backtop


Print 45 comment(s) - last by Griswold.. on Sep 22 at 4:59 AM


Windows 7's XP Mode, shown here running Office 2003 (VM) aside Office 2007 (native) is actually a great security asset, crippling many types of malware, and breaking many hacker tools. This is actual an inadvertent benefit, but it is certainly welcome.  (Source: lockergnome)
The new version of Windows is stacking up to be the most secure to date

No computer system is completely secure.  Inherent insecurities exist in even the most secure systems, be it in the form of exploitable features in the operating system code or the big organic “insecurity” sitting in front of the machine, typing on the keyboard.  That said, Windows 7 is shaping up to be much more secure than its predecessors.

You might not hear that widely reported in the press.  Windows 7, like OS X, has been carefully scrutinized whenever a flaw sees the light of day.  Most recently Microsoft caught a flaw in Windows Vista, Windows Server 2008, and the Windows 7 Release Candidate.  The flaw in the Windows' SMB (Server Message Block) 2 had not yet been exploited, but Microsoft warns, "An attacker who successfully exploited this vulnerability could take complete control of an affected system. Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

A work-around for the flaw has been released, but Microsoft says the flaw is already fixed in the Windows 7 RTM and Windows Server 2008 R2 versions.  It is among the many that Microsoft has caught before it ships Windows 7, thanks to the largest public test of a commercial operating system to date.  This unusual openness has earned the company both praise and scorn, but overall it's indicative of progress when it comes to security.  And some of Microsoft's best security features in Windows 7 are almost unintentional, and haven't been widely publicized.

A new report by PureWire's Paul Royal, published in SC Magazine, a publication geared towards security professionals, indicates that Windows 7 will be the most secure Windows operating system to date.  He concludes that all but the many casual attackers will be frustrated enough to turn to easier routes of attack, such as social engineering schemes.

Windows 7's security is thanks in part to the OS patching routes to inject malicious code into the memory.  In previous Windows OS's, such as Vista, memory protections such as DEP and ASLR offered a degree of safety.  However, there were routes to get around these protections, relatively easily.  With Windows 7 blocking many of these routes and additionally with applications such as IE8, Firefox 3 and their plug-ins (Flash, Acrobat Reader, and QuickTime) at last utilizing these protections, Windows 7 is shaping up to be a very strong fort.

Additionally, Windows 7's XP Mode is likely to cause more headaches for attackers.  XP Mode is implemented using hardware virtualization extensions.  A common hacker tool -- rootkits -- rely on hardware virtualization and a special privilege level called VMX root mode.  With the OS now using hardware virtualization, attempts to gain the privileges necessary to launch the special hardware virtualization support needed by the rootkit tends to crash the OS or provide the user with warnings.  For this reason Blue Pill, one common rootkit, doesn't work well in Windows 7.

Many malware programs will also be crippled by XP-Mode.  This is because in the past Windows security software has used hardware virtualization extensions to detect malware.  It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected.  However, as all Windows 7 Professional and Ultimate licenses come with XP Mode, this malware won't run on a large portion of Windows 7 installs.  Modification is possible, but this will be time consuming and frustrating to attackers.

Again, no system is impenetrable, and surely new attacks and tools for cyber criminals will be developed to assault Windows 7.  However, its safe to say that Windows 7 will be the most secure modern Windows OS to date. 

In an effort to capitalize on its newfound vigor and support behind Windows 7, Microsoft has already begun to launch new commercials to that showcase the benefits of the operating system.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: vm vulnerability
By UrbanBard on 9/14/2009 1:44:07 PM , Rating: 2
I don't think you understand how a hypervisor works. This is hardware virtual machine technology. An external hypervisor controls everything that Windows XP can do, what ports it can use, what access it has to RAM and disk drives as well as what permissions it has. It is a much finer grained than the registry. It locks WinXP in its own virtual space. You don't need anti-virus. If that partition goes crazy on you, you erase it and start again.


RE: vm vulnerability
By RamarC on 9/14/2009 9:41:41 PM , Rating: 2
quote:
If that partition goes crazy on you, you erase it and start again.

Just saying you can erase it and start again isn't a solution. If a user has to use XP mode for a business critical task, the XP vm will still need malware/security software and any other precautions that a standalone XP install should have. Users may think that since they have protection software applied to Win7, the XP install will automatically be protected also. Low level hardware access may be impossible, but the XP vm will still be vulnerable to worms, trojans, etc.


RE: vm vulnerability
By UrbanBard on 9/15/2009 12:29:26 AM , Rating: 2
Intel VT allows you to sand box the OS, the application and the task you are working on. What this means that an exploit can no longer take over your machine. None of those have root level access any longer.

"Low level hardware access may be impossible, but the XP vm will still be vulnerable to worms, trojans, etc."

Correcting the problem can vary. Anti virus may help, but if you have a misbehaving plugin, it may best to just dump the process.

Isolating the problem is always a help. If your input data was corrupted then you need to tell who you got the data from.

As someone above said, using Windows XP emulation may require a more advanced OS and hardware with Intel VT.

I was just making fun of R3T4rd's assumption that hacking a Mac will be easier than Windows Seven. I don't think so.


RE: vm vulnerability
By Nobleman00 on 9/17/2009 5:27:42 PM , Rating: 2
I recently attended a briefing where near future security products are becoming VM aware, detecting that they are installed on a host OS, and automatically protecting the guest OS' installed in VM's. Before you buy an anti-virus product, you should check to see if it is VM aware.


"People Don't Respect Confidentiality in This Industry" -- Sony Computer Entertainment of America President and CEO Jack Tretton

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki