Israeli Security Company Builds "Unhackable" Version of Windows

New submitter Neavey writes: Sounds too good to be true, but Morphisec, an Israeli startup, claims to have built an unhackable version of Windows. Its not yet publicly available, a red flag if ever I saw one, but internal testing has had a 100% success rate: "In a statement for BI, Dudu Mimran, the co-founder of the company, describes this new OS version as the Windows that 'Microsoft should be doing,' explaining that, while the platform was initially designed for government use, it can be actually installed by any enterprise that wants to make sure that no hack is possible. Basically, this operating can block any zero-day attack, the founder says, thanks to the operating system randomizing all memory, which means that the hacker cannot target the computer memory and compromise the data stored on the drives." What things memory randomization does not fix, left as an exercise for the reader.

Not finished

[edjs]

Per the article, they've raised money and it's under development. Sounds more like they're at the generate some buzz for some more money stage of development.

But I concede that randomizing memory (contents) does make a system pretty secure.

Linux...

has had address space randomization for how many years? Hardly unexploitable still...

Re:This has been around forever

[ttucker]

Memory randomization has been around a very very very long time. It's not going to help with logical programming errors.

It is literally already implemented in every version of Windows since Vista. Windows also uses the NX/XD features in modern CPUs.

Re:Oh boy

[hairyfeet]

Actually its really not that hard, what is hard is altering the system in such a way that the weakest part of the system, the user, can't work to help the malware by trying to by pass your security layers.

I have systems out in the field that have been running since 09 with zero malware (I'd have systems at the decade mark but my XP X64 systems were upgraded to Win 7 X64) but those users actually listen to me and if their system says "Do not do that" then they DO NOT DO THAT and that simple thing does more to insure the security than any tool you can come up with.

If anybody wants to know how to make a Windows system that the PEBKAC will have to go out of their way to fuck shit up? Here is how you do it...1.- You put the user in a browser that has online backup (you'll see why in a minute), I use Comodo Dragon and Pale Moon but you can use Chrome, Firefox, any browser that will backup their bookmarks and settings online. 2.- You install ABP. This neuters the #1 source of attacks, malware infected ads. 3.- You install Comodo Internet Security and have it set up to place the browser by default in a low rights sandbox. This insures that anything on a page that isn't stopped dead by #2 is shut down, for extra security you can use the built in Comodo DNS to block known malware sites, that is up to you. BTW Comodo IS was one of only a couple AVs that flagged the government malware toolkit that made all the news recently, IIRC the other 2 were the pay version of Adaware and Eset. 4.- Install any programs they must have, have everything set tyo auto update including Windows, the usual. 5.- the final step is more to insure if they let some stupid relative that actively attacks your security (you'd be surprised how many times over the years I've seen somebody get on a system and find they can't look at their "free porn" because the system blocked "Iz_Not_Viruz_Iz_Codec.exe" so they actively attack the security so they can get the malware installed) you install Paragon Backup & Recovery Free, set up a hidden backup capsule with a locked copy of your clean install (this takes the place of an OEM recovery partition) and set up a differential backup schedule of your choice. Depending on the space you use for the capsule they can easily go back a month or two, but I find 3 weeks is usually enough to cover the visiting dumbass relative.

And there you have it, a system where the most dangerous attack vectors (the browser and online adverts) are sandboxed and shut down, the Comodo IS HIPS monitoring everything else closely, and if somebody gets on and actively attacks the system through their own stupidity you have a "push button to undo dumbass" button so you don't have to worry about having to do a wipe and reinstall. It doesn't even cause a real performance hit, I have several customers that have this setup on their gaming computers and are quite happy with it. the nice thing about this setup is the user doesn't have to do anything proactive to be secure as they are already sandboxed with ads blocked by default so as long as they do not actively attack the security? Well not to toot my own horn too loudly but I've taken a box with Win 7 RTM, no SPs or patches, and after setting up the system I've taken it to a pile of porn topsites and game ROM sites and afterwards scanned it with multiple scanners, both on and offline, and never found anything more dangerous than a cookie. The pages that had malware that wasn't ads was quickly shut down by Comodo before loading with a big red "This site contains malware" so all an end user would have to do is simply heed the warning and not go there. it really don't get much simpler from an end user perspective.