Slashdot Mirror
64-Bit Vista Kernel Will Be a "Black Box"
ryanskev writes with news from RSA Europe, where a Microsoft VP spoke bluntly about the lock-down that will apply to 64-bit Vista. From the article: "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." While Microsoft has seemed to be making some concessions to the likes of Symantec and McAfee, considerable doubt remains as to their ultimate future.
Sounds like the right approach to me. We will soon find out whether Symantec and McAfee are helping or hindering security.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I know this isn't PC to say on Slashdot.. but MS shouldn't allow undocumented hooks to the kernel. Instead they should provide an API for that.
What's the difference between the 32 bit and 64 bit kernel? And what does a 'tabernacle of security' mean?
I don't think there's a significant difference in DRM hardware between 32bit and 64bit systems. Why make the distinction? If they're going to secure Windows - why not secure Windows?
Microsoft executive clarifies recent market confusion about Vista Security
Am I the only one who read the line "Making concessions to Symantec and McAffee," and the first concessions that popped into my mind were "Just a little security hole here, buffer overflow there, ect."
I'm no fan of MS, especially when it comes to their horrible security track record. However, if they really can manage to get it right (or even significantly better) in Vista, they shouldn't be going and making concessions to the people who've been making a living off the things that were broken in their last OS.
Microsoft wants to be responsible for its own security - more importantly, Microsoft wants to reap the financial rewards for becoming responsible for its own security. The personal home user will end up paying a bit more for lack of competition in security software, which won't matter to Microsoft - the real market is corporate sales.
Isn't this just another variation of security by obscurity?
Which everyone by now should have learned does *not* work.
Microsoft also warned 32-Bit users to be careful, because if you run the 32-Bit version, you're screwed
Isn't this just another variation of security by obscurity? Which everyone by now should have learned does *not* work.
Actually it does work. Where people go wrong is using it as their sole security measure. In concert with various other good practices obscurity is good.
Yeah, and no-one really needs more than 640k of ram.
How we know is more important than what we know.
Engineering is the art of compromise.
Given that Joe Public no longer believes MS has control over security, they need to build some new mental images to sell. 64-bit black boxes sound pretty solid.
Engineering is the art of compromise.
If it will stop crapware like StarForce and the Sony rootkit from sneaking extra drivers in, bring on the kibosh. People who want to tinker can use one of the fine Open Source operating system kernels that run on 64-bit Intel machines. Those that just want to play games or run Office can feel a little bit safer from malware.
Sorry Symantec, but after dealing with the disaster that is Norton Internet Security, I won't shed a tear when I read that you've filed for Chapter 7.
0 1 - just my two bits
Will not go very well, at least in beginning. This enhanced security won't sell it. There won't be drivers for some existing stuff ever. Seems that MS wants to push this version and keep 32-bit as legacy, but in the end when end user can't make it work as well as 32-bit, it is just going to slip and create confusion. In long run it may pay off, when systems and components are designed for 64-bit, until then, 32-bit will be preference. I wonder if any of corporate users are going to put 64-bit on employeees workstations in upcoming months -it seems as a big risk without much gain.
..to release a 32-bit version of Vista?
Every week, I hear about a new thing that will "only be in 64-bit Vista". First it was HDTV content only on 64-bit for DRM reasons. Now, we're hearing the reasoning that Windows will be more secure if we don't let third parties in the kernel. Fine, whatever. If we were to assume that makes it more secure, then so be it.
But why bother to release an inferior 32-bit version? Under the presumption that closing the 64-bit kernel off will make things better, why not use the same strict security policies in 32-bit? Surely, there can't be any technical reason for all of this. It's all marketing, right? ("Microsoft recommends a 64-bit PC.")
Or is there some real reason why it feels like 32-bit Vista and 64-bit Vista are two entirely different operating systems?
Joanna Rutkowska gave a talk about this at Blackhat. Take a program in usermode but with administrative privileges, force the kernel to get paged out, edit the pagefile.
In a recent blog entry, Rutkowska criticizes Microsoft's response to the pagefile attack. Boiled down, it amounts to the problem that as long as a disk utility can run, someone can still edit the pagefile. Her preferred fixes would have been encrypting the pagefile or simply not swapping the kernel. NetBSD's Elad Efrat suggested simply hashing the kernel for integrity checking.
