backtop


Print 45 comment(s) - last by Griswold.. on Sep 22 at 4:59 AM


Windows 7's XP Mode, shown here running Office 2003 (VM) aside Office 2007 (native) is actually a great security asset, crippling many types of malware, and breaking many hacker tools. This is actual an inadvertent benefit, but it is certainly welcome.  (Source: lockergnome)
The new version of Windows is stacking up to be the most secure to date

No computer system is completely secure.  Inherent insecurities exist in even the most secure systems, be it in the form of exploitable features in the operating system code or the big organic “insecurity” sitting in front of the machine, typing on the keyboard.  That said, Windows 7 is shaping up to be much more secure than its predecessors.

You might not hear that widely reported in the press.  Windows 7, like OS X, has been carefully scrutinized whenever a flaw sees the light of day.  Most recently Microsoft caught a flaw in Windows Vista, Windows Server 2008, and the Windows 7 Release Candidate.  The flaw in the Windows' SMB (Server Message Block) 2 had not yet been exploited, but Microsoft warns, "An attacker who successfully exploited this vulnerability could take complete control of an affected system. Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

A work-around for the flaw has been released, but Microsoft says the flaw is already fixed in the Windows 7 RTM and Windows Server 2008 R2 versions.  It is among the many that Microsoft has caught before it ships Windows 7, thanks to the largest public test of a commercial operating system to date.  This unusual openness has earned the company both praise and scorn, but overall it's indicative of progress when it comes to security.  And some of Microsoft's best security features in Windows 7 are almost unintentional, and haven't been widely publicized.

A new report by PureWire's Paul Royal, published in SC Magazine, a publication geared towards security professionals, indicates that Windows 7 will be the most secure Windows operating system to date.  He concludes that all but the many casual attackers will be frustrated enough to turn to easier routes of attack, such as social engineering schemes.

Windows 7's security is thanks in part to the OS patching routes to inject malicious code into the memory.  In previous Windows OS's, such as Vista, memory protections such as DEP and ASLR offered a degree of safety.  However, there were routes to get around these protections, relatively easily.  With Windows 7 blocking many of these routes and additionally with applications such as IE8, Firefox 3 and their plug-ins (Flash, Acrobat Reader, and QuickTime) at last utilizing these protections, Windows 7 is shaping up to be a very strong fort.

Additionally, Windows 7's XP Mode is likely to cause more headaches for attackers.  XP Mode is implemented using hardware virtualization extensions.  A common hacker tool -- rootkits -- rely on hardware virtualization and a special privilege level called VMX root mode.  With the OS now using hardware virtualization, attempts to gain the privileges necessary to launch the special hardware virtualization support needed by the rootkit tends to crash the OS or provide the user with warnings.  For this reason Blue Pill, one common rootkit, doesn't work well in Windows 7.

Many malware programs will also be crippled by XP-Mode.  This is because in the past Windows security software has used hardware virtualization extensions to detect malware.  It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected.  However, as all Windows 7 Professional and Ultimate licenses come with XP Mode, this malware won't run on a large portion of Windows 7 installs.  Modification is possible, but this will be time consuming and frustrating to attackers.

Again, no system is impenetrable, and surely new attacks and tools for cyber criminals will be developed to assault Windows 7.  However, its safe to say that Windows 7 will be the most secure modern Windows OS to date. 

In an effort to capitalize on its newfound vigor and support behind Windows 7, Microsoft has already begun to launch new commercials to that showcase the benefits of the operating system.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Damn it....
By R3T4rd on 9/14/2009 10:10:28 AM , Rating: 5
Hacker: Damnit....
Hacker: Hmmm....I guess I'll have to write my viruses/trojans/worms/etc..for macs now. I suppose *sigh* less PC's and $$$$ to make off Macs...but thier users are mostly stupid..err PC savy.




RE: Damn it....
By Gyres01 on 9/14/2009 10:57:05 AM , Rating: 5
Atta boy.....


