Hack Expert Says Windows 7 is Hard to Hack
Windows 7 is harder to hack than Apple's Snow Leopard--mainly due to Flash being installed by default on SL.
Security expert Charlie Miller has participated in the Pwn2Own contest over the last two years, and has won both times. Held in the CansecWest Conference in Vancouver, British Columbia, Canada, the contest challenges contestants to find "big bugs" in web browsers, operating systems, and even in mobile devices. With the 2010 conference just around the corner (March 24), oneITsecurity conducted an interview with the champ and asked Miller which was harder to crack: Windows 7 or Snow Leopard?
"Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default)," he said. "Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows."
He also added that a safe browsing combination would be to use Chrome or Internet Explorer 8 on Windows 7, however he said that there isn't enough difference between the two browsers to "get worked up about." But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer.
The interview also covered exploits on game consoles. As the interviewer points out, the devices are in our living rooms, in our dens and offices, yet there are still few exploits and vulnerabilities discovered. Why aren't security researchers working on finding exploits on these devices? Because there are more PCs, and game consoles don't need to be connected to the Internet.
"I’ve had Wii for a year or so and its never been on the Internet," Miller said. "Its hard to remotely attack the box when you can’t get packets to it :) Also, computers, and phones to a lesser extent, are designed to be customized, to download and use/render content from the Internet. This is where vulnerabilities exist and exploits are created. Game consoles don’t do this as much so the attack surface is much smaller. The final reason, is it is hard to do research on them. Its not easy to get a debugger running on an Xbox, for example."
To catch the full interview, head here.
- DoomBOX Makes id's Classic Shooter Portable
- Corsair Launches Reactor, Nova SSDs
- Activision Shuts Down Indie King's Quest Sequel
- Plextor Jumps Into SSD Fray With 64GB, 128GB
- Intel Introduces Faster Atom N470 at 1.83 GHz
- Aliens: Colonial Marines Back in the Picture
- The Beginning of the End for Windows 7 RC Users
- Computer Inventor Finds Computers "Annoying"
- Apple: Our Supplier Factories Employed Minors
- Dedicated Servers Arrive for Aliens vs Predator
- SPIED: Nvidia GTX 470 'Fermi' PCB Cut-out Cooler
- More Star Trek Games On The Way
- AMD Launches 6 Core CPU-ready 890GX Mobo
- Microsoft Shows Über-cool Mobile Touch-Surface
- VIDEO: Skinput Uses Your Body as a Touchscreen
- CryENGINE 3, Crysis 2 to Feature Full 3D Support
- Asus' Elusive Eee Keyboard Slips to April
- MSI's Toast PC Doesn't Do Your Bread
I thought macs never got virus...
I thought macs never got virus...
No no, Macs never get any problems at all ever. Any issue is the users fault, or the fault of a 3rd party software developer. Nothing Apple makes ever has problems.
The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.
We will soon see the reason why Steve Jobs wears the black shirt. He is half ninja. I am sure this guy will be dead for saying Windows 7 was harder to hack.
Ninja Steve.
The "expert" identified 3rd party softwares (Java & Flash) as the primary intrusion point. Not much any OS can do if the backdoor is wide open, despite which ever "fanboy" tag you wear.
But in all the commercials they tell me they don't!!!
What is the point of hacking anyhow. A challenge perhaps. There are plenty of other challenges out there in the world that are more productive. Hacking will only land you in jail, if you are not careful!!
...other than not default install the offending application.
Seriously, Flash sucks. It is like IE; take the market leading position and sit on it. Go HTML5! I rather use Silverlight than Flash.
Viruses are a non-issue from a security standpoint. No one should EVER get a virus, especially not in a business. If you get hit with a virus or worm, you should line up your IT staff and fire pink slips at them, then hire people who actually know how to properly build & manage IT systems.
If security isn't an issue for Macs, then why is there a 50,000 strong mac botnet?
Proper security is an issue for every platform. Security isn't a product, it's a process.
What is the point of hacking anyhow. A challenge perhaps. There are plenty of other challenges out there in the world that are more productive. Hacking will only land you in jail, if you are not careful!!
Well, of course, there is the whole monetary reason to get information as a pretty big point (even if it is illegal). But, one of the really good reasons to hack and have these hacking conferences is they expose the weaknesses in the OS or browser and allow the manufacturers a chance to fix them.
That said, I'm not surprised flash is a major troublemaker. The only problem I've had in the last 4 years was a result of a flash advert installing a Trojan (and it wasn't even a porn site!). NoScript and ABP are just great.
