Data Execution Protection. One of the ways buffer overflows are getting harder to exploit is because increasing prevalence of systems that support DEP (Data Execution Protection), which uses hardware to determine that a program is attempting to inject code into a running process. This has been in Windows since Windows XP SP2 and Server 2003 SP1, but Vista should help bump this feature into more prominence, since new versions of Windows are always targets at the next generation of hardware and aim to sell new computers. Its another thing that happens every time: You dont want to try to run Vista on a computer from five years ago. Incidentally, the Windows security paper also makes vague claims about protecting operating system components against heap tampering, although it doesnt say how.User Account Control. This has received the most attention of security features in Vista: The standard user account is now a restricted account that cant do dangerous things like install applications. When elevated privileges are required (yes, this is basically just like in Mac OS X) the user is prompted for credentials of an account with sufficient privileges. This is a good thing, but Im suspicious of the extent to which it will stop malware. The key is social engineering. It seems to me that in most cases where malware gets installed users know they are installing something and therefore will be willing to install what theyre told, and theyll need to have access to the administrator credentials, even if they dont run them regularly. And some users will just throw caution to the wind and run as administrator. But even administrative accounts will be less-privileged and run in "Administrator Approval Mode," where some operations will require an extra approval. Extensive help is available on MSDN (and has been for a while) to help developers write applications that work well in a least-privileged environment. Click here to read why analysts are saying that this could be Vistas "make or break" moment. New Log-on Architecture. The Windows log-on architecture has been completely ripped out and replaced with one that makes it easier to support stronger authentication systems, such as biometrics and smart cards. This is another one of those changes that will cause friction with the rest of the industry, since companies with such log-on products had to write custom GINA (Graphical Identification and Authentication) programs to work with Windows in earlier versions, and now theyll have to write a new version and maintain two of them until everything prior to Vista is obsolete. Oh well, these things happen, and the new versions should be easier to write and maintain than a secure GINA. The report describes other improvements, such as bundling Windows Defender, Microsofts anti-spyware application, and tightening of the Windows Firewall. Ive been wondering for a while if the bundling of Windows Defender extends to free updates to signatures used by it. Ive asked Microsoft and have gotten no clear answer. The document is written almost too carefully in this regard:
64-Bit Security Enhancements: Kernel Patch Protection and Mandatory Driver Signing. Ive written about this before: As of the 64-bit versions of Windows from Vista on, kernel-level code will have to be signed. And not just with any old signature, but a real code signing certificate issued by a real certificate authority. Even if a rootkit author were to go to the trouble and expense of obtaining such a certificate, it could be revoked for abuse. Sadly, this will be active only in the 64-bit versions.
Users who choose a third-party solution can keep Windows Defender enabled along with their preferred third-party solution, to provide added protection in the event one anti-spyware solution does not identify some spyware but the other one does. Also, if the users subscription to the third-party solution expires, the protection from Windows Defender will continue uninterrupted. Of course, users can turn off Windows Defender if they choose.