Robert Hess is cool. This interview is cool.
Here are some ideas as to the things that I am interested in.
1) C# team heads, + VB.NET team heads, discussing future of the .NET framework, did it achieve or reach the potential it was made for? Areas of improvment, adoption expecations versus actual restults. Did it basically live up to its expectations. Also what will come in C# 4.0, and VB.NET next.
2) How Multi-Core processing will affect the way we write applications. In the past decades , most people were not dealing with multiple threads in their applications. How will this affect C# and .NET in general, and the programming model in particular, and how transactions will come to play here.
3) Future of cryptography: As we have more powerful processing powers, what are the new stuff that will make online experiance secure and private?
4) Windows Vista design challenges and unexpected bumps during development. Where does Windows stand on security now as compared to its previous versions. Also, what about the content protection technology, is this bad or good?
5) How will online experiance , the web , will evolve. What are new visions that MS has that will make the future more interesting than it is already.
6) Software Technology meeting Biological Genetics: Basically bioinformatics and how software will simplify understanding of biological function at the gene level. What MS is doing to improve this growing field.
It would be very interesting for me to at least get one of these topics talked about in the Technology roundtable with Mr. Hess.
PS: Its nice to see Channel9 going to the next level in terms of content.
Nice video. Its always nice to see you in the Videos Charles!
I think you should do that with all future videos;)
I just wanted to say , Patch guard, or the hyperviser, will only make crackers move up one level. They will use the APIs to the Kernel, and do what they want. in the same way the security vendors are using it, to do their, dirty work.
but if MS added heuristics to detect malicious software behavior, then this can be reduced by 60-70%.
hey being clothed is better than being naked. Prevista, the Kernel was naked, now, it has some clothes on.
MS should have moved the WinKernel from Ring0 to Ring1 in that onion. PatchGuard can then secure Ring1 Code. This way you get rid of the impracticality of securing code with same priviliage level that exist in Vista.
Or, MS could introduce Zones within the Kernel layer, where one zone would have more previlage than the other. Kind of like the Throne and the King servents. Or the nucleous in a cell. Zone 0 Zone 1 Zone 2. Zone 0 Runs hyperviser and hurestics, Zone 1,2 run Kernel and other stuff.
Anyways, I look forward to seeing the cryptography in Windows Vista and Socket Security. Will certificate substitution work in vista (man -in middle attacks) as in before? or not?
What about the ASLR (Address Space Layout Randomization) which was intrudiced later in the dev cycle into Vista. This was already present in open-source OS , and linux. It was supposed to make the odds of a successful buffer overrun exploit 1/256 chances, because each time you restart winVista, the system resoruces that are loaded into memory are loaded in to randomal address space. It helped Linux be more secure than Windows in the past, and its a plus in terms of security. But in the Linux world, Crackers found a way around it with memory search tools and things like that. I dont know how MS implemented their ASLR but it would be cool to know more about it.
RootKits will still work in Win-32 Vista, although its much harder now. Even if people were not able to patch the kernel anymore with rootKits, they might patch process memory space with DLL injections and impersonation. Does Vista check at run time , if a process had changed? Suppose a DLL injection happened at Run Time for a process running in Windows Vista, would Vista block the injection or will allow the injection but crash the application or stop its execution?
What applications can access Raw Sockets? Does windows check?
Thanks for part 2. Its cool and I am looking to see the Crypto video (if will be done), on Vista and the new innovations as compared to prevista era.
Edit: Since we are in Security zone here, How secure is the Firewall in Vista? Will it prevent LAN attacks? like Arp poisioning, MAC Spoofing, things like that?
Very cool video Charles. Way to go!
I think alot of concerns I had with Vista's security had been addressed to some extend in this video.
I realize that Vista is just a snapshot of the roadmap to windows Vienna. The innovations in the security area with respect to Windows OS, will match those of Unix and Linux, and when Vienna comes out, it will be a matter of flavor to run Unix versus Vienna, rather than by security criteria.
The hyperviser technology and virtualization at the kernel level, is one reason I say this. The heuristics code that will check suspecious behavior in the system, will cripple root kits significantly.
I wish MS would have enforced the signed driver policy on 32-bit systems also, and worked with vendors to recompile their drivers and sign them to work in a digitally signed world.
The future is bright for Windows OS because Windows has been hammered for the past 20 + years more than others, and it has not been killed. So what does not kill you , only makes you stronger. I see this applies to windows and its very true.
I also, realize that you cannot make a 100% secure system, because technology is always evolving. But atleast MS is increasing the bar level higher, so that only capable engineers would be able to jump the bar level, and the majority of script kiddies are blocked. This is very cool.
If people had waited 2 more years, we might have had a more secure system than vista. Vista is claimed to be more secure, but its not tested in the wild. So its security is to be verified by how it stands up to hammering by the outside world. Vista's new innovative security features, makes Windows more secure by default than XP (out of the box sense), but not "Secure" in the absolute sense of the word.
So we can watch and see how Vista does, and wait patiently for Vienna.
Again, Thanks for giving us this inside look into Vista's security. You asked alot of good questions, that I myself and I am sure others, have woundered about, and got them addressed at least in part.
Anders Hejlsberg and Chris McConnell: Reflections on LINQ, Desktop Search, WinFS, Functional and IntNov 23, 2006 at 11:41 AM
questions to Andres, when is it going to be harder for MSIL to be decompiled into rich code? Can C# compiler (managed compilers) have obfuscation natively in them so I dont have to worry about my assemblies being decompiled on the fly?
Also, when will drivers be written in Managed code?
With linq, from a performance perspective, is using Linq to query sql more efficient or using sql stored procedures more efficient?
Lastly, what is going to be in C# 4.0? (C# transactional programming model for multi-core processing?).
I wished if Windows Firewall would have preset rules, for known applications based on application signatures downloaded from Windwos Updates. This way a user would not need to configure the firewall, but rather windows would apply the trusted settings from microsoft for the given application. So if malicious impersonating software somehow gets into the machine, its unable to connect to the internet because of the proactive defense of the windows firewall.
How many users know how to configure the NAT or the Windows Firewall? I bet not many even know how to get to it in their machines.
Secondly, given that Vista's networking stack is virgin, how can we assume that its secure before its tested in the wild for some months and years?
Very cool video.
So in a nutshell, IPv6 protocol is identical to IPv4 (interms of packets), but IPv6 allows more addresses, because now you have large number of permutations with alpha-numerical strings.
What about the security of the new networking stack. With NATs , you were able to protect yourself from worm attacks, because NAT will drop malicious packets, and its as if you have a good hardware firewall.
With Windows Vista, you have the Windows Firewall replacing NATs in software, but still software is not like hardware, as its error prone.
So, now if we can get a demo of how to program in .NET and unmanaged code (C++?) against IPv6, and what if any, is new in terms of programmability.
Does IPv6, and this tunneling technology, help lower costs of bandwidth for companies?
Will we be able to use secure protocols by default in our every day communications? Have every windows machine send encrypted packets using something like the SSL protcol, so the whole internet would become secure? I think public key crypto is good. (Every machine that wants to talk to me, would get my randomally generated public key and send me a private message, and vice versa.) This would prevent packet sniffing and explit trials.
But very good video. Keep it up Charles, always bring us the cool stuff .