No no, Macs never get any problems at all ever. Any issue is the users fault, or the fault of a 3rd party software developer. Nothing Apple makes ever has problems.
lol. Sorry, I just had to laugh out loud. Good one.
i really don't know about the guy...opera has always been rated one of the top, if not the top, when it comes to security. but yet he mentions IE8 and chrome?
Well Flash is pretty much a standard add-on and if you use OpenOffice so is Java. I guess it's a balance between features and security. Typewriters can't be hacked (well maybe with a sword or something) but we still use computers and most of us use Windows.
Just wait 'til all the HTML5 security issues crop up. Web interactivity is gonna kill us all.
"He also added that a safe browsing combination would be to use Chrome or Internet Explorer 8 on Windows 7"
Didn't think I'd ever hear that IE8 was one of the safest browsers to use.
What I don't get is the headline. In the article it says older versions of Windows were harder to hack because they didn't come pre-installed with Flash or Java. Why does the headline say Windows 7 is hard to hack? It's supposed to make it EASIER according to the article. Weird.
I wish he would have mentioned something about Firefox using Flashblock.
Well Flash is pretty much a standard add-on and if you use OpenOffice so is Java. I guess it's a balance between features and security. Typewriters can't be hacked (well maybe with a sword or something) but we still use computers and most of us use Windows.
Thats it I need to try and hack a typewriter... anyone happen to know where one still exists outside a museum?
Well Chrome use encapsulation and IE 8 do "some" kind of encapsulation.
From my own experience I think Chrome is safer but it take a lot of memory.
HTML5 I don't know if it will be more secure, will it be more related to the browser than 3rd party??
Yes, IE8 has been proven again and again to be the most secure browser by far. It's hands down the most secure from what I'm read. You only hear about it more because of the domination of market share. Few people use Chrome, Opera, safari and even FF has low usage in comparison. IE is a larger target in other words.
I think he's no longer a hacking expert...
(although, maybe Windows finally is secure...LOLSUP)
What is the point of hacking anyhow. A challenge perhaps. There are plenty of other challenges out there in the world that are more productive. Hacking will only land you in jail, if you are not careful!!
Hmm.... howmany hackers (crackers) have actually been caught?
On the other hand, considering how many 360s are modded for playing pirated games I would not be surprised if some one finds an exploit for it soon.
Eventually with time exploits will be found, but kudos to MS for making a more secure OS. As for Apple i hope jobs thanks the GNU Unix guys they take all their technology from
Eventually with time exploits will be found, but kudos to MS for making a more secure OS. As for Apple i hope jobs thanks the GNU Unix guys they take all their technology from
apple is bsd, not unix, it is a of branch of unix, don't compare unix, linux and osx, the former two are way more secure then osx.
" But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer."
What was he on? What is the point of running a browser without Flash? Until HTML5 becomes a usable standard Flash is a must. A piece of advice Charlie Miller, use any car you want but never put any gas in it.
PS I have Flash on all my PC's and my chances of getting hacked are about as good as winning the lottery. Don't let these bogey men frighten you. If you take sensible precautions there is little to worry about.
How pathetic
Winwows is not secure.. no root priv needed to run any virus to pawn that system.
This is probably not quite on topic, but win server 2008 r2 doesn't have any activation protection lol, plus the way it installs and tries to intermingle all the roles - it's just asking to be assaulted. If anyone's ever used it firsthand they'd see how jumbled everything gets. That miller guy is a noob - all consoles have been hacked. If the guy that did the ps3 wanted windows 7 hacked, i'm sure he would do it before this miller dufus could. and "hard" is a relative term. Hard for him, but not hard once you find the answer. It's just like debugging - you're busy ripping your hair out for a good couple of hours before someone looks over your shoulder and goes, why don't you insert a debug statement here? Ah, there it is.
Mac's are not good targets because except for the US Mac's account for only a very small percentage of computer user's worldwide. Living in the US you get a false sense of how popular Mac's are. PC's are obviously the target and will be for as long as reasonable predictions can be. Linux is only safe because it has even fewer user's. Why target a group under 5% of user's when Windows has 92%???
unless these hackers are working for the companies and letting them know of vulnerablities wihout making the exploits known to malicious hackers, these guys should be in jail
what can u achieve by hacking a stupid console? personal information of some console gamer, dumb by default for choosing the platform, is useless anyways...