Vista Hackers Get Busy

An anonymous reader writes "Microsoft's long-awaited Windows Vista release Thursday for business customers will get more than just the passing attention of network administrators. That's because hackers will be eagerly waiting to do what hackers do best: start some mischief." Some folks on the Black Hat set got a sneak peek at Vista earlier this year, so they've had time to prepare.

Re:Hack WGA First

[Jherek+Carnelian]

Make it better. The less piracy of windows there is in the world, the more people will get into free alternatives.

Hell, make it deny everyone. The less legitimate use of windows there is in the world, the more people will get into free alternatives.

Predictions

[Beryllium+Sphere(tm)]

o Exploits will be in older code.
o The first "exploits" announced will be simply userland Trojans, as will most that follow.
o Old-style remote exploits will be unusual and dramatically rarer than we're used to.
o Nobody will notice the difference. The media will lump all problems together and the reports will boil down to "LOL V1st4 pwned".

MS has hunted down unsafe APIs and banned crypto algorithms that are damaged (MD5) or that nobody can figure out how to use correctly (RC4). They compile with stack canaries. They've added address space layout randomization. A large number of people in Canada will forever snarl at me in derision for saying this, but Microsoft is beginning to absorb lessons from the success of OpenBSD.

It's never going to be the same, of course. There's not enough money in the world to audit Microsoft's cetacean code base to OpenBSD standards and I can't believe the design of Windows would support privilege separation.