Slashdot Mirror

← Back to Stories (view on slashdot.org)

64-Bit Vista Kernel Will Be a "Black Box"

Posted by ryuzaki0 on from the abandon-all-hope-ye-who-ener-here dept.

ryanskev writes with news from RSA Europe, where a Microsoft VP spoke bluntly about the lock-down that will apply to 64-bit Vista. From the article: "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." While Microsoft has seemed to be making some concessions to the likes of Symantec and McAfee, considerable doubt remains as to their ultimate future.

12 of 402 comments (clear)

  1. Sounds like the right plan by Zeinfeld · · Score: 5, Interesting

    Sounds like the right approach to me. We will soon find out whether Symantec and McAfee are helping or hindering security.

    --
    Looking for an Information Security student project suggestion?
    Try http://dotcrimeManifesto.com/
    1. Re:Sounds like the right plan by Zeinfeld · · Score: 5, Insightful
      As I understand it, Windows Vista 64bit Edition will simply not allow kernel drivers to load unless they are signed with Microsoft's private key. Which means that you'll need to either exploit kernel bugs to load your own code (which they'll plug eventually) or boot off a CD and patch the kernel files on disk to disable this checking (which will be hard to do without destablizing the whole system). If that's what we're talking about (and I have no idea if it is) how can you possibly be in favour of it? I mean, it sounds like The Right To Read all over again.

      Thats exactly what I want. I do not want to have any software patch the kernel.

      If there is no way for the spyware to patch the kernel I don't need McAfee or Symantec there at all. First thing I do with a new home machine is to strip off the AV software provided by Dell as cramware. Machines run so much faster and more reliably without. Then I turn off AutoRun and hook it up to my internal network which has twin SPI firewalls.

      I have never had a virus but I have had machines go wonky because of buggy AV code.

      I want to have as few kernel mode device drivers as is possible. Printers should not require kernel mode, nor should video cameras etc. Only the bare essentials talking directly to the DMA interfaces should ever use kernel mode.

      I don't need to run my code in kernel space and I don't think anyone else does either.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    2. Re:Sounds like the right plan by IamTheRealMike · · Score: 5, Insightful
      Yeah, ok. There's so many things wrong with your world view that I'm having trouble understanding where to start.

      No, Zeinfelds world view is entirely sane and very defensible. I agree with him.

      Let's review a few facts:

      • The collapse of residential computer security has meant that virtually nobody can keep their Windows machine secure anymore. Not even gurus. There are just way too many 0-day exploits for browsers and others out there, even for Firefox.
      • The usage of rootkits on Windows is now a common technique, often used to hide spyware. Once the machine has been rootkitted it is impossible to repair short of wiping the system clean and starting from scratch. But because of the first point, this is not practical.
      • Thanks to the first and second points doing business on the internet is rapidly becoming difficult or impossible. It started with online casinos and porn sites, but is spreading to "clean" business too. How can you run a company when any 16 year old with a botnet can shut you down at a whim?

      The foundation of any security system is the kernel. If the kernel is not running in a known state, you have no security system - period.

      There is absolutely zero point in having user accounts, authentication, file permissions and so on if programs can load code into the kernel ... which they can, because for historical reasons Windows programs require admin rights, and even if they didn't, ultimately any program can ask the user to do something on its behalf and most will.

      The solution is clear - forbid any unknown code from loading into the kernel. Only then can you have a sane system built on solid foundations. It is not a "right to read" scenario, because you can still mark individual drivers as loadable in Vista IIRC if you put it into developer mode (which makes it clear that you are in a special mode), but even if it wasn't, it'd be a price worth paying to help fix the internet.

  2. "Concessions to.." by MoriaOrc · · Score: 5, Insightful

    Am I the only one who read the line "Making concessions to Symantec and McAffee," and the first concessions that popped into my mind were "Just a little security hole here, buffer overflow there, ect."

    I'm no fan of MS, especially when it comes to their horrible security track record. However, if they really can manage to get it right (or even significantly better) in Vista, they shouldn't be going and making concessions to the people who've been making a living off the things that were broken in their last OS.

  3. Re:I'm confused by phantomcircuit · · Score: 5, Informative

    The only way to run kernel code is drivers, 32 bit drivers are currently only sometimes signed. ALL 64 bit drivers must be signed, or they won't be loaded. This is why there is a distinction between 32 bit and 64 bit Vista.

  4. Re:I'm confused by Foolhardy · · Score: 5, Informative

    The main reasons they aren't implementing the same thing in 32-bit Windows is because of "limitations of the 32-bit architecture" that apparently don't let them do what they want, and since a lot of programs already patch the syscall table in 32-bit windows, it'd break compatibility with a lot of software to change it now. Binary compatibility for drivers that patch the syscall table on 64-bit Windows isn't an issue because 64-bit Windows for AMD64 has always prevented syscall patching. They figure that the 32->64 bit change is big enough to pile on some more changes, like this.

    This has more to do with system stability than it does for security. Many syscall interceptors are not multiproc safe or do bad things: if the computer bluescreens because of a poorly written syscall interceptor, Microsoft gets blamed for writing unstable software. The syscall interface is considered an internal interface, not to be tampered with by outside parties because its behavior has subtleties not documented, and could change. This is a technical enforcement of that policy.

  5. Sounds like security by obscurity by 49152 · · Score: 5, Insightful

    Isn't this just another variation of security by obscurity?

    Which everyone by now should have learned does *not* work.

  6. Joe Blow by Ice+Wewe · · Score: 5, Funny
    64-Bit Vista Kernel Will Be a "Black Box"

    Microsoft also warned 32-Bit users to be careful, because if you run the 32-Bit version, you're screwed

  7. Sayonara, Symantec by Cid+Highwind · · Score: 5, Insightful
    There's going to be a kybosh on naughty developers mucking about with the 64-bit kernel; patching will be banned.


    If it will stop crapware like StarForce and the Sony rootkit from sneaking extra drivers in, bring on the kibosh. People who want to tinker can use one of the fine Open Source operating system kernels that run on 64-bit Intel machines. Those that just want to play games or run Office can feel a little bit safer from malware.

    Sorry Symantec, but after dealing with the disaster that is Norton Internet Security, I won't shed a tear when I read that you've filed for Chapter 7.
    --
    0 1 - just my two bits
  8. Why is Microsoft even bothering.. by flummoxd · · Score: 5, Interesting

    ..to release a 32-bit version of Vista?

    Every week, I hear about a new thing that will "only be in 64-bit Vista". First it was HDTV content only on 64-bit for DRM reasons. Now, we're hearing the reasoning that Windows will be more secure if we don't let third parties in the kernel. Fine, whatever. If we were to assume that makes it more secure, then so be it.

    But why bother to release an inferior 32-bit version? Under the presumption that closing the 64-bit kernel off will make things better, why not use the same strict security policies in 32-bit? Surely, there can't be any technical reason for all of this. It's all marketing, right? ("Microsoft recommends a 64-bit PC.")

    Or is there some real reason why it feels like 32-bit Vista and 64-bit Vista are two entirely different operating systems?

  9. The article is filled with such great lines! by Psykechan · · Score: 5, Insightful

    For 32-bit versions of Vista, it'll be mostly as you were on security
    Translation: You're screwed! Upgrade to 64 bit ASAP (P.S. some of your software won't work)

    Defender has already become the most popular download ever from Microsoft
    If I was MS, I certainly wouldn't brag about anti-malware being the most popular application.

    referring to third parties being able to patch 64 bit Vista - "It's just not the way the box was designed...we're putting a stop to that."
    Great. What happens when MS doesn't quickly put out a patch... no choice on using the good samaritan patches anymore, you just have to sit and twiddle your thumbs.

    referring to ever being able to secure 32 bit Windows - "That train has left the station."
    I think it's more like the Windows train has left the station. Why bother to convert to 64 bit Windows? Switch to something else as soon as possible.

  10. Microsoft Translation by Slaryn · · Score: 5, Funny

    For those of you who don't speak "Microsoft"... "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." roughly translates to "It will have a password."