backtop


Print 45 comment(s) - last by Griswold.. on Sep 22 at 4:59 AM


Windows 7's XP Mode, shown here running Office 2003 (VM) aside Office 2007 (native) is actually a great security asset, crippling many types of malware, and breaking many hacker tools. This is actual an inadvertent benefit, but it is certainly welcome.  (Source: lockergnome)
The new version of Windows is stacking up to be the most secure to date

No computer system is completely secure.  Inherent insecurities exist in even the most secure systems, be it in the form of exploitable features in the operating system code or the big organic “insecurity” sitting in front of the machine, typing on the keyboard.  That said, Windows 7 is shaping up to be much more secure than its predecessors.

You might not hear that widely reported in the press.  Windows 7, like OS X, has been carefully scrutinized whenever a flaw sees the light of day.  Most recently Microsoft caught a flaw in Windows Vista, Windows Server 2008, and the Windows 7 Release Candidate.  The flaw in the Windows' SMB (Server Message Block) 2 had not yet been exploited, but Microsoft warns, "An attacker who successfully exploited this vulnerability could take complete control of an affected system. Most attempts to exploit this vulnerability will cause an affected system to stop responding and restart."

A work-around for the flaw has been released, but Microsoft says the flaw is already fixed in the Windows 7 RTM and Windows Server 2008 R2 versions.  It is among the many that Microsoft has caught before it ships Windows 7, thanks to the largest public test of a commercial operating system to date.  This unusual openness has earned the company both praise and scorn, but overall it's indicative of progress when it comes to security.  And some of Microsoft's best security features in Windows 7 are almost unintentional, and haven't been widely publicized.

A new report by PureWire's Paul Royal, published in SC Magazine, a publication geared towards security professionals, indicates that Windows 7 will be the most secure Windows operating system to date.  He concludes that all but the many casual attackers will be frustrated enough to turn to easier routes of attack, such as social engineering schemes.

Windows 7's security is thanks in part to the OS patching routes to inject malicious code into the memory.  In previous Windows OS's, such as Vista, memory protections such as DEP and ASLR offered a degree of safety.  However, there were routes to get around these protections, relatively easily.  With Windows 7 blocking many of these routes and additionally with applications such as IE8, Firefox 3 and their plug-ins (Flash, Acrobat Reader, and QuickTime) at last utilizing these protections, Windows 7 is shaping up to be a very strong fort.

Additionally, Windows 7's XP Mode is likely to cause more headaches for attackers.  XP Mode is implemented using hardware virtualization extensions.  A common hacker tool -- rootkits -- rely on hardware virtualization and a special privilege level called VMX root mode.  With the OS now using hardware virtualization, attempts to gain the privileges necessary to launch the special hardware virtualization support needed by the rootkit tends to crash the OS or provide the user with warnings.  For this reason Blue Pill, one common rootkit, doesn't work well in Windows 7.

Many malware programs will also be crippled by XP-Mode.  This is because in the past Windows security software has used hardware virtualization extensions to detect malware.  It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected.  However, as all Windows 7 Professional and Ultimate licenses come with XP Mode, this malware won't run on a large portion of Windows 7 installs.  Modification is possible, but this will be time consuming and frustrating to attackers.

Again, no system is impenetrable, and surely new attacks and tools for cyber criminals will be developed to assault Windows 7.  However, its safe to say that Windows 7 will be the most secure modern Windows OS to date. 

In an effort to capitalize on its newfound vigor and support behind Windows 7, Microsoft has already begun to launch new commercials to that showcase the benefits of the operating system.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Some issues with the article
By Donovan on 9/14/2009 3:02:21 PM , Rating: 3
quote:
Additionally, Windows 7's XP Mode is likely to cause more headaches for attackers. XP Mode is implemented using hardware virtualization extensions. A common hacker tool -- rootkits -- rely on hardware virtualization and a special privilege level called VMX root mode.
Some rootkits use hardware virtualization, but not all. Rootkits existed long before the hardware virtualization features in modern CPUs (Vanderpool and Pacifica).

quote:
With the OS now using hardware virtualization, attempts to gain the privileges necessary to launch the special hardware virtualization support needed by the rootkit tends to crash the OS or provide the user with warnings.
Windows 7 itself doesn't use hardware virtualization...if it did there would be no way to use VMware. If you have Windows 7 Professional or higher you can download an add-on which is basically just Microsoft Virtual PC plus an XP VM that is pre-activated if used on a Windows 7 host.

Since most people will be using Home Basic or Home Premium and most businesses will probably not deploy XP mode unless they need it, this protection will be rather uncommon.

quote:
For this reason Blue Pill, one common rootkit, doesn't work well in Windows 7.
Is Blue Pill all that common? I would think kernel-based rootkits are still the norm...heck, even major corporations like Sony have shipped them.




RE: Some issues with the article
By michaeltw on 9/14/2009 9:21:39 PM , Rating: 2
Yeah, I think there are more then a few holes in the article - but the main one I see is, if this really is some great way to stop rootkits, why wouldn't MS just add the technology in.

Why does the new VPC help, is it purely the hardware VT stuff that help, so do you mean you have to have XP Mode running in order to be safer? And while he does say most people will have it - will most people really run it constantly? I could see a business with an LOB app but again, if this really is a "security feature" then why not embelish the article furhter and suggest everyone should run XP Mode constantly?

And for this paragraph:
quote:

Many malware programs will also be crippled by XP-Mode. This is because in the past Windows security software has used hardware virtualization extensions to detect malware. It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected. However, as all Windows 7 Professional and Ultimate licenses come with XP Mode, this malware won't run on a large portion of Windows 7 installs. Modification is possible, but this will be time consuming and frustrating to attackers.


When the writer says: "It is common practice for malware to be written to not run on machines where hardware-assisted virtualization is detected" - does he mean where the VPC program is running or just VT entensions in general? I mean most all CPUs these days do have the entensions whether used or not.

Like the commenter above me said, Windows 7 itself doesn't do hardware virtualization - so again does the writer mean people need to run XP Mode specifically or any VPC virtual machine in order to be covered under side-effect? Or does he actually mean just programs running inside of XP Mode are safe?

Sorry to be blunt, but it just doesn't seem this was completely thought out by the writer.

Can the author please respond?

Thanks.


"I want people to see my movies in the best formats possible. For [Paramount] to deny people who have Blu-ray sucks!" -- Movie Director Michael Bay

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki