Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsofts Fathi: Vista Security Is Becoming Reality



 By: eWEEK
2006-09-06
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


  Table of Contents:
  1. Microsofts Fathi: Vista Security Is Becoming Reality
  2. ' Not the End of '

Rate This Article:
Poor Best
Microsofts Fathi: Vista Security Is Becoming Reality
( Page 1 of 2 )

Q&A: Having taken over Microsoft's Security Technology Unit in March 2006, Corporate Vice President Ben Fathi is guiding the software giant's bid to improve its standing with customers and the software community.

BOSTON—After taking on the responsibility of leading Microsofts efforts to secure its much-awaited Vista operating system, Ben Fathi, corporate vice president of the Redmond, Wash., companys Security Technology Unit, is in town at the Security Standard Conference to evangelize to the firms progress in those efforts.

While critics continue to say that Microsofts next-generation operating system will likely carry as many vulnerabilities as its predecessors and some of the software giants partners in the security applications markets have called the firm out for some of the new features present in preview versions of Vista, Fathi maintains that the companys Trustworthy Computing initiative is moving forward, and that the new OS will be the most secure Windows product the company has ever produced.

eWEEK Senior Writer Matt Hines sat down with Fathi at the conference on September 6th to get his perspective on where things stand with Vista at present, and in preparation for its launch in November 2006.

Resource Library:

What do you think are the most significant advancements in the first Release Client (RC1) version of Vista, compared to the beta versions of product?

Overall, I would say that the biggest improvements you will see are related to performance and reliability; its significantly faster than Beta 2 and much more reliable. I use it on two or three machines constantly and Ive had no problems with it.

In terms of security the biggest advancements are around User Account Control [UAC]; there are significantly fewer pop-ups, and the Active X install service that allows administrators to provide away for extended users to install things. Those are the big changes—there are lots of small fit and finish changes also.

One of the things that was in Beta 2 and we purposefully didnt talk about, and it got press afterwards, was ASLR—address space layout randomization, which helps with a whole class of attacks on system libraries.

If users tried out BitLocker in the Beta 2 release, the installation process was very complicated. We got feedback on that telling us that you needed a Ph.D. to install it. We spent a lot of time with usability engineers to really simplify the experience. Its a simple wizard now, with a few clicks you can encrypt your entire drive.

We also put a lot of investment in Windows Security Center; we want it to be open and available to all our partners so we worked with the vendors and took their feedback to make sure that its totally unbiased in terms of what it presents to the user.

It gives the vendor who has [security] software on a machine the ability to remediate if the end user runs out of subscription or the signatures are old. The first thing you get is the opportunity to fix the problem without hearing about other vendors. Or users can see other offers on a Web page that has a complete list of all the solutions available based on best cost of ownership for the user over a two year period.

But there are still lots of ways we can improve the system.

Weve heard some of your partners complain about Microsofts decision to employ PatchGaurd and restrict access to the Vista kernel. They contend that the tools Microsoft has offered in replacement wont allow them to build products that are as effective as when they had kernel access. How are you working to quell those fears?

Kernel patch protection isnt new to Vista. It has been shipping for over a year in the 64-bit versions of XP, so its not something new. Secondly, we have never endorsed or supported anyone patching the kernel in any way.

Vista RC1 tests: The migration road may be rocky. Click here to read more.

Its something people have done just because it was possible to do. But I like to use the analogy of the computer as your car, and patching the kernel is like trying to work on the engine while driving the car, its not a smart thing to do.

Now that we have all these multi-processor systems, patching the kernel is one processor modifying the instructions or data while the other is trying to execute them. Its just something you dont want to be doing. These third-party projects are changing instructions on the fly.

So you think some of the concerns that have been expressed are a bit overstated?

Its only on 64-bit versions of Vista. The security products involved, not anti-virus or anti-spyware, dont use this functionality. Its really behavior blocking applications and intrusion protection systems that do kernel patching.

For 32-bit systems, which will represent the majority of machines for an unknown number of years, the products will still work. But we dont endorse or support it. On 64-bit were saying this is a new ecosystem, a chance for us to start fresh and do things cleanly, so lets work together to come up with those APIs to do the extensions you want without hacking and patching the kernel.

