Opinion: We've heard it before, but Microsoft has a lot more security credibility these days than it had a few years ago.
Its true Microsoft says it every time, but the software maker paid particular attention to security in Windows Vista. The company took more advice and more risks than ever before, deprioritizing many other concerns that were heretofore paramount. Were still only in beta, but does it look like Microsoft has delivered?
Luckily the company just published a document titled "Microsoft Windows Vista Security Advancements,"
so we have a list of its own claims to evaluate. And just last week we heard of a significant advance in Vista that didnt make the PR document.
The Security Development Lifecycle.
Three years ago Microsoft created a security group to be involved with development at all stages, but Vista is the first product to be designed from the ground up with such consideration. (Actually, it sounds remarkable that such a development is so recent, but at least Microsoft finally did it.)
Has this made a difference? The jurys still out. But its encouraging to hear some of the measures used. All buffers in the code are marked up to assist automated analysis tools. Fuzz testing is used extensively throughout development. Microsoft says it is pursuing Common Criteria certification.
This is an excellent example of how Vista takes the "least-privileged" philosophy seriously. Windows services are programs that run prior to user log-on. Many parts of Windows itself, such as the plug-and-play manager, run as services, as do many third-party programs such as anti-virus programs.
Do your machines meet Vistas requirements? Click here to read more.
The previous approach has been to log on services with a special account called the LocalSystem account, which is a relatively privileged account, often having access to system resources completely irrelevant to the services task. Not so in Vista, Microsoft claims:
Core Windows services included in Windows Vista have service profiles that define the necessary security privileges for the service, rules for accessing system resources, and inbound and outbound network ports that the services are allowed to use. If a service tries to send or receive data on a network port that it is not authorized to use, the [integrated Windows personal] firewall will block the network access attempt. For example, the Remote Procedure Call service in Windows Vista is restricted from replacing system files, modifying the registry, or tampering with another service configuration in the system (such as the anti-virus software configuration and signature definition files).
Good example. The RPC service has an unfortunate history, being at the center of the Blaster worm event. In fact, some of the other more famous and damaging network wormsSasser, for examplehave targeted services. What they do is find some overflow that can be triggered through network protocols and use that overflow to run exploit code. In Vista, these overflows will be far harder to find and exploit (more about this below), and restricted services will make it harder to do anything useful with them.
Next page: Buffer protection.