Some security researchers are already predicting a noticeable shift in the landscape once Windows 7 is launched by Microsoft later this year and finds its way into users’ hands over time.
It’s impressive to consider how much Microsoft has been able to elevate its reputation in the security realm over the last few years, despite continuing to grapple with a steady stream of newly discovered vulnerabilities.
Whereas the software giant was the industry goat only a few years back, it has been able to steadily improve its security image since launching its Trusted Computing initiative over five years ago.
And the arrival and proliferation of the company’s next generation Windows 7 release, planned for October, should help Microsoft take another significant step forward by introducing some new technological wrinkles that will make it harder for attackers to have their way with end users, at least according to Purewire Principal Researcher Paul Royal.
In a recent blog post posted on the security filtering specialist’s site Royal called out three specific Windows 7 additions or modifications that he said should thwart individual attack models, including rootkits and other cutting-edge malware.
According to the expert, primary security advantages of the new release include:
-Making it harder to exploit applications vulnerabilities: based on the increased use by third party developers of Windows memory protections including DEP and ASLR.
“The adoption of these technologies may cause criminals to shift their focus from attacks that are technical in nature to those that are social in nature,” Royal contends.
-Putting the brakes on rootkits: via the incorporation of Windows XP Mode (XPM) which uses hardware virtualization extensions to make rootkit installation “considerably more complex.”
-Catching more complex malware: through the enhancement of behavior monitoring features using hardware virtualization extensions with XPM.
“The release of Windows 7 looks to be an all-around win for security; its adoption will benefit both end users and security professionals,” Royal said.
And compared to only several years ago when the industry was dubious of any security-oriented promises being made by Microsoft, that’s saying a lot.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.