RE: Damn it....
By headbox on 9/14/09, Rating: -1
RE: Damn it....
By Maxima2k2se on 9/14/2009 4:17:35 PM , Rating: 4
A Mac is a PC.

Just saying.

(again)


RE: Damn it....
By meepstone on 9/14/2009 4:33:44 PM , Rating: 3
Should I not be suprised that this idiot actually got mad and typed a rebuttle to a joke comment...


RE: Damn it....
By UrbanBard on 9/14/09, Rating: -1
RE: Damn it....
By Flunk on 9/14/2009 2:00:56 PM , Rating: 5
I don't understand the comparison. Intel Macs with Core 2 Duo processors were released in late 2006. You're comparing them to older XP systems that could be as old as 8 years.

The vast majority of PCs sold within the last 2 years shipped with Intel VT (or AMD-V which is equivalent) support, netbooks excepted. Of course Apple doesn't compete in that market so any argument involving netbooks is irrelevant to your point.

Leopard doesn't even support PowerPC systems at all. Apple was releasing new PowerPC G5 models as recently as 2005, only 4 years ago. The fact that Windows 7 will even run on these older systems is a testament to their longevity. Trying to put forward the idea that Macs have a longer supported lifetime is completely fallacious.


RE: Damn it....
By stonemetal on 9/14/2009 2:32:41 PM , Rating: 1
quote:
The vast majority of PCs sold within the last 2 years shipped with Intel VT
[citation needed] Not that it really matters any way XP mode isn't available in consumer versions of Windows 7.
quote:
Leopard doesn't even support PowerPC systems at all.
Entirely untrue Leopard(10.5) supports PPC, 10.6 does not.


RE: Damn it....
By Gock on 9/14/2009 5:50:44 PM , Rating: 2
quote:
Not that it really matters any way XP mode isn't available in consumer versions of Windows 7.


Wrong. XP Mode is available in both Windows 7 Professional and Windows 7 Ultimate, both sold in retail stores.

http://www.windows7hacker.com/index.php/2009/08/ho...


RE: Damn it....
By borismkv on 9/14/09, Rating: 0
RE: Damn it....
By King of Heroes on 9/14/2009 10:46:37 PM , Rating: 2
I'm pretty sure Windows 7 Enterprise is the "Business" version.


RE: Damn it....
By sbtech on 9/15/2009 7:17:18 AM , Rating: 2
No, Windows 7 Professional is for business users as well. It follows Vista Business edition.

Also laptops "targeted" for the business "segment" carries Vista Business now. Dell Latitude, Lenovo T or X series, and so on.


RE: Damn it....
By Sulphademus on 9/15/2009 11:49:07 AM , Rating: 2
Enterprise, at least with Vista, split the difference in features between Business and Ultimate. The REAL difference is licensing. Business and Ultimate and Home are generally tied to unique keys. Enterprise is a multiple install with one key kinda deal based on how many licenses you have in your MSFT Enterprise agreement.


RE: Damn it....
By sleepeeg3 on 9/14/09, Rating: 0
RE: Damn it....
By pattycake0147 on 9/15/2009 5:50:14 PM , Rating: 2
The only people that will pay that price premium have too much money, but the professional version is much more palatable. I'll have professional for what it's worth. Smart consumers will get the version that fits their needs. In this case their isn't a one size fits all solution.


RE: Damn it....
By mrteddyears on 9/16/09, Rating: 0
RE: Damn it....
By seamonkey79 on 9/16/09, Rating: 0
RE: Damn it....
By UrbanBard on 9/15/2009 12:10:09 AM , Rating: 2
"Intel Macs with Core 2 Duo processors were released in late 2006...The vast majority of PCs sold within the last 2 years shipped with Intel VT (or AMD-V which is equivalent) support, netbooks excepted."

I don't know what the numbers are. I suspect we'll have to wait for the proof of the pudding; that is, when System Seven is released. The truth will out then. What I had heard was that only the faster grade Core 2 processors had Intel VT hardware, thus the numbers were relatively low. I'm willing to be wrong on this. It's just what I heard.

