffee," and the first concessions that popped into my mind were "Just a little security hole here, buffer overflow there, ect."
I'm no fan of MS, especially when it comes to their horrible security track record. However, if they really can manage to get it right (or even significantly better) in Vista, they shouldn't be going and making concessions to the people who've been making a living off the things that were broken in their last OS.
Microsoft wants to be responsible for its own security - more importantly, Microsoft wants to reap the financial rewards for becoming responsible for its own security. The personal home user will end up paying a bit more for lack of competition in security software, which won't matter to Microsoft - the real market is corporate sales.
/Yes, I went there.
[Fuck Beta]
o0t!
Others have tried this before. Never works. Unless it uses trusted hardware, it can allways be run in emulation to facilitate analysis.
If it uses trusted hardware, then it will have other serious problems, like making virtualisation hard or impossible, something that could make it fail entirely in the market.
This tough act is just a smokescreen for something else. Hmmm. Do they think they could get around some (e.g. EU) interoperability requirements that way?
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Isn't this just another variation of security by obscurity?
Which everyone by now should have learned does *not* work.
Don't open it! Remember what happened to Pandora!
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Somebody mod that post informative. It actually answered my question!
Microsoft also warned 32-Bit users to be careful, because if you run the 32-Bit version, you're screwed
what does a 'tabernacle of security' mean?
Only the priesthood and those among the flock that they approve are allowed in.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Isn't this just another variation of security by obscurity? Which everyone by now should have learned does *not* work.
Actually it does work. Where people go wrong is using it as their sole security measure. In concert with various other good practices obscurity is good.
Yeah, and no-one really needs more than 640k of ram.
How we know is more important than what we know.
Engineering is the art of compromise.
I'm running some applications (logic synthesis) that need a few gigabytes of RAM. It's really nice to be address that linearly instead of stuff like highmem.
So, it's not about the integers, it's about the pointers (logically).
In the past, the church tightly controlled access to religious texts. Of course such suppression can not live forever. ... someone please finish this post.
:-)
Of course such suppression can not live forever, but if the information being protect has a short enough lifespan/relevance then suppression works. The "freeing" of the information being merely academic rather than effective.
Hey, one vague tangent deserves another.
Given that Joe Public no longer believes MS has control over security, they need to build some new mental images to sell. 64-bit black boxes sound pretty solid.
Engineering is the art of compromise.
Maybe so but if you're trying to imply that was Bill Gates who said that, sorry to tell you it's an urban myth.
0x09F911029D74E35BD84156C5635688C0
TIA!
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
If it will stop crapware like StarForce and the Sony rootkit from sneaking extra drivers in, bring on the kibosh. People who want to tinker can use one of the fine Open Source operating system kernels that run on 64-bit Intel machines. Those that just want to play games or run Office can feel a little bit safer from malware.
Sorry Symantec, but after dealing with the disaster that is Norton Internet Security, I won't shed a tear when I read that you've filed for Chapter 7.
0 1 - just my two bits
Will not go very well, at least in beginning. This enhanced security won't sell it. There won't be drivers for some existing stuff ever. Seems that MS wants to push this version and keep 32-bit as legacy, but in the end when end user can't make it work as well as 32-bit, it is just going to slip and create confusion. In long run it may pay off, when systems and components are designed for 64-bit, until then, 32-bit will be preference. I wonder if any of corporate users are going to put 64-bit on employeees workstations in upcoming months -it seems as a big risk without much gain.
..to release a 32-bit version of Vista?
Every week, I hear about a new thing that will "only be in 64-bit Vista". First it was HDTV content only on 64-bit for DRM reasons. Now, we're hearing the reasoning that Windows will be more secure if we don't let third parties in the kernel. Fine, whatever. If we were to assume that makes it more secure, then so be it.
But why bother to release an inferior 32-bit version? Under the presumption that closing the 64-bit kernel off will make things better, why not use the same strict security policies in 32-bit? Surely, there can't be any technical reason for all of this. It's all marketing, right? ("Microsoft recommends a 64-bit PC.")
Or is there some real reason why it feels like 32-bit Vista and 64-bit Vista are two entirely different operating systems?
Joanna Rutkowska gave a talk about this at Blackhat. Take a program in usermode but with administrative privileges, force the kernel to get paged out, edit the pagefile.
In a recent blog entry, Rutkowska criticizes Microsoft's response to the pagefile attack. Boiled down, it amounts to the problem that as long as a disk utility can run, someone can still edit the pagefile. Her preferred fixes would have been encrypting the pagefile or simply not swapping the kernel. NetBSD's Elad Efrat suggested simply hashing the kernel for integrity checking.
