Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Microsoft's Windows Red Team Keeps PCs Safe (wired.com)

Posted by msmash on from the hacking-for-good dept.

Wired has a story on Windows' red team, which consists of a group of hackers (one of whom jailbroke Nintendo handhelds in a former life, another has more than one zero-day exploit to his name, and a third signed on just prior to the devastating Shadow Brokers leak), who are tasked with finding holes in the world's most used desktop operating system. From the story: The Windows red team didn't exist four years ago. That's around the time that David Weston, who currently leads the crew as principal security group manager for Windows, made his pitch for Microsoft to rethink how it handled the security of its marquee product. "Most of our hardening of the Windows operating system in previous generations was: Wait for a big attack to happen, or wait for someone to tell us about a new technique, and then spend some time trying to fix that," Weston says. "Obviously that's not ideal when the stakes are very high."

[...] Together, the red teamers spend their days attacking Windows. Every year, they develop a zero-day exploit to test their defensive blue-team counterparts. And when emergencies like Spectre or EternalBlue happen, they're among the first to get the call. Again, red teams aren't novel; companies that can afford them -- and that are aware they could be targeted -- tend to use them. If anything, it may come as a surprise that Microsoft hadn't sicced one on Windows until so recently. Microsoft as a company already had several other red teams in place by the time Weston built one for Windows, though those focused more on operational issues like unpatched machines. "Windows is still the central repository of malware and exploits. Practically, there's so much business done around the world on Windows. The attacker mentality is to get the biggest return on investment in what you develop in terms of code and exploits," says Aaron Lint, who regularly works with red teams in his role as chief scientist at application protection provider Arxan. "Windows is the obvious target."

25 of 83 comments (clear)

  1. Let me guess... by ugen · · Score: 5, Funny

    Let me guess - "not very well". Wait, is that a trick question?

    1. Re:Let me guess... by phantomfive · · Score: 4, Insightful

      It's a good effort, but you can't bolt security on as an afterthought. It needs to be built into the core of the system, and every programmer needs to have it in mind, because any programmer can write a security hole.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:Let me guess... by TubeSteak · · Score: 1

      Microsoft's solution to insecure code was to graft on a layer of insecure security code.
      They tried. But the hackers are trying harder and winning.
      Again and again and again and again.

      --
      [Fuck Beta]
      o0t!
    3. Re:Let me guess... by phantomfive · · Score: 2

      Microsoft's solution to insecure code was to graft on a layer of insecure security code.

      That's right.

      --
      "First they came for the slanderers and i said nothing."
    4. Re:Let me guess... by Anonymous Coward · · Score: 5, Insightful

      Microsoft's solution to insecure code was to graft on a layer of insecure security code.

      Their solution to every problem is to graft on a layer of code, instead of fixing the problem. Windows is mostly made of fossilized band-aids at this point, carved into the shape of an awkward semi-tablet OS.

    5. Re:Let me guess... by Applehu+Akbar · · Score: 4, Funny

      Microsoft's solution to insecure code was to graft on a layer of insecure security code.

      No, the Microsoft solution for insecure code is to have the user run multiple conflicting and insecure antivirus programs constantly in background. This slows down the system enough so viruses don't have time to do much damage before the next Windows Update.

    6. Re:Let me guess... by AmiMoJo · · Score: 5, Insightful

      Actually they started out with a fairly secure OS, Windows NT. It had Unix-like permissions and actually went well beyond what most Unix-like systems of the time did in terms of access control.

      They they made it into a desktop OS (2000 and XP) which meant compromising the security in order to make it more compatible with Windows 98/ME. So they took a secure OS and added layers of insecurity on top.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:Let me guess... by Applehu+Akbar · · Score: 1

      MS document, hell! In my residential IT practice, I run into this situation all the time on Windows systems. Although the customer's new PC comes preloaded with the Windows Defender / MS Security Essentials that is now bundled with Windows, the hardware manufacturer often adds a trial copy of Norton Plugitallup 24/7 from force of habit. Then when the user's great-grandchildren come to Arizona (America's Hunzaland) for Christmas they install Avast because that's what they run on their old PC at home.

      When I approach a home where this is happening I don't even have to look at the street address. I just home in on the banshee scream of processor fans.

  2. Are these the nice people by Camel+Pilot · · Score: 5, Funny

    Are these the nice people that call me all the time from Microsoft who want to help fix my computer?

  3. "Windows is the obvious target." by Anonymous Coward · · Score: 1

    I would have thought Cisco was the obvious target given how often Cisco is used in major internet infrastructure and that there are CVEs for hard coded credentials in Cisco products just about every month.

    1. Re:"Windows is the obvious target." by stooo · · Score: 2

      Cisco is not a target.
      It's an open bar everyone can get drunken fro free.

      --
      aaaaaaa
  4. Keeps your PC safe by AHuxley · · Score: 1

    so the NSA can collect on you.
    All that effort kept the very best security experts guessing at what PRISM was for years.
    MS kept NSA collection safe on your PC.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:Keeps your PC safe by AHuxley · · Score: 1

      Strange how so many people are total experts on data moving globally out of the USA but they totally missed years of junk crypto and US wide domestic collection AC.

      --
      Domestic spying is now "Benign Information Gathering"
  5. LOL by Anonymous Coward · · Score: 1

    Oh I feel safe knowing that my corporate data is protected by some 0-day gameboy hackers.

  6. Red versus Blue? by 93+Escort+Wagon · · Score: 1

    Are the members of the Red and Blue teams sure they're actually doing what they've been told that they're doing? Is the head of Red team a super gung-ho moron? Is there a Spanish-speaking robot somewhere in the mix?

    --
    #DeleteChrome
    1. Re:Red versus Blue? by AHuxley · · Score: 1

      What happened to the few actual security professionals who reported domestic PRISM collection?
      What team was used to suggest they could totally trust the privacy and crypto settings?

      --
      Domestic spying is now "Benign Information Gathering"
  7. Re:Sad times indeed by HotNeedleOfInquiry · · Score: 1, Funny

    It is now official. Netcraft has confirmed: *BSD is dying One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test. You don't need to be the Amazing Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood. FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying. Let's keep to the facts and look at the numbers. OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts. Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house. All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

    --
    "Eve of Destruction", it's not just for old hippies anymore...
  8. Re: It's a paid ad by Anonymous Coward · · Score: 2, Interesting

    Totally paid. Did slashdot get included with the gitub snatch?

  9. How Microsoft's Windows Red Team Keeps PCs Safe? by najajomo · · Score: 1, Insightful

    HAAAA, nice one :]

    The Microsoft cyber attack DW Documentary

  10. Red Team by DrYak · · Score: 3, Funny

    Let me guess too :
    "Red Team" - also known as, the team at Microsoft with the highest stress-related burnout and suicide rates ?

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re: Red Team by phantomfive · · Score: 2

      No, they have the easiest job in the world: attacking Windows It's the blue team with the stressful job.

      --
      "First they came for the slanderers and i said nothing."
  11. Safe windows by stooo · · Score: 1

    >> How Microsoft's Windows Red Team Keeps PCs Safe
    Windows.
    Safe.
    Yeah, right.

    --
    aaaaaaa
  12. Ob by Hognoxious · · Score: 3, Funny

    They found the "off" switch?

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  13. Re:The only way the blue team wins is to power dow by hlavac · · Score: 3, Insightful

    The only way the blue team can beat the red team is to turn off their computers...

    Nope, thanks to the Intel IME bullshit, not even turning off will help

  14. doing a good job? by sad_ · · Score: 1

    an exploit a day? they've been awefully quit about it, all big vulnerabilities on windows i read about are found by other teams outside MS.
    right now, i got the impression Google is doing a better job finding vuls in Windows, and i can assume the 'red team' has access to the source code!

    --
    On a long enough timeline, the survival rate for everyone drops to zero.