Slashdot Mirror

← Back to Stories (view on slashdot.org)

Israeli Security Company Builds "Unhackable" Version of Windows

Posted by timothy on from the sure-if-it's-powered-off-and-ground-into-dust dept.

New submitter Neavey writes: Sounds too good to be true, but Morphisec, an Israeli startup, claims to have built an unhackable version of Windows. Its not yet publicly available, a red flag if ever I saw one, but internal testing has had a 100% success rate: "In a statement for BI, Dudu Mimran, the co-founder of the company, describes this new OS version as the Windows that 'Microsoft should be doing,' explaining that, while the platform was initially designed for government use, it can be actually installed by any enterprise that wants to make sure that no hack is possible. Basically, this operating can block any zero-day attack, the founder says, thanks to the operating system randomizing all memory, which means that the hacker cannot target the computer memory and compromise the data stored on the drives." What things memory randomization does not fix, left as an exercise for the reader.

3 of 253 comments (clear)

  1. ASLR? by Anonymous Coward · · Score: 3, Informative

    Are they just talking about Address Space Layout Randomization? Let's see - Wikipedia says [https://en.wikipedia.org/wiki/Address_space_layout_randomization] for Windows - to turn it on edit a registry key. Is that what this company did, "create" a version of windows with a registry key set?

  2. that said, a version that can't be hackED is possi by raymorris · · Score: 5, Informative

    The headline is crap, of course.

    That said, it's not too hard to have a version such that you know it's unaltered when you boot each morning. You do basically a live CD, booting from a read-only lun.

    Just as you separate a normal user USING the machine from an administrator account UPDATING the OS, you can have the OS basically read-only during use and set it to writeable only when you need to update the software. That change is done outside of the OS, either via the NAS or the hypervisor.

    In that way, you can come in eqch morning knowing your Windows system hasn't been hacked (past tense). As soon as you open IE, though, you could get a new exploit. That exploit disappears when you shut the machine down, though.

  3. Re:This has been around forever by ttucker · · Score: 3, Informative

    It allows you to change the address for DLLs, but leaves it at a predetermined address by default.

    Windows has a setting to enable ASLR for all applications. Microsoft even provides a handy tool to enable it; the, "Enhanced Mitigation Experience Toolkit". No special compile time gesticulations are required.