Next Page: Not the end of Patch Tuesday.





  Reader Comments: Microsofts Fathi: Vista Security Is Becoming Reality
>>> Be the FIRST to comment on this article!
 


 
 
>>> More Network Security & Hardware Articles          >>> More By eWEEK
 


x}v89hN;/ۑȶkڲ<OzwEB!);yw% oВ=Im BUP(#ooD.\ݴ)¦d>}O$wB} ΚUQR c7,(bP<HwO7n[SY0Ra᳙*,Q  tjOt0]2t6;k>%o4ekOi cߨ_Z``1Zt|Rl ۗ#: rWӺ#A`fA|!QGu)tC(D>-Dm:O\'w*GUnspSa_ʞ0IYɼM"d2!j>vn3w2`~|!k`TxpHƶkMmW ؓ׌ڭA luy!l 1#oߞz$nRvn7oZ 205E2Z"[XdTZ ӱku8r 08juj=nf-n@w(6\'p}j F1 9Cɤ:ZdI}9e,f4öۢCCٰo4RihuE9*ՆRn9?Wcm9NeW4ϷFs˯ j4zUu7ۺs om%k%C\!\\ǭr ] + NַRߘ+0QR&jt4O3QA 1sӇ, /Br̀7Jq߸pK(ivdf1{Pd1XI/YTUi w;SҹvvNΏ3do̲5<ZMӀ Zvf ?Y ֫ӛkif@{ +|r>15M0\±¬:֪o~=7cK'^CsQ?&:aZ+땆~Ff2t!޺p|=!IoJ'|:<%8.!C_w nr@ i/]*KŗG)LY4C ! ,6ɜSHu t:f9AsM'Ff-ͨn #di|]\Xw p3Z&ߚT23}䚠MHk 3!RB۴/^$P!P샖_.[ jNTwEQS'w=^f&/\RB0Al8{ÄWT7wsY iz|68G]7kDm.s5-wnˢcZVp3muםS2_ ;0*>cq4Y`I-. :oo:jj#1ß}524T Gg&-d`q86acJݤ}aE=> 6aϩ>b뎓z>:AGAtišhέP7fh`CCҏ;Lڠ~NN{ݧn]?&tao/*Ab& ahi5 ZLH#AтMtT:n]`2Zw9ܻ-L&wzt` VGPC_!nH }P(Vr`{>[s9;ݲeǀ\u%w2Z}c%>] RRR$S !hI#r Bг1,`@o%``[X ar T<ʶBIJd&3,BV-KїPf%i2khƺń(VFN1|(0Vf)L˄Frf=6:{mQH08-wys3t7Nm~|YFhIO3_iy>g~9厬m[_4@~T&](\uΩIJ&k:HY3j-ysDrm ֌Os1r@@SjS͸T3Q2C+9Eۋ)i sX-8G4W- 'ٲZbY6(U7v/KƠR9?oWuJ@olm_eƠumLGe+-m" IHf(XKkezlxӇ8$&lU6LE? 7FG=0\Re_`}dҶvMj٫ X3ld tAqFAݔ`.@ELl5TWթz@4}&{d}@nfzSϐ‡r>G) z37HhpJae ΤԺLkQAa ĵa`{s1rl^ܳtgyq8XY:¾tٖүdONpu у9Je!6{e?l"{_f})VWB~* Ҥbk@Lf2,r'mAu،;$ Ei{ Y">7S>5 < ĉσ\׃RUaT$j]?5SXe;;pMbA >ES-cBL;$!O_'%Ex>5ᚉ 1$o':!#DE~H)v4c8SMwK\}O>xN¢ g-h'(0ZN * RIS?UU{MyR̚,+Ajm>a,0r6o\X^1S_e7UVELiKղAk JZ8~O+a>&ҳLpĵ)$jZ9 OYdY.eժR+5j`Wɠ< j;!