For 32-bit versions of Vista, it'll be mostly as you were on security
Translation: You're screwed! Upgrade to 64 bit ASAP (P.S. some of your software won't work)
Defender has already become the most popular download ever from Microsoft
If I was MS, I certainly wouldn't brag about anti-malware being the most popular application.
referring to third parties being able to patch 64 bit Vista - "It's just not the way the box was designed...we're putting a stop to that."
Great. What happens when MS doesn't quickly put out a patch... no choice on using the good samaritan patches anymore, you just have to sit and twiddle your thumbs.
referring to ever being able to secure 32 bit Windows - "That train has left the station."
I think it's more like the Windows train has left the station. Why bother to convert to 64 bit Windows? Switch to something else as soon as possible.
I think the crux of debate will be what MS considers its own high priests. If that means MS security products that compete with Symantec and McAfee, then the two vendors have a legitimate gripe that MS is using its monopoly power to lock them out. MS has said that its security products will not have access to undocumented APIs, but how much do you trust MS at their word? I don't trust them that much because I think MS still plays dirty. As recently as the Burst lawsuit in 2004, you can still see MS is refusing not only play fair but abide by court orders: Both parties were told to disclose emails as part of discovery. Burst.net discovered that not only did MS destroy emails but it was the policy of a multi-billion dollar company not to retain any emails over 30 days. And Burst listed out the many ways the company actively followed this policy.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Actually, I was trying to imply that the dude I replied to was being short sighted.. I didn't say anything about Bill Gates (and typically don't).
How we know is more important than what we know.
...and they all lived happily ever after...The End
I'd rather have a bottle in front of me than a frontal lobotomy
Correct me if I'm wrong, this lockdown only applies to the 64-bit versionof Vista, and that in the 64-bit version of XP the kernel is locked down in a similar fashion? If so, I don't see why Symantec and Mcaffe are making such a fuss?
Furthermore, 64-bit vista looks like it will have the same enterprise level demographic (db/web servers and such). So it's not like Symantec's core business is being threatened. It looks like they're just playing this up so for the EC to leverage over MSFT.
Now even Microsoft is catering to the right wing religous fanatics.
Have you considered partitioning that synthesis process? Then again, the partitioning problem is also NP :P
everyone got it all wrong
the os isn't a black box, the os needs a black box
you know, for when it crashes
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
No-one would just give away the recipe to the Kernel's Secret Source
I wonder if the "holy of holies" reference is a deliberate evocation of "The Cathedral and the Bazaar"? http://en.wikipedia.org/wiki/The_Cathedral_and_the _Bazaar
The Cathedral and the Bazaar is an extended essay that says that the proprietary development model (the cathedral) cannot compete with the open source model (the bazaar). The reason is not price, it is quality. Because of the number of eyes available to look at open source code, it will be less buggy than its proprietary cousin.
Given the delays in the introduction of Vista, I would say there is some evidence that ESR (Eric S. Raymond the author of CatB) is right.
> with the kernel as the holy of holies,
Am I the only one who read that as,
"The kernel will be the holiest of holy kernels in history, spouting more holes per square inch than any preceding set of kernel holes in history."
Something tells me he used a bad phrase.
help me i've cloned myself and can't remember which one I am
Unfortunately, I don't have certain FPGA vendor's synthesis tool source code, and - in any case - I don't want to spend the rest of my life editing it. I'd rather have my Verilog fun than this :)
Moving around zeros doesn't really cost as much, as long as the value is constant (no dynamic power on those wires). Increased area consumption is related to leakage power, which is not as critical on SOI process as it is on bulk.
As to using 48-bit values - have you actually considered the implication of either wasting 25% of memory, or having a natural alignment not being a power of 2? All those cute divide-by-3 circuits everywhere...
They are making a fuss because their livelihood is on the line. Not necessarily because they are right.
The Internet is full. Go Away!!!
...the more they stay the same.
"...where only its own high priests of security may venture."
The concept of 'programmer priest' came about when mainframes ruled. You were not allowed direct access to your data. You had to present your request to the men in white lab coats and wait for the proper circumstances to occur before, even frequently if, you were deemed worthy of receiving an 'output'.
Today, we continue to hear the phrase 'information wants to be free'. MS, having yet again painting itself into a business model corner, simply shows it hasn't learned how to play nice outside the sacred shelter of the priests private club.
DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! *gasp!* DEVELOPERS! *cough cough cough* *gaaaaaasp cough* can't... breath... must.... go on....
Never monkey with another monkey's monkey.
Heh, When I read it, my brain said "Lets hope the "high priests" are in the "tabernacle" when it gets ransacked." 3rd party antivirus programs have been the only thing preventing total internet meltdown for years. Because A/V is what they do, they have incentive to do a good job. It's their business. Microsoft hasn't been in that business, really, until now. The first time some cracker says, "I love you, Melissa!" I'll be laughing my ass off, happily using Linux.