For 32-bit versions of Vista, it'll be mostly as you were on security
Translation: You're screwed! Upgrade to 64 bit ASAP (P.S. some of your software won't work)
Defender has already become the most popular download ever from Microsoft
If I was MS, I certainly wouldn't brag about anti-malware being the most popular application.
referring to third parties being able to patch 64 bit Vista - "It's just not the way the box was designed...we're putting a stop to that."
Great. What happens when MS doesn't quickly put out a patch... no choice on using the good samaritan patches anymore, you just have to sit and twiddle your thumbs.
referring to ever being able to secure 32 bit Windows - "That train has left the station."
I think it's more like the Windows train has left the station. Why bother to convert to 64 bit Windows? Switch to something else as soon as possible.
I think the crux of debate will be what MS considers its own high priests. If that means MS security products that compete with Symantec and McAfee, then the two vendors have a legitimate gripe that MS is using its monopoly power to lock them out. MS has said that its security products will not have access to undocumented APIs, but how much do you trust MS at their word? I don't trust them that much because I think MS still plays dirty. As recently as the Burst lawsuit in 2004, you can still see MS is refusing not only play fair but abide by court orders: Both parties were told to disclose emails as part of discovery. Burst.net discovered that not only did MS destroy emails but it was the policy of a multi-billion dollar company not to retain any emails over 30 days. And Burst listed out the many ways the company actively followed this policy.
Well, there's spam egg sausage and spam, that's not got much spam in it.
everyone got it all wrong
the os isn't a black box, the os needs a black box
you know, for when it crashes
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
> with the kernel as the holy of holies,
Am I the only one who read that as,
"The kernel will be the holiest of holy kernels in history, spouting more holes per square inch than any preceding set of kernel holes in history."
Something tells me he used a bad phrase.
help me i've cloned myself and can't remember which one I am
They Have To keep that a secret... ;)
The lyf so short, the craft so long to lerne
You can bet this is going to make life very hard for the folks like VLC or anyone who wants to do something clever with the audio system. Wonder how they are going to push it, however? Sure, they can go for attrition, and make sure all new machines come with Vista, but there are a lot of Win32 machines out there that have more than enough CPU. There were some big jumps from the 200mhz-600mhz range, but now with 2-3ghz more or less normal and no 'got to have it' devices like USB3 this is going to be a tough sell. Heck, even with DirectX 10 being reserved for Vista, game publishers would be suicide to go after that market for a couple years. While it might give a few more FPS, you can bet the vice-like grip on hardware will doom any of the older games from running on the system... I mean, heck, if you could access the video, you might just try to display content without the secret hardware handshake.
+++ UGUCAUCGUAUUUCU
This makes me think of Kid-Proof caps. Only the kids will be able to open the cap to get into the kernel. Users who want to install legit stuff, forget it.
...but could you cite some examples?
One thing would be the Xbox hack, although that involved an attack on the hardware as well.
There are counless successful projects to port Linux to some closed (i.e. black-box) hardware.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
It's "Mac", not "MAC". MAC is an acronym: Media Access Control [address]. Mac is short for Macintosh.
And Apple makes most of its money from selling hardware, so I sincerely doubt they'll drop that and try to squeeze money out of selling an operating system exclusively.
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
The kernel has a reputation for being not particularly bad.
The reason the kernel is an issue, is that the new "threat" against Windows security is the owner/administrator of the machine. Microsoft needs to try to implement DRM, in order to get into bed with the media companies and sell music and Zunes to play it. You can't implement DRM if the user can patch the kernel to work around the DRM. Thus, they're going to try to prevent end-users from having the capacity to modify this behavior of their own computer.
The "security companies" are taking collateral damage from this, because their applications have to intercept all reads/writes (to files, the network, whatever) in order to scan all data against a blacklist of known malware in order to try to protect the comically fragile userspace. This scanning is implemented through kernel patches, I guess.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
So, if your writing (alpha) drivers for a new piece of hardware, how do you get them into the kernel to test them? Do you have to get MS to approve your H/W as pretty enough to make it in to Vista first?
1)the amount of register space literally doubles. Optimized properly, that can go a long ways.