(|{W !&c oR9 "%EDOCVi%gX&J*1ǟM1Շ}g=J п"}QLQUv٩b cy&m!@ޏcﻛ4}ֿJg^!2a^=G #WAw_ab>"a&`W{Zi\/0C~E/.OnÏ.F4r`R=(; J@S䆷G$bw}Wsz^^OOk6zv9F72SH#r=׾~߽_>_I#rѽH^'+΃ G7*E!ˁB<'uti)qfڎ7MJ,$LmkC2 xidD6 J*Xť}ڹ̂qK՜4"z ON3bn,qmj w}eYLoH:|XbHH\R ~tiwpu .P$BAnpkz!NUHe*e4Д+e3:M<;ۜ)5E_%'k'R-g[M7S+tY'D_q+ sz<~\3Z9ntHNbp j_tESr!,/Dec]Zims zsHfiR'D[3pu*lKhwCT䵴f[UHO~%!\8a=!l QڕCr^Trq=Dh$ݟ;V:FXbp/awʜW#S,`, ?Y .[ #vGg>&k?ȔZԍA0n=w>aHM\gh^PD(Vp-hh*f>VAk6Ê,;x\J/|[<,'Mw[GN?$a皴/? A ̯> H-@N fP ߼=&oq>p]Qz AC~gM}\0?yt;o[Me'  CNA}i^w7-Ufᆎy J~l/t>D(jE_c[{c9VȪ̅S.R؋O'G'3~`qx-:?`tH_wz`@L6#Gځ;W-3(,m3F-߸2{K3M7+x=*A ͏44 ]ekwB%J+{%nYhr;Tʒ%%դE,IQ )"{"F%t`5o14НNm*z>?-35!i 1N:6;y5t` QAXŀ01Vo lKp@ s8< N&[euw+[S'gSc;/HF#xgO,6-lG@|P ;a6 *|b1 \<U_L·⎭zgQy}rx|[qzLV_O\RG_陸xk2ٮgTg,Z2if_hbXbi&W&5f9X.CcFz Sa_FFy4£)ϋwd{:TEA:X'!번ԗsUub)?EHϚF C?Tf1~8qFXRKCԉι'OѱAZU yҝarޓnHn\c6EAǶIvc"Qb ގ;ۊsK-9jbb(8Tb;ngr-ٺ,WxT&tIt+iU%!*, }zI$9/iC6F-&"!YID)֜ϳ=d=ewXh@5x<9̐bB9d dݦ~83M2'*k. eњVI VnۏW/pۢI^"~ $=31Y ؑD _P7_wuE+k魛~NA/jEi ԥ!aJ4ͣl H>`,>4 Ψ!H7峿Tպ* c ]01 kmVB"G,alD,hDGiJ&Ez^] 난[oP%Uy^}cSyҀ`E3w]R EեRYq(# aHgz\\ZDdnwg+-[^Nf;\cnX!(M &LU-a 3 p/A@!J/I,LWk`]#d.2v :@9w[Oyk'&JȕҶLVyqBՁ |/w;$>1RnK=Xl+[Oyk'I&)mYX,϶4`F:z(}Db8C>x# Gmqk_RM^RkQ,xR3˙Rb7Hg` H+6JVR"Ojlc nz)b[ڲ9esp7);;;;뻃˥2ޠ\wpWXnt@Iu cVkw!{ ϛH}bV?r|^='[KJ'?H Z& [xJ `鲫8o}X2xp'x&XoH߂Ԝү4/HuH֓_ݒJ_Jk1%uRO_^L/Ն%.