Microsoft Defends Win 7 Security After Pwn2Own
Microsoft compared Windows 7's security measures to a fire-proof safe.
Last week we reported that during Pwn2Own, two hackers were able to sidestep Windows 7's data execution prevention (DEP) and address space layout randomization (ASLR), and hack into Internet Explorer 8 and Firefox 3.6. One of the hackers, Peter Vreugdenhil, a freelance vulnerability researcher from the Netherlands, said that he used "fuzzing" to uncover two vulnerabilities in a fully-patched version of 64-bit Windows 7.
"I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP (data execution prevention) bypass,” Vreugdenhil said last week.
Days later, Pete LePage, a product manager in Microsoft's Internet Explorer developer division, came up to bat for IE's Protected mode, DEP and ASLR in a recent blog, saying that defense-in-depth techniques aren't designed to prevent every attack forever. Instead, they're in place to make it that much more difficult to actually find and exploit a vulnerability.
"One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire," LePage wrote. "Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last."
Apparently the "safe" isn't all that thick. Vreugdenhil said last week that the Windows 7 defenses weren't hard to overcome, taking at least six or seven days to "get everything to work." While he didn't specify the exploits he used to bypass DEP and ASLR, Vreugdenhil released a white paper explaining how he sidestepped Windows 7's security. The PDF file can be downloaded here.
Vreugdenhil will disclose the exploits once they have been addressed by Microsoft.
It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.
Doesn't sound too easy to me.
A little confusing there, Kevin.
It's Microsoft. They can have almost any exploitable security hole repaired and the patch rolled out to users all within the same day.
Doesn't sound too easy to me.
A little confusing there, Kevin.
ASLR is like building a maze around your house. It may delay entry for a bit but if you built a proper security fence you wouldn't need it in the first place.
All of you who talk crap about Microsoft and how their OS security sucks, do you know how hard it is to write software? When you have to write 100,000s lines of code (I doubt it's that little to be honest), do you think every line would be perfect?
Every kind of defense/security can be broken given time and effort. Nothing is unbreakable. It's just that either technology hasn't catch up yet OR the return is not worth the reward.
And thats why I will keep buying Microsoft products. Not because they have less exploits in their programs, but because they are so concerned about patching them. I will support any company who is that concerned with my post purchase experience.
Because the small portion of people that use Linux aren't worth hacking. Hackers will always focus on the largest market share which is Microsoft. Unix(like Linux) and Unix-like(like OSX) OS's are NOT invulnerable.
OX10 is actually pretty weak in the security department. Win7 is a lot more secure. Not enough money is made from hacking them since they are such a low % of the computer population which results in all the hackers going after windows.
These so called experts......
http://www.tomshardware.com/news/pc-windows-apple-mac-osx,9557.html?xtmc=windows_7_more_secure_than_osx&xtcr=1
In either case, my personal option, if it's made by 1 person, another person can crack that person codes. It may take time but any software can be broken.
I hope to god you are kidding about this.
Desktops are an easier target, not a more valuable one. If a desktop gets hacked only the users of that desktop are subject to identity theft. It takes a lot of them to be useful as bots. If an Internet server gets hacked then the accounts of every user of that server are targets, SSL or not, and even the connecting client PCs can be compromised. If a web store is breached then the credit card numbers or bank account info of every customer is in jeopardy.
Well...if you were a hacker spending hundreds of hours trying to utilize an exploit would you have it hit 90% or 10%?
So far, i'm very happy with my Windows 7!