Drop me a line at:
Key ID: 0x54D1D809
They Have To keep that a secret... ;)
The lyf so short, the craft so long to lerne
I'll go search for the golden tablets right now!!!
I run open office and play doom3/EnemyTerritory all the time...
What's your point? Oh you mean I can't play "office" and run the random assortment of last years games with the same graphics... I got a PS2 and xbox for that. Actually I spend more time playing NES games on my GBA then anything else...
I guess I'm more productive and resourceful than you is all...
Tom
Someday, I'll have a real sig.
Dear Slashdot:
I recently purchased a new computer with Windows Vista installed, and I'm having problems switching over to Debian Linux. I've opened up the case and looked everywhere, even inside the power supply, but I can't find any black boxes inside. I know it's there, Microsoft keeps talking about it, but I'm having the darnedest time locating it. Where is it and how do I disconnect it?
Correct me if I'm wrong, but I was always under the impression that the NT kernel and its later variants was actually put together quite well with the input of the ex-VMS team, and that everything Microsoft dumped on top of it was the primary weak point in the OS.
You can bet this is going to make life very hard for the folks like VLC or anyone who wants to do something clever with the audio system. Wonder how they are going to push it, however? Sure, they can go for attrition, and make sure all new machines come with Vista, but there are a lot of Win32 machines out there that have more than enough CPU. There were some big jumps from the 200mhz-600mhz range, but now with 2-3ghz more or less normal and no 'got to have it' devices like USB3 this is going to be a tough sell. Heck, even with DirectX 10 being reserved for Vista, game publishers would be suicide to go after that market for a couple years. While it might give a few more FPS, you can bet the vice-like grip on hardware will doom any of the older games from running on the system... I mean, heck, if you could access the video, you might just try to display content without the secret hardware handshake.
+++ UGUCAUCGUAUUUCU
This makes me think of Kid-Proof caps. Only the kids will be able to open the cap to get into the kernel. Users who want to install legit stuff, forget it.
Security through obscurity? I think not.
Skiffy is Spiffy, but Ort is tort.
Meaning that the kernel itself will actually be a port of OpenBSD, but (shhh) don't tell anyone.
It must have been something you assimilated. . . .
Ya know, this is why I hate Microsoft. There they go, using buzzwords like "black box". I guess the old-school word "log" was just too common for them... oh...wait...never mind...
Actually, their metaphor is making me think Aztec/Inca monuments and sacrificial altars with blood and human hearts... After all, it is Microsoft. Or perhaps I'm thinkin' Arby's.
Oh yes, I went there and there.
It must have been something you assimilated. . . .
Meant real games like World of Warcrap or Everquest or KOTOR... you know, stuff linux can't handle. Doom/ET is so old...
Anyways, I *do* have a 64 bit OS that can handle it and MS word and the engineering work I do... WinXP 64 bit... works wonderfully.
But, what happens if a hacker sacrifices a spotless bull and two perfect rams and then attempts to hack the kernel while wearing the appropriate ephod and bejewelled chestpiece? Will the glory of the LORD Gates that dwells within the kernel strike him dead, or will the false priest be allowed full access to my OS?
And what if I don't have enough faith in this OS? Will it still run?
What if I commit adultery against the LORD Gates by dual booting Linux?
What if my wife touches the computer while she is unclean?
(oh, the possibility for jokes is endless)
Modern copyright is theft of culture from everyone and it retards the progress of the useful arts and sciences.
So is all we need is a Nebuchadnezzar to burn down the temple?
And there are thousands of Philistines, including some very 1337 H4x0r5, at the gates
It's "Mac", not "MAC". MAC is an acronym: Media Access Control [address]. Mac is short for Macintosh.
And Apple makes most of its money from selling hardware, so I sincerely doubt they'll drop that and try to squeeze money out of selling an operating system exclusively.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
Black dosn't go with my sheets.
The kernel has a reputation for being not particularly bad.
The reason the kernel is an issue, is that the new "threat" against Windows security is the owner/administrator of the machine. Microsoft needs to try to implement DRM, in order to get into bed with the media companies and sell music and Zunes to play it. You can't implement DRM if the user can patch the kernel to work around the DRM. Thus, they're going to try to prevent end-users from having the capacity to modify this behavior of their own computer.
The "security companies" are taking collateral damage from this, because their applications have to intercept all reads/writes (to files, the network, whatever) in order to scan all data against a blacklist of known malware in order to try to protect the comically fragile userspace. This scanning is implemented through kernel patches, I guess.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
I can't help but disagree. XP has a firewall built in. Windows 2000 did not. Are personal home use"rs paying a bit more for lack of competition" in firewall software? I'm actually saving money because I cancelled my zone alarm subscription.
Linux can handle the games just fine. Just they don't write portable games [mostly because the assclown developers who write these games couldn't care less, which is there perogative I guess...].
... my point of posting was to reassure people that Vista is not the only 64-bit OS. That there REALLY IS choice and that if people just open their eyes they can take back what little precious control they really have over how they use technology...
I don't measure the quality of my OS by which badly written games can run on it. I can get real work done with UNIX[-like] tools that have real power behind them. "cmd.exe"? I think not...
To each their own
Tom
Someday, I'll have a real sig.
So, if your writing (alpha) drivers for a new piece of hardware, how do you get them into the kernel to test them? Do you have to get MS to approve your H/W as pretty enough to make it in to Vista first?
Honestly, I would rather have a late patch from MS, then a rootkit from Sony. 99% of users are not hackers. They will click and istall anything. At least now they will not be able to install a rootkit easily - so there will be one company to be kept accountable. Better Microsoft then RIAA.
<^>_<(ô ô)>_<^>
1)the amount of register space literally doubles. Optimized properly, that can go a long ways.
2)simpler memory model: 52 physical bits for physical RAM (don't believe me, look at http://www.amd.com/us-en/Processors/DevelopWithAMD /0,,30_2252_869_875%5E7044,00.html) and 64 bits of virtual addressing space. No segments, just a flat memory model.
3) removal of the old priveledge system and intro of a new user/kernel page allocation scheme to simplify the memory model.
4)Direct addressing of a very large amount of ram directly accessible.
Those are just some of the advantages. if you want to look them up in detail, go look at the link that I have given in this post to the AMD64 manuals.
64bit Windows will see deployment in the server room on corporate data centers. In this area security is secondary to audit compliance. Server ops will turn on the default Win64 kernel security and it will do whatever it does. Auditors will check the AV box and move on to the next server. Everyone is happy. Server ops has one less thing to do and auditors have an easier job of auditing. I know that's cynical but that's how it works.
Let's remember that the reason Windows is in the server room in the first place is because MS sold it on the premise that's easier to run. Not faster, not with less hardware, not even with fewer people but with a lower skill set. Cheaper. So embedded security is not about security, it's about skill sets. Set it, forget it, hope for the best. If it smashes on the rocks then everyone did their best anyway and no one can be held accountable.
I think the big issue/deal is that the number of main stream boxes that support x86-64 is just increasing. Also, the pick-up on Vista will probably be largely new boxes because of the questions of hardware requirements and cost of a new box versus time and expense to open and upgrade a current box (especially in the corporate world).
XP 64 is more of an oddity than anything else. The question will be what percentage of home users will have a 64-bit version of Windows shipping on their new boxes.
--- I wish I could hear the soundtrack to my life. That way I'd know when to duck.
Can this be disabled? Not after the system boots but with some boot option, much as SELinux can be disabled. It is relatively trivial to provide a boot option to disable this that can not be circumvented once the system boots. In doing this, you would ensure the average user only uses signed quality drivers while enabling a developer to write drivers if they need to. If this can't be disabled it this would just be one more reason to use Linux/BSD's.
This use of cryptography is a good thing if the user is given the final say. Otherwise its downright tyrannical.
If Microsoft actually had a microkernel (and NT 3.51 was close), this would be reasonable. At NT 4, a vast amount of crap from Windows 95 was put in the NT kernel for "compatibility", which is how we got to the mess we have today.
QNX has a closed microkenel. It does timers, memory management, CPU dispatching, and interprocess communication. That's it. All drivers, networking, file systems, etc. are outside the kernel as user processes. Nothing other than the stock kernel runs in kernel space. So the kernel changes very little over the years, leading to very good reliability. (It can even be put in ROM, and often is on embedded systems). Sometimes system components outside the kernel break; they crash, an ordinary process core dump is taken, and it can be examined in an ordinary debugger. Drivers are such components. So there's a clear separation between the stuff you don't need to change, and the stuff you might want to change. Even driver developers don't need to see inside the kernel; interaction with the kernel is through the regular user program APIs, with a few extra calls for privileged drivers allowed to map physical memory and access device hardware. Much the same is true of IBM's VM. So this can be done right.
But with Microsoft's bloated kernel, locking down the kernel has much stronger implications. Many functions are in the kernel because Microsoft wants to control them. Far more is there for legacy reasons. (My favorite is the decompresser for .RLE images, which has an exploitable bug.) There's also too much in there because it seems to be needed during the boot process. (One big lesson of OS design: use a boot loader that lets you load both the kernel and various support programs and libraries before the kernel starts. This reduces the temptation to put everything needed at startup in the kernel. Linux now has this, but got it late, so too much went into the Linux kernel too.)
Another issue is the DRM problem, or how to protect DRM code without putting it in the kernel. Microsoft doesn't seem to have a good solution for that. The right answer is probably rings of protection, like Multics or VMS, but Microsoft didn't go that route.
Alpha supported 4 privilege modes
Sorry to contradict you, but the DEC Alpha supported 4 privilege modes, and they were used extensively by OpenVMS; it would not have been possible to port VMS to the Alpha architecture without them:
o User mode - User programs, compilers, editors, linkers, etc.
o Supervisor mode - Command language interpreters
o Executive mode - Privilege management
o Kernel mode - The kernel
These are primarily used to protect stack regions so that, for example, the system can call ASTs back in user space on completion of system calls. See the "OpenVMS HACK FAQ" for more information on why stack smashing attacks don't result in escalated privilege on OpenVMS.
-- Terry
There is only money to lose if they actually had a legitimate security model built-in from the kernel upward.
You are clueless.
This does not mean you can't mess with the kernel. It just means you can't mess with the kernel on a normal, production, system. To quote MS:
"...patch protection is automatically disabled when a kernel debugger is attached to the system. This allows the kernel to be patched during a debugging session, for example, to enable setting breakpoints during the development, test, and diagnostic phase of kernel software development."
So you are free to screw with the kernel all you like if you want to debug it. Go ahead, attach kd and play around, have fun. However you just can't have an app that makes modifications to it that is then distributed to people.
Also as far as I can tell this applies only to messing with the kernel memory itself, not to kernel mode. MS isn't saying nothing else can run in kernel mode (Ring 0), they are just saying you can't modify the kernel itself. For example you can't modify the interrupt table to have your interrupt code execute instead of the normal stuff.
I reserve judgement at this point until Vista is rolled out (since it could be different), but I have used XP 64-bit and I saw nothing that wouldn't function. My hardware worked, my virus scanner (AVG) worked, my software (32 and 64-bit) worked. Basically to me it sounds like Symantec and Mcafee do things the wrong way, and mess with things they really shouldn't, and AVG, KAspersky and so on do things the right way, and thus don't have problems.
Microsoft has been attempting to deploy an architecture like this for some time. Check out Microsoft's NGSCB/Paladium/TCPA initiatives (http://en.wikipedia.org/wiki/Palladium_operating_ system). This is a paper tiger without the special hardware. In a few years a push will be made to get people to adopt the hardware. It will be interesting to see how they sell it.
Kanga: That's not a fish, that's a bird.
Pooh: Yes, but is it a starling or a mackeral?
VLC is entirely user mode (Ring 3) software, you know that right? It runs just fine on XP 64-bit, which also has this. This only affects things that run in kernel mode (Ring 0) and more specifically only things that want to modify the Windows kernel memory itself. This is of no concern to VLC, it does all it's processing in user space and just hands the video output to Windows via documented APIs. The only change VLC will need to make for Vista is in relation to the video overlay. Many video players use the video overlay layer to render their output. Problem is that's mutually exclusive with Vista's new shiny UI. It still works, but Vista shuts the UI off while it's going on. However there's a new method of doing it (I don't know the details) that works just fine with the shiny UI.
This really affects only a very small subset of things. Any app that doesn't have a kernel mode component won't know the difference (and that's most of them). If your app DOES have a kernel mode component, well you are rewriting it to some extent anyhow since 32-bit code can't run in the 64-bit kernel space. The 32-bit compatibility applies only to user mode stuff. Thus you find things like AVG which has it's kernel component made for 64-bit, but the UI still 32-bit since that runs fine in the WoW64 emulator.
It doesn't rhyme, but "depending on indefensible secrets" is a clearer way to put it.
...).
Defensible secrets, more or less: my PGP passphrase, Microsoft's driver signing key. Combination to your safe.
Indefensible secrets: how the Enigma machine is wired, any Social Security number, your product's undisclosed security holes. Mechanics of your safe.
"Defense" can include the ability to make changes. A secret that is quick to change, e.g. a password, is a safer foundation than a secret that is impractical to change (how the Enigma machine is wired, any Social Security number
Viewed that way, it's easy to see that locking a kernel against unsigned extensions (KEXTs, LKMs, or drivers depending on your religion) has nothing to do with "security by obscurity".
http://www.microsoft.com/whdc/system/platform/64bi t/kmsigning.mspx
There's 4 ways to sign your bits for kernel mode running on x64- all the way from making your own test cert and booting windows in a test mode to getting a commercial CA to sign with.
So lets just say that microsoft really locks this thing down, lets say IE stops being a malware client and well, maybe pigs fly.
but when you wake up in the morning you still are using Windows
and 'on the internet, no one knows you're running Windows NT', wasn't true then either.
However, because of the architecture of the Windows input device framework, input device drivers do need to run in kernel mode and thus must be signed on 64-bit versions of Windows Vista OS. From FAQ: User-Mode Device Framework:
This has nasty implications for hobbyists who design custom assistive input devices for people with disabilities, as many cannot afford the $500 annual fee (plus whatever the state charge to establish and maintain a corporation) to get a VeriSign code signing certificate. Should such hobbyists band together and form a charity to administer code signing?
