Sign in with
Sign up | Sign in

Microsoft Defends Win 7 Security After Pwn2Own

By - Source: Tom's Hardware US | B 38 comments

Microsoft compared Windows 7's security measures to a fire-proof safe.

Last week we reported that during Pwn2Own, two hackers were able to sidestep Windows 7's data execution prevention (DEP) and address space layout randomization (ASLR), and hack into Internet Explorer 8 and Firefox 3.6. One of the hackers, Peter Vreugdenhil, a freelance vulnerability researcher from the Netherlands, said that he used "fuzzing" to uncover two vulnerabilities in a fully-patched version of 64-bit Windows 7.

"I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP (data execution prevention) bypass,” Vreugdenhil said last week.

Days later, Pete LePage, a product manager in Microsoft's Internet Explorer developer division, came up to bat for IE's Protected mode, DEP and ASLR in a recent blog, saying that defense-in-depth techniques aren't designed to prevent every attack forever. Instead, they're in place to make it that much more difficult to actually find and exploit a vulnerability.

"One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire," LePage wrote. "Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last."

Apparently the "safe" isn't all that thick. Vreugdenhil said last week that the Windows 7 defenses weren't hard to overcome, taking at least six or seven days to "get everything to work." While he didn't specify the exploits he used to bypass DEP and ASLR, Vreugdenhil released a white paper explaining how he sidestepped Windows 7's security. The PDF file can be downloaded here.

Vreugdenhil will disclose the exploits once they have been addressed by Microsoft.

Discuss
Ask a Category Expert

Create a new thread in the News comments forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 27 Hide
    thedipper , March 29, 2010 11:31 PM
    My defense for Microsoft is:

    It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.
  • 20 Hide
    doc70 , March 29, 2010 11:34 PM
    Wasn't that hard? At least 6-7 days to overcome?
    Doesn't sound too easy to me.
    A little confusing there, Kevin.
  • 20 Hide
    flyinfinni , March 29, 2010 11:29 PM
    Interesting. Security really is a continual work in progress as Hackers will continue to find new exploits and they will continually be in the process of being fixed. Nothing is perfect and more and new ways to attack will continue to be developed.
Other Comments
    Display all 38 comments.
  • 20 Hide
    flyinfinni , March 29, 2010 11:29 PM
    Interesting. Security really is a continual work in progress as Hackers will continue to find new exploits and they will continually be in the process of being fixed. Nothing is perfect and more and new ways to attack will continue to be developed.
  • 27 Hide
    thedipper , March 29, 2010 11:31 PM
    My defense for Microsoft is:

    It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.
  • 20 Hide
    doc70 , March 29, 2010 11:34 PM
    Wasn't that hard? At least 6-7 days to overcome?
    Doesn't sound too easy to me.
    A little confusing there, Kevin.
  • 1 Hide
    jhansonxi , March 29, 2010 11:52 PM
    thedipperMy defense for Microsoft is:It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.
    They can but usually don't. You can't just deploy patches without testing. They've had patches break apps in the past.
  • 5 Hide
    trandoanhung1991 , March 30, 2010 12:28 AM
    jhansonxiWhen you hear that Windows 7 is the most secure OS ever, they don't mention that this is only when compared to the previous Windows version, not any other OS. I've heard this line from Microsoft with every release since Windows 95 (before that they didn't care about security at all and I've used Windows since version 2.0). Just slap some firewalls and anti-malware apps on it and everything will be wonderful, just like the advertisements claim.ASLR is like building a maze around your house. It may delay entry for a bit but if you built a proper security fence you wouldn't need it in the first place.


    All of you who talk crap about Microsoft and how their OS security sucks, do you know how hard it is to write software? When you have to write 100,000s lines of code (I doubt it's that little to be honest), do you think every line would be perfect?

    Every kind of defense/security can be broken given time and effort. Nothing is unbreakable. It's just that either technology hasn't catch up yet OR the return is not worth the reward.
  • 3 Hide
    masterjaw , March 30, 2010 12:48 AM
    ^ Unfortunately, I agree with you. But the important thing is that those loopholes should be fixed immediately as soon as it is discovered to minimize the damage. Hacking events would help improve security of softwares involved.
  • 8 Hide
    raithedavion , March 30, 2010 12:56 AM
    Actually, Windows 7 is the most secure OS ever created. It has been compared to both Linux and Mac OS X Snow Leopard.
  • -6 Hide
    jhansonxi , March 30, 2010 1:05 AM
    raithedavionActually, Windows 7 is the most secure OS ever created. It has been compared to both Linux and Mac OS X Snow Leopard.
    By who?
  • 9 Hide
    phantomtrooper , March 30, 2010 1:31 AM
    thedipperMy defense for Microsoft is:It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.


    And thats why I will keep buying Microsoft products. Not because they have less exploits in their programs, but because they are so concerned about patching them. I will support any company who is that concerned with my post purchase experience.
  • 14 Hide
    phantomtrooper , March 30, 2010 1:33 AM
    mlopinto2k1Why doesn't Linux need anti-virus protection? I KNOW code can be executed but in general... when I was using it I never had any problems of any sort. Why is this? I don't want to hear, "it's because the way it's designed"... NO SH!T


    Because the small portion of people that use Linux aren't worth hacking. Hackers will always focus on the largest market share which is Microsoft. Unix(like Linux) and Unix-like(like OSX) OS's are NOT invulnerable.
  • 6 Hide
    Anonymous , March 30, 2010 1:36 AM
    Actually, Windows 7 is the most secure OS ever created. It has been compared to both Linux and Mac OS X Snow Leopard.

    OX10 is actually pretty weak in the security department. Win7 is a lot more secure. Not enough money is made from hacking them since they are such a low % of the computer population which results in all the hackers going after windows.
  • 6 Hide
    warmon6 , March 30, 2010 1:46 AM
    jhansonxiBy who?


    These so called experts......

    http://www.tomshardware.com/news/pc-windows-apple-mac-osx,9557.html?xtmc=windows_7_more_secure_than_osx&xtcr=1

    In either case, my personal option, if it's made by 1 person, another person can crack that person codes. It may take time but any software can be broken.
  • 2 Hide
    jhansonxi , March 30, 2010 2:18 AM
    PhantomTrooperBecause the small portion of people that use Linux aren't worth hacking. Hackers will always focus on the largest market share which is Microsoft. Unix(like Linux) and Unix-like(like OSX) OS's are NOT invulnerable.
    Only on the desktop. On Internet servers *nix is much more popular. Even Tom's Hardware uses it.

    Desktops are an easier target, not a more valuable one. If a desktop gets hacked only the users of that desktop are subject to identity theft. It takes a lot of them to be useful as bots. If an Internet server gets hacked then the accounts of every user of that server are targets, SSL or not, and even the connecting client PCs can be compromised. If a web store is breached then the credit card numbers or bank account info of every customer is in jeopardy.
  • 1 Hide
    beergoggles , March 30, 2010 2:33 AM
    MSFT hamstrings itself, justifibly so IMO, by continuing to give backward compatability. Sure, a more modern from-the-ground-up OS or an OS that completely scraps prevous versions can be tougher to crack because they don't have to carry that baggage. But by offering such support MSFT allows enterprise or personal investments in software to not be flushed down the toilet whenever and upgrade is required. I'll take the trade off in security over functionality any day. Of course, I don't think it is THAT much of a trade off in Win7 .
  • 6 Hide
    XD_dued , March 30, 2010 2:52 AM
    ahnilatedI hope to god you are kidding about this.


    Well...if you were a hacker spending hundreds of hours trying to utilize an exploit would you have it hit 90% or 10%?
  • 0 Hide
    Anonymous , March 30, 2010 3:03 AM
    I'm with Microsoft. Those anti-MS people keeps yapping about Linux and MACOSX....Hello, independent test has shown Mac OSX is actually less secure than Windows. And Linux isn't hack proof either. It just that nobody wants to waste time attacking < 10% of the world, when they can attack 90% of the rest of the world!!!

    So far, i'm very happy with my Windows 7!
Display more comments