*ghULݒ^wydvȎiKWgwHXu &3rm+IF\kl`1af [ Q ]/EY1A8C` d;1ÐLHj~ж}A+=V4 mY[`8ϠċLV{_<@VE6bVܽ+敲ZR;d6N{<kyGHj|ubCj4t86e[fs&e<5 ,l~i)$=9G98\!O}@5>'3h Νko0sIׂɫ^_V ھ%٪<v\۶뿓$}j1n9P,C"&Hm(s c=˜-u[VN^ik&řܳExHcl(Z@ln"g+h1U9T'Fg/[?I#$:5H$6og@a]IYNx{fStCf vfa6 um|My#o5?. &3(, @^| {Nx^t J)LűE|&0A$ pSȯ\z?V*n'@ ń&o5KFQUrc[a|޺SSU~CX*R^q dPbp#zȮ;@]ovP]я TmS_^|g_D`W=0EƽUĠAɌBA5Rhs´5̈Gbv ]mz^CFJ;7]5S]<_q=%o7_CgnVu2Fc[wnycOnHcp@c,j7o*+JIcl@V`m4,\ <8BπTa>A4`}*iZ%26^UߑVR*jZ?";М|v"Af鷔W8Qi 'q\ozdzv2%.MG4$և5o4R]+jB߶"|pRN ':oCNH$Z۠[dн^"#hHY 1/׷W' +K\_`=Ud[j,K$¨AJ`\wtc:4 ?R)%o%&* }9`Vm$MZU!TgBaӅɱ~Z#ZMIde J\]z_#Ƅo#)/O L-! J!,7\cP |˜+S7R~ۣV7>B2<xW#W|#tfyl\+NƷk!8E' :rPZ-eF/|T2/b#-ɤ#޿>I11K= o 8pbXZ`Oh$}b 2uFf!&T) ='`N[^3vaGp-d:}G\a=bɹ `u:)45aBx ld Dps1xmDRRiM&ctkXa/،NyA6(1A~@>WLQXjm*!b3wħX, }+D:ŨtR%t]\UP*@J>S|??C H0^na9 g.X`,2E<ez?,G{Ga~2?yM:S̭/zy6t(YS1U&ƺ.nz,n !rPh$`x=9`1A:߰|cc|?뽙e2$(  G@Ka1c~Po֔J$2 >)%>gٕa)걪VRG핯? (ޯ ;UeK=M镬B*%^͂Ȅq~/w[= &a@}lFLÙ܎0C9_69t{5/qǟ5}ZGݩ;O'OgurXhYxV36/ME`9"eivšmL6Wc\]sxYx鎾(ah,.6r%:O;xRv}YQJ_mӄ-4NO!~3hJjm9Gj|q3_Z9q.65BA=^[I?7 5NMYp4ħEdHB+2[EEN/PKNPkN5_o.?isP)GNn.?vrOds,>s\~-λ˻V4g9nNZ r?A">v^^=˃зЧrrO/?Bǜs(?)-彜r˜̑K˜C9>~~+x*k !0l.!>BǼrc~~sw7y79{wNr!(oY NoR89B8_*Uy@a uySހ}VU<_`kW9t _ r ̭L_W'BX\jvr+^veo4vkYA {}yK/#ymo28 AQFgG6+.ȭ-'Hl]=g%%x=0?Mu{1پWߕ\*ܲ}:qOXE9K8G#iMPA9` Ӯ@D1KAA0_w9ݧ,O5;H_e,xĿ+¹gݞރ轊r mv+}^Ga^2 Ӯ3_6wŷ=I`|5@u,r V$Ƕ3x7X'05:%Yq1<̡Pl@PJ]XnXPb'ʞq}|8=;z|F"fɮnܙ%,H_g'4WBMxYum&$rq;+2poߋ~cläd |A«U/="2cT =`?Gcqt%O Mamă n='IDπnuM$f@gYl)VxRDN]szn()y+J9*م7xG{*Hqx*DB/7Qg} r@c]T1ng`SwDl .7(.O]% xWa)*e71KMP`Ol3C|B pcQ*Ү]^x[9a^ۺkAсYmw0o1`/#}^&c`H؂{XiW1JpC)tO˰@Nt3# ׀5V`=H\3(|9N]RnãǍGXǸ[ [+ Iy>p <Щ0T\bX%eܜMFz®u4mlvљߙnsQaWO_<'.tcb3,LڙFX<޳sW=?5fl3'a:=YʐL\ȏ,,L[녗Z']YE!hXj=E"O q~ fK#fE)[Rj2 19.fH9xI1%h3l䃈mAb?Õk[),{`yO|9+_0$a1+=:`-ha&t̵a}ar8Lt4Qs|J9Km)g3 {߂ ixv4J`gANTvQKe