Mine doesn't, but some other computers run LinuxBIOS, including the laptop computers that will be distributed to children in developing countries.
What else is driver signing?
Is there a setting in XP to limit what other profiles can access? Sites and applications? Limited accounts are still able to install applications etc...
If the NSA were a good example of an organization using security through obscurity well, you would have no idea how secure their systems actually were. No, something isn't right here...
Microsoft are already feeling the pain from Linux and OS/X. It seems that they're getting more radical not less in response, what with all the DRM and crappy performance and other limitations vista has over XP, now this.
It make me wonder just how anti-user Microsoft can afford to get before people just say 'no more'. I don't even know who their target market for vista will be. I mean, home users won't want vista because of all the DRM and the fact that min. spec is too high for the average 3 or 4 year old home dell box. As for businesses, vista has a new-look gui and some extra bloatware, but doesn't really bring anything tangible to the table that would cause companies to want to upgrade all their workstations to vista min. spec. and switch over either.
I guess its just down to the fact that you'll get vista installed by default whether you want it or not when you buy a dell or something.
"I'm not sure why it is you want to believe that Microsoft will "fix" anything.
They haven't and they won't. Ever."
Hmmm. How about every single OS and systems improvement over the past 5-10 years? Every version of the OS since NT4 being radically improved? Abandoning the 9x lines due to them being completely broken? Finally taking a first step at cleaning up the RPC mess in xpsp2, continuing into Vista? Hundreds of patches a year? Going from IIS4 and IIS5 which were wide open, defaulted to everything on, and being a horrible mess, to IIS6 and 7 which are minimal on install, very well locked down, and having nearly zero security holes? How about in Vista moving a large segment of hardware and driver code out of the kernel into userspace to improve reliability?
Now granted, I couldnt come up with very many here in the 30 seconds I spent thinking about it.
"There is only money to lose if they actually had a legitimate security model built-in from the kernel upward."
This is a pretty out-there statement, care to elaborate or explain? And what is it about their current security model that is illegitimate? Process separation, mandatory security roles, and a robust ACL system is pretty standard stuff in secure designs/models.
"Like every monopoly ever studied, they are destroying wealth (long and boring explanation), putting out an inferior product and making you pay extra for it."
Well, there is quite a bit of successful competition in the space they supposedly have a monopoly in. There's Apple, which sells competitive products that are at or above the MS price point. They're not doing too badly and are making strong inroads (albeit into a niche market). And dont forget Linux on the desktop, which is free and Free. They've had some moderate success.
How exactly are they 'making you pay extra for it'?
"Why do you believe after 95/ME/XP "security" they will do anything to improve when there's absolutely no evidence to support this belief?"
I think your statement shows pretty clearly what the evidence is to support this belief. Look at the difference in security, reliability and manageability between 9x and XP. It's like night and day, with XP and the NT kernel line having made massive improvements.
For those of you who don't speak "Microsoft"... "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." roughly translates to "It will have a password."
Actually, the statement you "quoted" (whoever allegedly said it, urban myth or not), wasn't really shortsighted. "no-one really needs more than 640k of ram" was true at the time that it was (allegedly) said.
-- "I never gave these stories much credence." - HAL 9000
I think this is stupid. Security trough obscurity... again?... I do think the crackers are mostly assemblers coders that dont need the manual or the c++ source code. So the bad guys will know the internals of the kernel anyway, and If this obscurity is to hidden bad practices, this will harm anyway.
-Woof woof woof!
They know that the only way to win is to use mathematics, because it simply does not matter how smart you are.
Melissa
"Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
And then quite quickly became untrue. That's pretty-much the definition of short-sighted in that context - unable to see beyond the immediate situation.
It's official. Most of you are morons.
Sadly, this isn't slashdot-speciffic, but a general tendency of most people. People tend to not juggle too many variables about someone or something. ("John is a great coder, but he's an asshole, he's too introverted to manage a team well, and he's an average driver, and...") Even if they acknowledge such things as different factors, the subconscious tendency is to take the overall impression and apply it to everything. So if they like John a lot, they'll tend to view everything about him in that positive light. ("John is a great coder, and refreshingly frank and honest in dealing with people, even if that annoys some, has a refreshing hands-off approach to managing his team, and drives great, and...") If they dislike John a lot, they'll view everything about him in that negative light. ("John is an asshole who couldn't code his way out of a brown paper bag, is the most clueless PHB ever, and drives like a retard on hard drugs.")
People who look good and are well spoken tend to get the promotion, and as at least one study showed, they don't end up in prison as often. If you're in the jury and like that guy a lot, your natural tendency is to extrapolate that positive impression to everything about him. Such a nice guy _must_ be a honest and hard working guy, and probably got framed for that crime. If he's an ugly guy with a bad accent, well, the opposite applies. The motherfucker must be a no-good bum, and thank goodness we can put him behind bars.
The same applies to products. If they were made on the same chasis, with the same engine, and handled exactly the same, you'd probably still be inclined to say that a BMW handles better than Homer Simpson's dream car.
The same applies to companies. If you like a company a lot, then their products must also be the best of the best, their salesmen are honest, their employees are the most brilliant guys that ever walked the Earth, their patents are breakthroughs comparable to inventing the wheel, the waste they dump in the river is just pure water, their factories don't cause global warming, and their lawsuits are right and justified. That's why marketting and PR departments try to create a good image for the company as a whole.
And conversely, the same applies if you really don't like a company. Then their products by definition suck, their salesmen are backstabbing snake-oil salesmen, their employees are the rejects of vendor-machine-refilling school, etc.
It's not trolling, it's just extrapolating the general impression to each of the components. If someone would get a B grade on the whole, the tendency is to act as if every single component is the same B grade as the average.
It's not logical, but that's how humans work.
So some people apply that to MS. Whop-de-do. Humans acting like they're human on Slashdot. Who would have guessed?
A polar bear is a cartesian bear after a coordinate transform.
When you buy your new 1GB video card (and they already exist), and wonder why only less than 3GB of 4GB of your physical memory is usable, you will really need an x64 OS.
(The fourth gigabyte can still be accessed with PAE if motherboard supports >32bit physical addresses, but PAE itself is an ugly kludge.)
throw new SuccessException("Sig read successfully");
Thats a pretty bad analogy they gave there, about violatng warranty.
So what if i want to violate my warranty? i can if its my walkman, with vista, i cant. I cant do anything that isnt blessed by microsoft ( basically all that is blessed is to feed the beast with more cash )
I paid for it, it on my computer. If i want to totally trash it its my right. Can i call them for help afterwards? No of course not, but it should be my right to do what i want with it.
---- Booth was a patriot ----
Oh, the horror! Imagine if any Theo, Dick or Linus could modify the precious kernel!
Je fume. Tu fumes. Nous fûmes!
What would you suggest they do then, just give up on improving the security of their product? The customers (and shareholders) will love that.
Ok , so Vista 64 won't load a driver unless its signed. How long do you
think it'll be before some employee in the thousands that work at MS
gets hold of said key and sells it to some crooks or even just leaks
it for the hell of it? What happens then? They revoke the key and
EVERY single driver manufacturer has to get their drivers resigned??
Sounds like a disaster waiting to happen.
> Microsoft will operate 64-bit versions of Windows Vista as a tabernacle,
> with the kernel as the holy of holies, where only its own high priests
> of security may venture.
And that only once a year, and not without blood, which he offers for himself and for the sins the people have committed in ignorance?
Or perhaps we are stretching the metaphor too far. Perhaps after all computer security is not very much like a temple sacrifice religion, but more like a military installation. Yes, there may be authorization checks at the entrances, but the security of the area within is protected from unauthorized entry due to practical concerns. Granted, not everyone agrees with all of the practical concerns or the level of security involved, but nonetheless I don't think it's fair to imply that the protection of the inner sanctum is purely religious.
Cut that out, or I will ship you to Norilsk in a box.
I must admit I didn't read it that way, but when I hit:
... I immediately had horrible visions of Steve Ballmer dressed up as the archbishop, hurling church pews around and doing unspeakable things to the altarboys...
"where only its own high priests of security may venture"
Sooooo, Microsoft can't fix their OS by cleaning up there code, so they are going for the security through obscurity approach? And while they are at it, taking swipes at Mcafee and Symantec marketshare? Great idea, cause yeah, that works. Anyone who knows anything about security, knows that obscurity is _not_ part of it.
--Nuintari
slashdot : where an opinion can be wrong.
I certainly don't have to use XP's built in firewall. I could still buy a 3rd party firewall. But, why would I? I'm happy that Windows is improving. Sounds like you're just interested in spreading FUD.
This actually kind of makes sense, considering their technical decisions seem to be made without any logic or reason, and considering the ass raping they've been giving consumers for years now. ;)
-- sudo.ca
Hmmm. How about every single OS and systems improvement over the past 5-10 years?
Ten years have passed and I still need antivirus, anti-malware and clean out activex nasties from the default browser. Dog forbid I give a Windows OS a public IP address. It's a fembot in mere minutes.
In all fairness, in ten years, what -has- changed is the OS doesn't need the regular rebooting.
"There is only money to lose if they actually had a legitimate security model built-in from the kernel upward."
