With Windows Vista, Microsoft releases its first operating system fully built within its Security Development Lifecycle (SDL). Microsoft's SDL consists of a vigorous process of security application design, software coding, review, and response. The company's SDL process entails review by its software threat modelling team, and an in-house team of ethical hackers - its Secure Windows Initiative Attack Team.
While there has been talk in recent weeks surrounding a Vista flaw that may let hackers gain control of vulnerable systems, Microsoft has underplayed the flaw, stating that attackers would need direct access for a successful breach. No operating system will be flawless, and there will be vulnerabilities discovered in Vista. That should come as no surprise.
But, hopefully, Microsoft's laudable secure development initiatives will have yielded a much more secure operating system than previous generations. And while not a panacea, there are many new technologies and techniques incorporated in Vista that promise to reduce the risks associated with operating systems:
Vista uses hardware-enabled NX technologies that will help reduce the plague of buffer overruns that have made it all too easy for hackers and virus writers to craft exploits and malicious software capable of propagating, or infiltrating, systems through remote code execution. NX enables software to mark sections of the computer's memory as exclusive for data, and the processor will prevent applications and services from executing any code in these segments. This is very good news.
Address Space Layout Randomisation (ASLR).
Basically, ASLR makes it much more difficult for malicious code to exploit system functions. Whenever a Windows Vista computer is rebooted, ASLR randomly assigns executable images, such as DLLs and EXEs, to one of 256 possible locations in memory. This makes it quite a challenge for malicious code to locate and exploit functionality within executables.
As compared to XP, Vista has incorporated service profiles that define the necessary security privileges for the service and rules for accessing system resources, as well as inbound and outbound network ports permitted for use. Now, whenever a service tries to send or receive data on a port where it's not authorised, the firewall will block network access.
User Account Control (UAC).
UAC separates standard user privileges and activities from those that require administrator access, thereby significantly reducing the operating system's attack surface. Accounts with administrative privileges are made safer by limiting access to sensitive system resources and functions by default, and by prompting for approval when performing tasks that require greater privileges. UAC isn't a revolutionary technology, as operating systems from Apple and Redhat already have incorporated this type of control.
Native Network Access Protection (NAP) .
NAP enforces a system administrator's requirements when a client connects to the network. Whenever a client doesn't meet the "health" requirements, or internal policy levels, NAP can automatically update the client, or direct it to a separate network segment where the user can remedy the system.
While none of these technologies will solve end-point security, it's clear that Microsoft has made many moves in the right direction with the development of Vista. We all know security is a constant arms race. And only time will tell how well these defenses work—over the long haul—to help organisations attain higher levels of "trustworthy computing."
Hot or not: Early Vista flaws
By Amol Sarwate, on Jan 10, 2007 10:29PM