"Longhorn" wont make its first appearance until the end of next year at the earliest, but with enterprises demanding better security tools, Microsoft Corp. is not waiting for the next version of Windows to ship before it makes changes to improve the security of some key components such as Internet Explorer, which will see a significant security upgrade in its next release.
"We made the decision that the things we were doing wouldnt just be in Longhorn and that we needed to get them into the hands of the current installed base as well. IE 7 is down-level to [Windows] XP, even though somewhat of a superset of it is the browser in Longhorn," said Microsoft Chairman and Chief Software Architect Bill Gates in an interview at WinHEC here last week.
In Longhorn, IE will run in its own protected space, thus isolating it from other parts of the operating system.
But even before Longhorn hits, Microsoft is adding several security enhancements to IE 7.0, which is due in beta this summer. The newest version of the browser will have technology to prevent cross-domain scripting, and the default mode will be one with a reduced privilege level to help prevent attackers from using IE as a stepping-off point for other attacks.
Version 7.0 may also include integration with Microsofts nascent anti-spyware technology, which is in beta.
Administrators said that the plan to isolate IE from the rest of Windows makes good security sense but that it is also ironic.
"Years ago, during the browser wars with Netscape [Communications Corp.], one argument being made to the [Department of Justice] was that IE was coupled to the operating system, integrated with the operating system, so it couldnt function as a stand-alone application," said David Robert, a systems manager for a global consulting and engineering company in Cambridge, Mass.
That meant IE was integrated with the operating system, and if something compromised IE, it had easy access and hooks into Windows. "But, if you consider that IE is probably one of the most-used products and has the most access to untrusted systems on the Internet, it kind of makes some sense to almost have IE behave like a bastion host," Robert said.
Matthew Patton, a network security engineer in Arlington, Va., said he does not believe Microsofts moves will be very effective. "Cross-domain scripting, for example, is a problem local to IE, and isolating IE from the operating system doesnt change anything in that regard," Patton said.
While the company works out the security kinks in IE, Microsoft has finally started to travel the long road that will end in the public release of Longhorn next year on the client side and in 2007 on the server side.
The Redmond, Wash., software maker is entering the third decade of Windows computing, which really became pervasive in its second decade with the release of Windows 95. Gates said he believes the advances that 64-bit computing and Longhorn will bring will be key early features and drivers of this decade, but he said the companys Trustworthy Computing effort "will be the biggest category for as long as I can see out in the future—lets say for the rest of this decade."
"We have moved from where people were asking if we really cared enough two years ago to now being viewed as a key security partner," he said. "That doesnt mean weve solved everything. Theres still more to be done, and its still our top issue, and a decade from now, making sure these things still dont stand in our way will probably still belong at the top of the list."
Network security engineer Patton does not agree with that characterization. "Windows has been Swiss cheese from Day One," he said. "Microsoft is finally starting to turn things around, and I dont mean to trivialize that, but its appalling that it took them a decade to get the message and only after the likes of the Department of Justice started putting their boot to Gates neck."
Virtualization is another key technology for Microsoft, and the company will be building that support into Windows, making sure the emulation is "very, very efficient," Gates said. "[Virtual machines are] coming up in a number of scenarios—whether its backward compatibility, load balancing, certain security things—and we are putting a huge investment into it."
Microsoft must be careful that the VM does not become a security weakness through which an attacker could insert a VM under the operating system, negating Windows security protections, Gates said. "So the operating system will have to become enabled to be able to look down and have whats called a chain of trust where it looks if it is a trustworthy [VM] running on trustworthy hardware. So Windows has to see whats underneath it," he said.