2)simpler memory model: 52 physical bits for physical RAM (don't believe me, look at http://www.amd.com/us-en/Processors/DevelopWithAMD /0,,30_2252_869_875%5E7044,00.html) and 64 bits of virtual addressing space. No segments, just a flat memory model.
3) removal of the old priveledge system and intro of a new user/kernel page allocation scheme to simplify the memory model.
4)Direct addressing of a very large amount of ram directly accessible.
Those are just some of the advantages. if you want to look them up in detail, go look at the link that I have given in this post to the AMD64 manuals.
64bit Windows will see deployment in the server room on corporate data centers. In this area security is secondary to audit compliance. Server ops will turn on the default Win64 kernel security and it will do whatever it does. Auditors will check the AV box and move on to the next server. Everyone is happy. Server ops has one less thing to do and auditors have an easier job of auditing. I know that's cynical but that's how it works.
Let's remember that the reason Windows is in the server room in the first place is because MS sold it on the premise that's easier to run. Not faster, not with less hardware, not even with fewer people but with a lower skill set. Cheaper. So embedded security is not about security, it's about skill sets. Set it, forget it, hope for the best. If it smashes on the rocks then everyone did their best anyway and no one can be held accountable.
Microsoft has been attempting to deploy an architecture like this for some time. Check out Microsoft's NGSCB/Paladium/TCPA initiatives (http://en.wikipedia.org/wiki/Palladium_operating_ system). This is a paper tiger without the special hardware. In a few years a push will be made to get people to adopt the hardware. It will be interesting to see how they sell it.
Kanga: That's not a fish, that's a bird.
Pooh: Yes, but is it a starling or a mackeral?
Different operating systems had different firmware images. The VMS PALCode implemented a load of privileged instructions that corresponded to those found in the VAX. The NT PALCode implemented x86-style operations.
So, while VMS may have required four privilege modes, these were not intrinsically an attribute of the Alpha. Instead, various instructions defined in PALCode would check the status of a shadow register and refuse to operate if it had the wrong value. PALCode was an incredible concept, and it was a very sad day for the industry when the promise of the Itanium killed the Alpha.
I am TheRaven on Soylent News
"I'm not sure why it is you want to believe that Microsoft will "fix" anything.
They haven't and they won't. Ever."
Hmmm. How about every single OS and systems improvement over the past 5-10 years? Every version of the OS since NT4 being radically improved? Abandoning the 9x lines due to them being completely broken? Finally taking a first step at cleaning up the RPC mess in xpsp2, continuing into Vista? Hundreds of patches a year? Going from IIS4 and IIS5 which were wide open, defaulted to everything on, and being a horrible mess, to IIS6 and 7 which are minimal on install, very well locked down, and having nearly zero security holes? How about in Vista moving a large segment of hardware and driver code out of the kernel into userspace to improve reliability?
Now granted, I couldnt come up with very many here in the 30 seconds I spent thinking about it.
"There is only money to lose if they actually had a legitimate security model built-in from the kernel upward."
This is a pretty out-there statement, care to elaborate or explain? And what is it about their current security model that is illegitimate? Process separation, mandatory security roles, and a robust ACL system is pretty standard stuff in secure designs/models.
"Like every monopoly ever studied, they are destroying wealth (long and boring explanation), putting out an inferior product and making you pay extra for it."
Well, there is quite a bit of successful competition in the space they supposedly have a monopoly in. There's Apple, which sells competitive products that are at or above the MS price point. They're not doing too badly and are making strong inroads (albeit into a niche market). And dont forget Linux on the desktop, which is free and Free. They've had some moderate success.
How exactly are they 'making you pay extra for it'?
"Why do you believe after 95/ME/XP "security" they will do anything to improve when there's absolutely no evidence to support this belief?"
I think your statement shows pretty clearly what the evidence is to support this belief. Look at the difference in security, reliability and manageability between 9x and XP. It's like night and day, with XP and the NT kernel line having made massive improvements.
For those of you who don't speak "Microsoft"... "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." roughly translates to "It will have a password."
Oh, the horror! Imagine if any Theo, Dick or Linus could modify the precious kernel!
Je fume. Tu fumes. Nous fûmes!
This actually kind of makes sense, considering their technical decisions seem to be made without any logic or reason, and considering the ass raping they've been giving consumers for years now. ;)
-- sudo.ca