Watch out Vista

By Ryan Naraine  |  Posted 2006-12-26 Print this article Print

Bulls-eye on Vista

Even as Vista is being held up as a standard-bearer for a secure Windows operating system, researchers and hackers interviewed by eWEEK caution against assumptions that attacks against Microsoft will go away.

For starters, Vista—both the enterprise and consumer markets—will remain low through 2007. Coupled with the mad scramble by hackers and vulnerability researchers to find code execution holes in the new OS, researchers believe its only a matter of time before Redmond is forced to start shipping regular monthly Vista security patches.

Dave Aitel, vulnerability researcher at Immunity, a Miami Beach, Fla. security consulting firm, said his company deliberately avoided testing Vista during the beta process and will hold off on full-scale pen tests until Vista wends its way into businesses.

Dave Goldsmith, president of New York-based Matasano, is curiously watching to see how Microsofts highly touted SDL (Security Development Lifecycle) holds up in Vista.

Goldsmiths team was hired by Microsoft to scour the Vista code for security defects and, although hes proud of the hardened nature of the OS, hes under no illusion that Vista is unbreakable.

In a podcast interview with eWEEK, Goldsmith said serious vulnerabilities will definitely be found in Vista but theres a sense of satisfaction in Redmond that the security model (UAC, ASLR, DEP, etc.) will blunt serious attacks.

Patching PatchGuard

Still, there are areas in Vista that have been—and will continue to be—defeated.

Alexander Czarnowski, chief executive of Avet, in Warsaw, Poland, predicts that 2007 will be the year that Microsofts PatchGuard kernel anti-tampering technology will be broken. "It might get broken immediately but it might be a year before its made public," Czarnowski said during a recent presentation at the Virus Bulletin conference. A security researcher associated with the Metasploit Project has already published an essay that proposes several different techniques that could be used to bypass PatchGuard.

Spam surge linked to Russian bot herders. Click here to read more. Authentium, a Palm Beach Gardens, Fla. security vendor has already introduced technology that bypasses PatchGuard without setting off the desktop alarms produced by the security feature.

Hackers and rootkit research gurus are hard at work looking at new techniques to bypass the controversial feature and 2007 could see Microsoft struggling to react to public announcements.

Monthly Bug Projects

Metasploits HD Moore started the trend in 2006 with "Month of Browser Bugs," a research project meant to expose gaping holes in Web browsers. That was quickly followed by hacker LMHs "Month of Kernel Bugs," and a short-lived threat to release Oracle zero-days.

Now comes word that 2007 will see another spate of monthly projects, targeting vendors with a history of antagonism towards security researchers. "There will be a MOAB (Month of Apple Bugs)," mysterious European hacker LMH said in an interview with eWEEK. LMH is stockpiling crash dumps related to Apple software and plans to release them early in 2007 to expose what he describes as the "myth" that Apple is serious about security.

David Litchfield, managing partner at NGSS, based in Surrey, UK, will continue his dogged battle with Oracle, starting in January 2007 with the release of a new book titled "The Oracle Hackers Handbook." Litchfield promises an in depth examination of all the techniques and tools that hackers use to break into Oracle database servers.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel