Comments on: Why Microsoft is wrong on Vista security
McAfee Chief Scientist George Heron says a technological dispute could usher in a new age of insecurity.
Most Popular
Latest tech news headlines
- Green-tech venture investing cools off in 2009
December 30, 2009 1:33 PM PST
- Apple wins appeal in earbud hearing-loss lawsuit
December 30, 2009 1:23 PM PST
- Hacker Gonzalez pleads guilty in Heartland breach
December 30, 2009 12:42 PM PST
- See all headlines
RSS Feeds
Add headlines from CNET News to your homepage or feedreader.
More feeds available in our RSS feed index.
- Markets
Related quotes
So, um, can anyone give me a good reason for this? I guess we have to conclude that this article must be 100% bovine scatology. I can't figure out any other possible explanation, can you, C|Net?
Quick where are my meds?
It will be interesting to see how this saga unfolds.
I'm glad Windows Vista is locking them out of the kernal because they've never done me any good.
McAfee also said its board of directors terminated Kevin Weiss' employment as company president.
http://today.reuters.com/news/articleinvesting.aspx?view=CN&storyID=2006-10-11T122025Z_01_WEN6771_RTRIDST_0_ACCOUNTING-OPTIONS-MCAFEE-URGENT.XML&rpc=66&type=qcna
Calls from user mode applications to the kernel mode components go through a SYSCALL instruction, then through an indexed table. Each syscall is assigned some number. Unix/Linux is also using a similar scheme. Note that the syscall numbers (table indices) can change from one OS release to another, even by a service pack. They are undocumented and are only figured out by a reverse engineering. The table resides in kernel memory. A kernel component can figure out the table location and replace the table item (function pointer) to its own function; this is called hooking. Note that as soon the call is hooked, there is no multiprocessor/multithread-safe way to unhook it, thus the hooking entity cannot be dynamically unloaded/reloaded. The same stands for Linux/Unix syscall dispatch table, though nobody bothers with such kludges for them.
Such hooking caused kernel instability, because the hooking function can violate syscall conventions, which are, again, undocumented and are subject to change.
Code which runs in kernel should generally be trusted, because it runs with almighty privileges. But because of such hooking crap, in Vista, the table is protected so it cannot be changed even by kernel components. Such move has been known coming for a few years already, but SYM/MCAFEE could not be bothered to fix their crap.
The original sin of Windows XP is not lousy security.
The security mechanisms (discretionary access lists - DACL) work, assuming that the user is only given privileges that match his qualifications and possible attack surface. Suppose, there is a flaw in the user's app, for example ICQ or AIM, or Real Player, or Flash, that allows arbitrary code execution. If it is exploited, malicious code is executed and tries to install itself permanently. If an user has proper (limited) privileges, the code cannot install itself, don't even think of installing a privileged component (driver or service).
The same holds for Linux. If some Firefox flaw is exploited and malicious JavaScript runs, it cannot install itself permanently with elevated privileges. Only if the user runs with root privileges (as in Lindows AKA Linspire), the exploit is possible.
Of course there are user mode privilege escalation vulnerabilities, but there's been very few such in Windows. More in Linux (see BugTraq).
The biggest mistake of Microsoft was giving new users administrative privileges. This was done because many games and crappy applications (such as ICQ) didn't obey published Windows development guidelines and required write access to privileged directories and registry keys. To avoid people screaming, the new users are all administrators. Then it's no wonder that when 10 or 70 years old clicks Yes when asked if he want this wonderful set of smilies, and the crapware is on the computer. THIS IS THE REAL PROBLEM.
Users are stupid. That's the real problem.
Most home users can't grasp the notion of running 2 differnt accounts with different privileges.
Add to that the fact that users (people) are (1) lazy and (2) gullilble and you can't help but have viruses, spyware and spam (oh my).
Why stupid? Most users have never taken a PC class. They know next to nothing (or, even worse, know lots of wrong info) about personal computers, thier OS or safe computer use. And, it's not that the resources for them to learn aren't there....they're everywhere!
So, why don't users take the time to learn from the free resources at CNET and all over the web? They're lazy. It's human nature. You can't fix it. People are lazy.
That's why they run under the admin account. It's just easier than having 2 accounts and switching everytime they want to download the latest spyware/virus/adware-laden freeware that they see on the web.
We live in a push button society. People want what they want (free software) and they want it NOW! There's no way the majority of PC users are going to use the admin and user accounts the way they should for safe computing - they want to install and use the software NOW! ( You know, like a child that wants a shiny new toy.)
Then, we toss in a pinch of gullible that would make Jessica Simpson seem like a chicken scientist, and BAM - we just kicked it up a notch!
Your everyday PC user is simply as gullible as a 4 year old being offered candy by a stranger when it comes to "free" software. You warn them not to take software from strangers, and then you watch in horror as they run after the stranger holding out the candy.
What Microsoft is actually trying to do here is to protect the users from themselves. And, friends, I'll grow a second horn before that is ever successful.
Instead of all of this blocking crap, why don't we opt for a less fantastic, but more secure, system of tracking software that is benign to the user.
What if we made Windows so that it would only install software that has been tested safe and has a hash that is verifiable via a 3rd party. Like Linspire's CNR, but with 100% checked and Microsoft-verified safe code. Or, like Downloads.com - but all scanned (or even tested) for code that indicates suspicious activity.
No suspicious code? - You get a program certificate that Windows will verify, accept and run. No certificate - no install.
Would it be a pain in the ass? Sure. But no moreso than the current LSD-inspired security schemes.
Look, you can't save people from themselves. That's like the notion that we can somehow end all poverty....it's a nice dream - but that's all it is - a dream. And, its a dream because people are lazy, stupid and gullible.
Wanna do something quick, easy and partially effective? Put up a small course on safe computing on every Windows installation instead of that Windows tour crap. And, test the user on the contents before you allow them to use or even register the OS.
If they can't understand how to do safe computing, they're (and we are) better off if the damn thing never starts anyway. And, if you've told them, and tested that they heard you, you'll be light years ahead of where we are now.
(fire when ready....)
Now, Microsoft decided to fix the flaw. BANG! There's the bomb.
So instead of doing their homework, the security companies whine and cry for their capital (Windows flaw) to be returned in Vista so they can keep themselves in business. Hahaha! What a loser...
All these translates to incompetency in addition to these security companies being totally left behind coping with the progress of the product they wanted to support. The cheapest resort of course is this pathetic hope that their whining will save them from spending millions of dollars on (delayed) R&D.
Come to think of it, Trend Micro is not complaining. And it seems they already have a product ready for Vista. Hmmm... Can you see why the pathetic author of this pathetic article is wrong?
I use McAfee, but after evaluating the knowledge level of the Chief Scientist - I will be removing it.
Its like this... When the user saves a file to the hard drive, the OS fires several internal events and lanches several internal functions in order to save that file.
Using "hooks" simply means that antivirus software places code in the system (since Microsoft doesn't give up the triggers to most events on thier own) to detect that a file is about to be saved to the hard drive, and runs the antivirus' scanning code before the file is allowed to be accessed by the user.
This catches viruses before the user can launch the file and lose all of his/her data or get infected with spyware/adware or whatever.
Hooks can be used very effectively for other things like intercepting drawing commands to the graphic processor and relaying them to another PC so that you can control your PC remotely at a decent speed. Blocking hooks may slow or even disable apps like these.
If anyone believes that Microsoft have "fixed" Windows and therefore no longer need the 3rd party support, you are a fool.
Anybody remember when Win ME was the cure for Win 98?
Anybody who thinks that this is all about Mcafee and Symantec being greedy, I don't believe either of them has ever been sued by the US or EU for anti-trust and unfair competition practices. Do your homework.
I have had Vista since the beta release, and also have had the RC1 release for several weeks. Nobody will be blown away by Vista. If you're smart, you won't run Vista on anything critical until at least 6 months after it's released, and the dust has settled.
But I do agree with most of what you say, but the:
>>>you won't run Vista on anything critical until at least 6 months after it's released<<<
I cannot agree with. Give it at least 1.5 years... not 6 months prior to running anything critical on it.
FWIW
P.S. I trust GW Bush 100-fold over Microsoft!!!
1. Code vetting;
2. Safe computing 101
Item 1 is partially implemented as AuthentiCode technology in Windows. Any executable (usually setup.exe) can be digitally signed by the vendor's certificate. When you try to run any executable downloaded from Internet, Windows shows a confirmation prompt, and also shows if the module is signed. Through a chain of trusted certificates, it verifies that the vendor's signature is indeed correct. There is no vetting by Microsoft (though there is "Designed for Windows" logo test). Imagine what noise would raise if MS started to require that.
Device drivers can (and _must_ in Vista) have digital signature, provided by MS. To get that signature, the vendor must run special test suite (WHQL test). "Signed device driver only" requirement, as one may expect, caused angry voices: "MS wants to screw hardware vendors" etc.
Another approach is code-based security, supplementing principal (user account) based security. Each module is assigned level of trust. This is implemented in .NET environment. You can run all external plugins with severely reduced privileges (no file access, etc), while the rest of an application enjoys more liberties.