The revenue lost by marketing an OS with an improved security design can easily be quantified. A conservative estimate may be about half of Symantec's market capitalization which stands at USD $10 billion and estimate 2 billion in annual revenue.
There is a disincentive for Microsoft to actually address the issue or provide an API for other developers to profit.
Well, there is quite a bit of successful competition in the space they supposedly have a monopoly in.
You mean another OS with a miniscule and relatively unchanged market share in over a decade is "competition?" When the consumer's wallet opens, the money (and much more than a competitive OS market would demand) goes to Microsoft. You are pretending there is competition.
How exactly are they 'making you pay extra for it'?
There's rent seeking. http://en.wikipedia.org/wiki/Rent-seeking
There's coercive monopoly. http://en.wikipedia.org/wiki/Coercive_monopoly
There's monopoly profits. http://en.wikipedia.org/wiki/Monopoly_profit
Those are good starters.
It's obvious I have a strong opinion on the matter and I appreciate your response because it's reasonable, asks good questions and generates discussion. Keep up the good work citizen!
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
"with the kernel as the holy of holies" should read "with the kernel as the holy of holes".
Check here:
http://www.osronline.com/article.cfm?article=476
-- soldack
I was paraphrasing the 21164 reference manual there... FWIW. You can download it from:
c tor/literature/dsc-library.html
http://ftp.digital.com/pub/Digital/info/semicondu
-- Terry
Thats exactly what I want. I do not want to have any software patch the kernel.
If there is no way for the spyware to patch the kernel I don't need McAfee or Symantec there at all. First thing I do with a new home machine is to strip off the AV software provided by Dell as cramware. Machines run so much faster and more reliably without. Then I turn off AutoRun and hook it up to my internal network which has twin SPI firewalls.
OK. So you aren't a programmer, at last not a gifted systems programmer. Many, many people are...and Microsoft can't seem to hire the best ones, or even mostly good ones, judging by the glaring flaws in Microsoft Buggy Bloatware(tm) such as Vista, Office, and Internet Explorer.
The facts PROVE that Microsoft can't write small and fast code, much less secure, relatively bugfree, and very tight code like the kernel of a modern OS calls for.
Any intelligent, sane person prefers to have important things on his/her computer be repairable or replaceable quickly and easily by more than one vendor, especially if the original manufacturer has a long history of lousy quality control and bad service, as Microsoft does.
I want independent third party experts to be able to exterminate the bugs and patch the security holes that Microsoft blithly includes in its crapware...crapware it would never be able to sell much of without abusing its monopoly over the desktop OS and office suite. What I would really like to see happen is a group get together and come up with a swap-in replacement for MS's 64-bit kernel, and a lot of other broken-by-design parts of Windoze. A lot of companies have been somewhat over very successful in creating drop-in replacements for factory hardware (think Intel CPUs, graphics cards that run circles around the GPUs built into most mobos, improved sound cards, etc.) Software vendors have often improved upon common apps via add-ins or add-ons, some of which definitely alter the way core code in the base app works.
Would you by a car that could only be repaired by a the factory, whenever the company happened to feel in the mood to come up with fixes for its numerous design flaws? That's what Microsoft is trying to do by preventing anyone else from fixing, or heaven forbid, improving upon its crappy code by locking them out of it.
"You're young, you're drunk, you're in bed, you have knives; shit happens." -- Angelina Jolie
372487324872373429873243FE798327277A798797977E8989 877FF7D87987987987972279873838798738738973983983
734897434897389478973490834FF3289748927349879387E7 8298729387987E92798E279287987E7E27EE7978792879737
828374728378492374823794872938778987987E778979A8A7 A978798798C7C979879D8798798E7987F98798798797888
He he he :)
Either they are letting them in on the security holes that are already there, that there is a MS Product you have to pay more for or a subscription for, or...Wait. Was there a second one?
It's as simple as this, if the owner of the computer is allowed to install programs, then the computer will fill up with spyware. I refuse to believe that spyware(marketing) will ever go away, so it's as simple as this. You're going to have to pay $500 for an operating system, then it will only run on the hardware that comes with DRM. Big business has control of your computer, you don't.
What scares me is that I've seen signs of some distros conforming to DRM and other laws that place the control of your computer into the hands of the corporations. I remember paying for all of my hardware and I remember all of my hard drives coming empty of anyones OS. I don't need an OS babysitting me.
My Windows XP install is so full of spyware that it has become unuseable. Debian works just fine. There are only a couple of things it doesn't yet support, but will eventually. I think I can hang on to my P3 a little longer. 1 GHz is enough to play DVD's and to burn recordings onto DVD. It's a little slow, but faster than Windows.
Ops, I shuld have usd the prevuwe but in.
There is already a massive number of 32 bit drivers written for XP which will continue to work in Vista, which is why it is only the 64 bit drivers which must be signed.