Slashdot Mirror
Microsoft Claims PowerShell Now More Secure (wired.com)
An anonymous reader quotes Wired:
Last year, well over a third of the incidents assessed by security firm Carbon Black and its partners involved some sort of PowerShell component. But as network defenders catch on to Microsoft's recent release of additional PowerShell protections, the attack sequences that exploit PowerShell are finding some long-overdue resistance... PowerShell 5.0, released last year, added a full suite of expanded logging tools... While it's no panacea, and doesn't keep attackers out, the renewed focus on logging aids flagging and detection. It's a baseline step that helps remediation and response after an attack is over, or if it persists long-term... And PowerShell's recent defense improvements go beyond logs. The framework also recently added "constrained language mode," to create even more control over what commands PowerShell users can execute... The security industry at large has also made strides to determine what baseline normal activity for PowerShell looks like, since deviations could indicate malicious behavior.
Lee Holmes, Microsoft's principal software design engineer for PowerShell, says they've been "laser-focused on security since the very first version," adding that they're now moving towards a more enlightened approach.
"You can focus harder on protecting against breaches and defense in depth, but the enlightened approach is to assume breach and build the muscle on detection and remediation -- make sure that you're really thinking about security end-to-end in a holistic manner."
Lee Holmes, Microsoft's principal software design engineer for PowerShell, says they've been "laser-focused on security since the very first version," adding that they're now moving towards a more enlightened approach.
"You can focus harder on protecting against breaches and defense in depth, but the enlightened approach is to assume breach and build the muscle on detection and remediation -- make sure that you're really thinking about security end-to-end in a holistic manner."
That may be, but Windows is still a prime target, and while security features in a scripting language aren't a bad thing, at the end of the day what actually stands between a system and an attacker is the underlying OS. After all, Powrshell is hardly the only interpreter that runs on Windows.
I think Microsoft and its supporters should spend their efforts securing their own system, and stop the marketing-style "yeah, but look at MacOS!" nonsense. As to security, all OSs have vulnerabilities, so comparing who has more and the severity and so forth is just another form of pissing contest.
For myself, I still find Powershell a frankly horrible scripting language, it's only positive feature being that it's the best Windows has, and I'll its outrageously verbose syntax simply because it does do the job, no matter how awkwardly and slowly.
The world's burning. Moped Jesus spotted on I50. Details at 11.
Let's start with the operative sentence: "...doesn't keep attackers out, the renewed focus on logging aids flagging and detection. It's a baseline step that helps remediation and response after an attack is over, or if it persists long-term..." Really? Gee - thanks, Mister! After the damage is done - long-term, BTW -we'll have logs! Logs solve everything! Dumbass....
MS has been the uncrowned queen of "just barely good enough to make money" forever and people were too stupid to recognize that and stay away. Now they can easily get away with it. Take these new promises for what they are worth: nothing at all.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
While it's no panacea, and doesn't keep attackers out...
Well I'm sold! Say no more!
Anons need not reply. Questions end with a question mark.
What class of users should be allowed access to powershell but not to all the commands ? I struggle to imagine that powershell is the domain of anyone who doesn't merit full access to the computer. OK maybe they do exist, but I can't see it being a lot of people. And besides, if the restrictions only apply to powershell people who can grasp powershell have the wherewithal to find other ways to get around them.
Nullius in verba
Get-AppxPackage -allusers | Remove-AppxPackage
Need I say more?
That may be, but Windows is still a prime target, and while security features in a scripting language aren't a bad thing, at the end of the day what actually stands between a system and an attacker is the underlying OS. After all, Powrshell is hardly the only interpreter that runs on Windows.
I think Microsoft and its supporters should spend their efforts securing their own system, and stop the marketing-style "yeah, but look at MacOS!" nonsense. As to security, all OSs have vulnerabilities, so comparing who has more and the severity and so forth is just another form of pissing contest.
For myself, I still find Powershell a frankly horrible scripting language, it's only positive feature being that it's the best Windows has, and I'll its outrageously verbose syntax simply because it does do the job, no matter how awkwardly and slowly.
How many grandmas have Powershell turned on with execution-policy Allsigned or RemoteSigned turned on by default for hackers to target? If you are going to target you use an ad.
I am not all pro MS per say but I can do nifty things with PowerShell like this on my SSD drivers " Get-PhysicalDisk | Get-StorageReliabilityCounter | Select Wear " to find on the disk in percentages. Cool stuff as PowerShell deals with objects, while Unix scripts can only process things if they are text.
Nothing wrong with that in something like the Unix creators failed successor Plan9 where you can even pull up slashdot.org with shell scripting. But, impossible to do anything else in Unix if it is not a text file. I believe (As a non System Admin but a real one feel free to correct me) the hate on SystemD comes from the fact the log files are not text files.
For a Windows Admin binary files are good idea as a hacker can just rewrite /var/logs to cover the tracks which is an embarrasing security flaw. But if all your tools have perl -e ... awk, sed, and grep this is an unacceptable nightmare!
PowerShell uses objects for this reason so you can have encrypted binary event logs that hackers can't overwrite, but you can still view them.
http://saveie6.com/
"I am not all pro MS per say" ... Troll detected
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Linux has moved to encrypted binary log files[1], unfortunately, a vocal minority of older system admins and developers refuse to see the necessity of this feature.
[1]https://plus.google.com/+LennartPoetteringTheOneAndOnly/posts/g1E6AxVKtyc
SystemD hate is big for a variety of reasons. But I can see System Admins concern as how can you edit and run scripts on binary files?
I like the concepts of PowerShell and piping objects even if they are less readible as even in Unix not everything is an object. If Plan9 became popular the need for an object based shell like PowerShell would not be as much of an issue but still security is a problem in a text based system.
Perhaps since so much of Linux is turning object based that a new shell or extension underneath Bash could be used to do things like view and change logs that are binary or process XML files? Maybe a signed text based redirector framework so you could run awk, sed, perl scripts on binary systemD objects.
But the old times would go ballistic and switch to FreeBSD faster than you can say SystemD lol ... turns to sighs.
http://saveie6.com/