"Leopard doesn't even support PowerPC systems at all. Apple was releasing new PowerPC G5 models as recently as 2005, only 4 years ago."

I fail to see the relevance of this remark. Once Apple announced its move to Intel in Aug 2005, it was understood that Apple would leave the PowerPC chips behind, sometime.

Five years is the normal cut off for Apple legacy hardware, so four years of warning is a year short. Those G5 PowerPC computers will be running fine for another three to five years. They just don't get any OS upgrades.

Apple is moving on, because x64 code wouldn't run on the PowerPC chip and PowerPC code wouldn't run the G5's any faster.

By optimizing on 64 bit Intel, Apple can take advantage of the increased registers in the Core 2 chips. But, we won't see the full effect of that until most of the apps are in 64 bit code.

An advantage of Apple is that it leaves behind obsolete hardware and software, so you always are leading edge. The disadvantage is that you can be obsoleted quickly. If you want the new you have to let go of the old.

How long is Microsoft going to support Windows XP?

"The fact that Windows 7 will even run on these older systems is a testament to their longevity. "

The question is if System Seven will run well enough to be useful on the old equipment. My understanding that System Seven runs better, but not faster than Vista. And Vista was a dog.

Usually, there is a greater turn over in PC's than Macs. What held things off for the last three years was that Vista was so bad that people kept from buying new computers or they down graded to Windows XP.


RE: Damn it....
By jordanclock on 9/17/2009 2:48:17 PM , Rating: 2
One question... Why do you keep calling it "System Seven?" It's Windows 7. Or just Win7.


RE: Damn it....
By MrPoletski on 9/18/2009 10:43:34 AM , Rating: 2
alliteration is the new stuff of hard-ons when it comes to tech talk, obviously.


RE: Damn it....
By dark matter on 9/15/2009 4:04:29 PM , Rating: 2
I would just like to point out that price has no bearing if an intel CPU has VT or not, bizarre as that sounds. :)


RE: Damn it....
By dark matter on 9/15/2009 4:12:21 PM , Rating: 3
Wow, downrated for telling the truth.

have a look for yourself then...

http://blogs.zdnet.com/Bott/?p=946&page=2

Ta.


Game cheating
By AnnihilatorX on 9/14/2009 10:59:30 AM , Rating: 4
quote:
Windows 7's security is thanks in part to the OS patching routes to inject malicious code into the memory.


Does that mean game trainers won't work anymore because they basically inject or replace codes in game memory?




RE: Game cheating
By Nighteye2 on 9/14/2009 11:41:54 AM , Rating: 2
It probably means that you have to specifically give those programs permission to do so.


RE: Game cheating
By MrPoletski on 9/18/2009 10:45:47 AM , Rating: 2
either that, or he'll just have to start playing a game properly instead of being a cheating loser;)

I, for one, would support anythign that got those rat bastard cheaters of the FPS servers.. if only just to shut the whiners up.

"ZOMG, I got killed, he MUST be cheating, WH WH WH AIM AIM AIM WAA WAA WAA"


RE: Game cheating
By majorpain on 9/14/2009 11:46:58 AM , Rating: 3
last time i tested yes, they wont run with windows 7, same thing goes for keygens. But u can always use xp mode for keygens.


vm vulnerability
By RamarC on 9/14/2009 11:50:04 AM , Rating: 2
other articles have suggested that the xp vm creates additional vulnerabilities since xp is less secure than win7 and a user's xp vm will not be protected by the security provisions installed on the host win7. for example, win7 may have a good anti-virus, but the vm may not.




RE: vm vulnerability
By UrbanBard on 9/14/2009 1:44:07 PM , Rating: 2
I don't think you understand how a hypervisor works. This is hardware virtual machine technology. An external hypervisor controls everything that Windows XP can do, what ports it can use, what access it has to RAM and disk drives as well as what permissions it has. It is a much finer grained than the registry. It locks WinXP in its own virtual space. You don't need anti-virus. If that partition goes crazy on you, you erase it and start again.


