Slashdot Mirror

← Back to Stories (view on slashdot.org)

Israeli Security Company Builds "Unhackable" Version of Windows

Posted by timothy on from the sure-if-it's-powered-off-and-ground-into-dust dept.

New submitter Neavey writes: Sounds too good to be true, but Morphisec, an Israeli startup, claims to have built an unhackable version of Windows. Its not yet publicly available, a red flag if ever I saw one, but internal testing has had a 100% success rate: "In a statement for BI, Dudu Mimran, the co-founder of the company, describes this new OS version as the Windows that 'Microsoft should be doing,' explaining that, while the platform was initially designed for government use, it can be actually installed by any enterprise that wants to make sure that no hack is possible. Basically, this operating can block any zero-day attack, the founder says, thanks to the operating system randomizing all memory, which means that the hacker cannot target the computer memory and compromise the data stored on the drives." What things memory randomization does not fix, left as an exercise for the reader.

12 of 253 comments (clear)

  1. Oh boy by NotDrWho · · Score: 5, Funny

    I hope everyone at that company is prepared for a long week.

    --
    SJW's don't eliminate discrimination. They just expropriate it for themselves.
    1. Re:Oh boy by Anonymous Coward · · Score: 5, Funny

      I hope everyone at that company is prepared for a long week.

      I wouldn't presume they last that long. An unhackable version of Windows... Is it April 1st on the Hebrew calendar?

    2. Re:Oh boy by Penguinisto · · Score: 5, Funny

      I hope everyone at that company is prepared for a long week.

      Why? All they did was rip out all the networking parts of that particular Windows box. Oh, and they also removed the USB drivers, the serial ports... then they sealed it in a welded metal box, then set that box in the middle of a concrete block 1m x 1m x 1m, with only the power cable and a couple of water cooling pipes sticking out. It's completely unhackable now.

      --
      Quo usque tandem abutere, Nimbus, patientia nostra?
  2. I believe by Anonymous Coward · · Score: 5, Funny

    It is being offered to the mullahs on a flashkey.

  3. Other products by puddingebola · · Score: 5, Funny

    You may want to take a look at some of this company's other products, including flying serum and invisibility powder.

  4. It's easy to make it unhackable by taustin · · Score: 5, Funny

    Just remove all input and output capabilities, and the power supply. Most secure computer in the world.

    1. Re:It's easy to make it unhackable by singularity · · Score: 5, Funny

      I think people are missing this company's solution.

      The machine boots to Windows, and then this company's product randomizes everything in RAM. Even Windows has no idea where anything is in memory anymore. Every single bit is in a completely random location, with no relation to the bits it was next to previously.

      Granted, the machine crashes at this point, but it has successfully booted and been rendered unhackable.

      For long-term security, their follow-up product will randomize all data on a hard drive. It is completely un-hackable, even with physical access. Of course the data is also irretrievable, but there are prices to security.

      --
      - (c) 2018 Hank Zimmerman
  5. Failure to understand definition of zero-day by allquixotic · · Score: 5, Insightful

    This company (or whoever wrote TFS/TFA about them) seems not to understand the concept of a zero-day vulnerability.

    It is ridiculous to say that one is not vulnerable to zero-day attacks. They are, in security parlance, the "unknown unknowns" - the things you don't even conceptually know of as vulnerabilities right now. One cannot design a networked computer system with any functionality whatsoever in which they can somehow know and anticipate the "unknown unknowns" (as opposed to the known unknowns, some of which can be mitigated if you're lucky).

    The unknown unknowns are, by definition, *not yet known*, so you can't design a mitigation against them until *after* you are aware of them. If awareness comes in the form of a zero-day hack, then you will fail to defend against the attack at the time it hit due to your lack of information about the attack vector.

    Also, unless this company has full access to all Windows source code for the build they have, it is very likely that one singular memory-based mitigation will not be effective against every possible attack vector that exists in the Windows codebase. So unless they have performed full formal methods verification of the entire Windows codebase to guarantee that there are no "unknown unknowns", and then fixed every security vulnerability that exists in the product in the original state in which they received it from Microsoft, this is basically snakeoil.

    Also, don't we already have ASLR? The mind boggles at the stupidity of these people. Who do they seriously think is going to buy this?

    Actually, forget I asked. They said their target was governments. I have no doubt they will sell thousands of licenses.

  6. As a former QA lead... by Anonymous Coward · · Score: 5, Insightful

    Oh yeah, I've seen builds that were 100% solid on internal testing. Not a thing wrong with it according to automated tests, scripted manual testing, smoke testing, and random usage testing. Not a thing! A million monkeys could bang on keyboards all day long and nothing would break. Much simpler programs than an entire OS, mind you. But still, they were bullet-proof, air-tight, divine works of software engineering.

    Then we pushed them to production. Murphy's law is a moooootherfucker.

    Captcha: enraging

  7. Re:This has been around forever by ttucker · · Score: 5, Interesting

    Memory randomization has been around a very very very long time. It's not going to help with logical programming errors.

    It is literally already implemented in every version of Windows since Vista. Windows also uses the NX/XD features in modern CPUs.

  8. Re:This has been around forever by Anonymous Coward · · Score: 5, Funny

    It's not going to help with logical programming errors.

    It is literally already implemented in every version of Windows since Vista.

    Windows has had logical programming errors before Vista.

  9. that said, a version that can't be hackED is possi by raymorris · · Score: 5, Informative

    The headline is crap, of course.

    That said, it's not too hard to have a version such that you know it's unaltered when you boot each morning. You do basically a live CD, booting from a read-only lun.

    Just as you separate a normal user USING the machine from an administrator account UPDATING the OS, you can have the OS basically read-only during use and set it to writeable only when you need to update the software. That change is done outside of the OS, either via the NAS or the hypervisor.

    In that way, you can come in eqch morning knowing your Windows system hasn't been hacked (past tense). As soon as you open IE, though, you could get a new exploit. That exploit disappears when you shut the machine down, though.