Item 2 would help a bit, but how do you force all users to go through it? Lock the system out unless you pass a quiz?
We should be able to run one set of files for our operating system and one set for our network functions. These should be signed and protected by Microsoft at all costs in a way that makes it impossible for anything else to run without the user (or administrator) specifically allowing it. Attempts to modify allowed code should be blocked and immediately reported to Microsoft.
All third party drivers should be forced through a Microsoft validated process and distributed by Microsoft. The OS should no longer allow non-validated drivers.
A truly protected operating system that still allows all user-desired functionality is certainly a technical possibility - Microsoft must take responsibility for making this happen. Ultimately this will cost Microsoft less than the time and effort they spend now because of the non-protected nature of their OS's.
So-called "security vendors" such as McAfee and Symantec have been making billions taking advantage of Windows OS weaknesses. It is time for this to stop. Only the OS creators - Microsoft, Apple, and the various UNIX and Linux contributors - can create truly secure operating systems, and the mantras of "It's too expensive to do" and "It's not user friendly" has to end.
I wish folks that have a mental illness regarding microsoft would use Linux and let the rest of us get the best microsoft has to offer.
Perhaps the newer McAfee behaves better, but I'd never again trust a company which can't even provide a decent uninstall.
Of course Microsoft OS is guilty also of permitting McAfee and other virus software to access critical system components without users explicit permission. And 99% of the registry is an unnecessary cesspool. But that's another story.
(I've installed after this only the Zone Alarm fire wall. No virus detection software, and never had a problem for last 4 years.)
McAfee has absolutely no room what so ever to trash Microsoft or its attempts to do security changes. Even way back in my junior high school days (1991, FYI. Has it been that long?), McAfee was the anti-virus solution. Even back then, it stalled machines, didn't function properly, and generally was a royal pain. When I got my own machines, I gave McAfee a try. I suffered ths same problems; system slowdowns, resource hogging, ineffective virus catching, and a royal pain to uninstall. I eventually migrated to Norton, which I stuck with for a few years.
Now I've moved on to AVG. AVG works very well. I have little to no problems. Best of all, ITS FREE!! I don't have to pay a big bloated corporation who rips off millions of customers to have a good level of antivirus protection. Its sad when a free, stand alone anti-virus works better than McAfee and Symantec Norton System combined.
During the blaster worm crisis, whole networks were being shutdown! My properly patched XP and AVG combination kept my system up and running. Whole IT networks scrambled to shutdown, contain, sanitize, and patch. I think after that fiasco it fell to Microsoft to serious give Windows some shields and defensive weapons.
Vista looks very good on the defensive side. When McAfee can make a rock-solid antivirus that;
A) runs quietly in the background,
B) doesn't hog system resources,
C) actually finds the viruses before they take hold....
Then maybe McAfee or its associates can talk about security!
The best way to resolve the issue would be for Microsoft to adopt a fundamentally different approach for its kernel. Unfortunately, too much software has been written that depends on the kernel operating the way it does, so Microsoft is constrained by how much innovation they can do and still have backwards compatibility.
There is a better way: Switch to the Linux kernel and use an emulator layer (ala Wine) to interface with Windows software. It's by far the "better, faster, cheaper" solution.
I guess I'm not the only one who thinks so, because Microsoft already has made a deal to pay over $240 million Novell to do just that. (See http://news.yahoo.com/s/ap/20061108/ap_on_bi_ge/microsoft_novell)
I suspect that Vista is the last iteration of the Windows kernel that will ever be sold. Microsoft knows that the technology for writing the kernel is now ubiquitously documented. There is no financial future in writing kernels or operating systems.
Instead, we will see Microsoft moving into things like subscriptions, XBox, Zune, and other "way-cool" technologies. That's what Steve Balmer meant when he said recently: "The next frontier for us is to embrace a new business model. And if we embrace it well and that business model is subscription and advertising, where we will be a market leader. If we do not embrace it well there will be issues." (See http://news.yahoo.com/s/nm/20061109/bs_nm/india_microsoft_dc)
Happy Trails
Loye Young
Laredo, Texas
"The net-net is that the user is demonstrably less safe as compared to during the XP days, when security vendors could use their advanced behavioral features."
And so, once again, a supposedly-intelligent person demonstrates incredible intellectual laziness by continuing to propagate this meaningless term. Truly, "net-net" is a meaningless term. It is intended to convey the same meaning as "bottom line," but it fails miserably. George might as well have stated "The gross-gross of it..." or "The after-tax--after-tax of it..." for all of the meaning that his in-vogue use of "net-net" conveyed. Please George, stop with "net-net." In my experience, all of the people that use that non-term on a regular basis are idiots. Leave it to them.