RE: vm vulnerability
By RamarC on 9/14/2009 9:41:41 PM , Rating: 2
quote:
If that partition goes crazy on you, you erase it and start again.

Just saying you can erase it and start again isn't a solution. If a user has to use XP mode for a business critical task, the XP vm will still need malware/security software and any other precautions that a standalone XP install should have. Users may think that since they have protection software applied to Win7, the XP install will automatically be protected also. Low level hardware access may be impossible, but the XP vm will still be vulnerable to worms, trojans, etc.


RE: vm vulnerability
By UrbanBard on 9/15/2009 12:29:26 AM , Rating: 2
Intel VT allows you to sand box the OS, the application and the task you are working on. What this means that an exploit can no longer take over your machine. None of those have root level access any longer.

"Low level hardware access may be impossible, but the XP vm will still be vulnerable to worms, trojans, etc."

Correcting the problem can vary. Anti virus may help, but if you have a misbehaving plugin, it may best to just dump the process.

Isolating the problem is always a help. If your input data was corrupted then you need to tell who you got the data from.

As someone above said, using Windows XP emulation may require a more advanced OS and hardware with Intel VT.

I was just making fun of R3T4rd's assumption that hacking a Mac will be easier than Windows Seven. I don't think so.


RE: vm vulnerability
By Nobleman00 on 9/17/2009 5:27:42 PM , Rating: 2
I recently attended a briefing where near future security products are becoming VM aware, detecting that they are installed on a host OS, and automatically protecting the guest OS' installed in VM's. Before you buy an anti-virus product, you should check to see if it is VM aware.


High Five Microsoft
By Coca Cola on 9/14/2009 9:32:19 AM , Rating: 5
High Five Microsoft




RE: High Five Microsoft
By Smartless on 9/14/2009 3:36:48 PM , Rating: 1
Microsoft is... Wait for it....

Le...
Wait for it...
Gen...
Wait for it...
dary


Some issues with the article
By Donovan on 9/14/2009 3:02:21 PM , Rating: 3
quote:
Additionally, Windows 7's XP Mode is likely to cause more headaches for attackers. XP Mode is implemented using hardware virtualization extensions. A common hacker tool -- rootkits -- rely on hardware virtualization and a special privilege level called VMX root mode.
Some rootkits use hardware virtualization, but not all. Rootkits existed long before the hardware virtualization features in modern CPUs (Vanderpool and Pacifica).

quote:
With the OS now using hardware virtualization, attempts to gain the privileges necessary to launch the special hardware virtualization support needed by the rootkit tends to crash the OS or provide the user with warnings.
Windows 7 itself doesn't use hardware virtualization...if it did there would be no way to use VMware. If you have Windows 7 Professional or higher you can download an add-on which is basically just Microsoft Virtual PC plus an XP VM that is pre-activated if used on a Windows 7 host.

Since most people will be using Home Basic or Home Premium and most businesses will probably not deploy XP mode unless they need it, this protection will be rather uncommon.

quote:
For this reason Blue Pill, one common rootkit, doesn't work well in Windows 7.
Is Blue Pill all that common? I would think kernel-based rootkits are still the norm...heck, even major corporations like Sony have shipped them.




RE: Some issues with the article
By michaeltw on 9/14/2009 9:21:39 PM , Rating: 2
Yeah, I think there are more then a few holes in the article - but the main one I see is, if this really is some great way to stop rootkits, why wouldn't MS just add the technology in.

Why does the new VPC help, is it purely the hardware VT stuff that help, so do you mean you have to have XP Mode running in order to be safer? And while he does say most people will have it - will most people really run it constantly? I could see a business with an LOB app but again, if this really is a "security feature" then why not embelish the article furhter and suggest everyone should run XP Mode constantly?

