Microsoft Claims PowerShell Now More Secure

An anonymous reader quotes Wired: Last year, well over a third of the incidents assessed by security firm Carbon Black and its partners involved some sort of PowerShell component. But as network defenders catch on to Microsoft's recent release of additional PowerShell protections, the attack sequences that exploit PowerShell are finding some long-overdue resistance... PowerShell 5.0, released last year, added a full suite of expanded logging tools... While it's no panacea, and doesn't keep attackers out, the renewed focus on logging aids flagging and detection. It's a baseline step that helps remediation and response after an attack is over, or if it persists long-term... And PowerShell's recent defense improvements go beyond logs. The framework also recently added "constrained language mode," to create even more control over what commands PowerShell users can execute... The security industry at large has also made strides to determine what baseline normal activity for PowerShell looks like, since deviations could indicate malicious behavior.
Lee Holmes, Microsoft's principal software design engineer for PowerShell, says they've been "laser-focused on security since the very first version," adding that they're now moving towards a more enlightened approach.

"You can focus harder on protecting against breaches and defense in depth, but the enlightened approach is to assume breach and build the muscle on detection and remediation -- make sure that you're really thinking about security end-to-end in a holistic manner."

Re: MS's security cam

[MightyMartian]

That may be, but Windows is still a prime target, and while security features in a scripting language aren't a bad thing, at the end of the day what actually stands between a system and an attacker is the underlying OS. After all, Powrshell is hardly the only interpreter that runs on Windows.

I think Microsoft and its supporters should spend their efforts securing their own system, and stop the marketing-style "yeah, but look at MacOS!" nonsense. As to security, all OSs have vulnerabilities, so comparing who has more and the severity and so forth is just another form of pissing contest.

For myself, I still find Powershell a frankly horrible scripting language, it's only positive feature being that it's the best Windows has, and I'll its outrageously verbose syntax simply because it does do the job, no matter how awkwardly and slowly.

Re: MS's security cam

[Billly+Gates]

Linux has moved to encrypted binary log files[1], unfortunately, a vocal minority of older system admins and developers refuse to see the necessity of this feature.

[1]https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/g1E6AxVKtyc

SystemD hate is big for a variety of reasons. But I can see System Admins concern as how can you edit and run scripts on binary files?

I like the concepts of PowerShell and piping objects even if they are less readible as even in Unix not everything is an object. If Plan9 became popular the need for an object based shell like PowerShell would not be as much of an issue but still security is a problem in a text based system.

Perhaps since so much of Linux is turning object based that a new shell or extension underneath Bash could be used to do things like view and change logs that are binary or process XML files? Maybe a signed text based redirector framework so you could run awk, sed, perl scripts on binary systemD objects.

But the old times would go ballistic and switch to FreeBSD faster than you can say SystemD lol ... turns to sighs.