And for this paragraph:
quote:

Many malware programs will also be crippled by XP-Mode. This is because in the past Windows security software has used hardware virtualization extensions to detect malware. It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected. However, as all Windows 7 Professional and Ultimate licenses come with XP Mode, this malware won't run on a large portion of Windows 7 installs. Modification is possible, but this will be time consuming and frustrating to attackers.


When the writer says: "It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected" - does he mean where the VPC program is running or just VT entensions in general? I mean most all CPUs these days do have the entensions whether used or not.

Like the commenter above me said, Windows 7 itself doesn't do hardware virtualization - so again does the writer mean people need to run XP Mode specifically or any VPC virtual machine in order to be covered under side-effect? Or does he actually mean just programs running inside of XP Mode are safe?

Sorry to be blunt, but it just doesn't seem this was completely thought out by the writer.

Can the author please respond?

Thanks.


I read this days ago...
By jadeskye on 9/14/2009 9:40:19 AM , Rating: 2
This was on dailytech days ago. Why the re-up?




RE: I read this days ago...
By AnnihilatorX on 9/14/2009 10:58:03 AM , Rating: 2
It was then taken off very soon and disappeared


By mechBgon on 9/14/2009 11:49:05 AM , Rating: 2
As the title says, the WinXP Mode virtual machine should be given the same security precautions as a physical machine. If at all possible, use low-rights Limited user accounts instead of Admin accounts on the WinXP virtual machine, and consider adding a disallowed-by-default Software Restriction Policy. Enable its Automatic Updates and keep all the VM's installed software up-to-date, including the usual hit list of Flash Player, QuickTime, Adobe Reader, etc.

As for Win7, it's interesting that none of the Patch Tuesday patches, even those required by Vista, have been needed by Win7 RTM so far. Its time will come, of course... but it seems to be ahead of the curve at the moment.




Not so bad.
By MrWho on 9/14/2009 12:04:59 PM , Rating: 2
True hackers will eventually find a way around that, have no doubt about it. But script-kiddies (probably the source of 99% of the attacks) will have a hard time. They'll have to sit down on their thumbs and wait for tools to come out so they can follow the howtos on how to use them.




social engineeriing
By fic2 on 9/14/2009 12:16:26 PM , Rating: 2
quote:
many casual attackers will be frustrated enough to turn to easier routes of attack, such as social engineering schemes.


I not sure that social engineering would work that well - hacker with a thick Russian accent talking to someone with a thick Indian accent at the call center. Something tells me that there would be a lot lost in the translation.




Win98 mode?
By Silver2k7 on 9/16/2009 12:33:02 PM , Rating: 2
Can't they make a windows 98 mode?
Most things that work in xp seems to be working in Vista and im guessing it's the same with Seven.

A Windows 98SE mode would be much more useful, then lots of old games that stoped working with when NT was brought to the home OS, would suddenly get a revival.




Ummm
By MrPoletski on 9/18/2009 10:40:03 AM , Rating: 2
quote:

Welcome to Dailytech's virtualization section, sponsored by Microsofts virtualization


The first time I see this banner (ok maybe I just havent noticed it, guys?) is the first time I see a 'microsoft has a cool and really secure thing in it's upcoming OS' article on Dailytech.

guys?




Uhmm
By Griswold on 9/22/2009 4:59:47 AM , Rating: 2
"However, its safe to say that Windows 7 will be the most secure modern Windows OS to date."

No, its not. By default, while using an admin account (and most people will do just that), 7 is much less secure than Vista. That is because of the default UAC setting. At that setting, UAC can be circumvented relatively easily (google UAC code injection).

When using a standard user, the UAC setting is by default elevated to maximum - vista level, still with less UAC nagging.




ok
By ersts on 9/14/09, Rating: 0
"We can't expect users to use common sense. That would eliminate the need for all sorts of legislation, committees, oversight and lawyers." -- Christopher Jennings

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki