Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Scott Field: How secure is Vista, really? - Part I

Download

Right click “Save as…”

  • MP3 (Audio only)
  • WMV (WMV Video)
Scott Field is an Architect who's been working on software security at Microsoft for twelve years. His most recent work has been focused on improving security in general purpose monolithic operating systems, from the kernel to the shell. You've heard a lot about how Vista is our most secure OS ever. Now, sit back and learn exactly why we feel this accurate. Here we learn how and why Vista will do a great job protecting you from harm from one of the minds behind Vista's overhauled and much improved core security architecture.

In part 1 of this two part series, Scott takes us through a historical perspective of security at Microsoft and outlines what's new in Vista. In Part 2, we go whiteboarding and dig into the architecture of Vista security. The venerable Jeremy Mazner, technical evangelist and software developer,  joins me in conducting this interview.

Tags:

Follow the Discussion

  • Here are a few pointers to some additional reading on Vista security:
    Whitepaper on Vista Security: http://download.microsoft.com/download/c/2/9/c2935f83-1a10-4e4a-a137-c1db829637f5/WindowsVistaSecurityWP.doc

    CredMan (credential manager): http://msdn.microsoft.com/library/en-us/secauthn/security/credentials_management.asp?frame=true

    Scott's blog entry on kernel patching: http://blogs.msdn.com/windowsvistasecurity/archive/2006/08/11/695993.aspx

    Guidelines on driver installation: http://www.microsoft.com/whdc/driver/install/32-64bit_install.mspx

    UAC and the secure desktop: http://www.microsoft.com/technet/windowsvista/security/uacppr.mspx

  • I read, heard something about the Blue Pill what is exactly is that and how does it affect Hypervisor???

    In relation to patch-guard, is it true that patch-guard, in part, needs to read the number of pulses generated by the clock and can patch-guard be disabled or told in effect not to read the clock?

    Will, the patch-guard like technology or technologies, be implemented at the hardware level at some-point in the future?
  • SecretSoftwareSecret​Software Code to live, but Live to code.
    Very cool video Charles. Way to go!

    I think alot of concerns I had with Vista's security had been addressed to some extend in this video.

    I realize that Vista is just a snapshot of the roadmap to windows Vienna. The innovations in the security area with respect to Windows OS, will match those of Unix and Linux, and when Vienna comes out, it will be a matter of flavor to run Unix versus Vienna, rather than by security criteria.

    The hyperviser technology and virtualization at the kernel level, is one reason I say this. The heuristics code that will check suspecious behavior in the system, will cripple root kits significantly.

    I wish MS would have enforced the signed driver policy on 32-bit systems also, and worked with vendors to recompile their drivers and sign them to work in a digitally signed world.

    The future is bright for Windows OS because Windows has been hammered for the past 20 + years more than others, and it has not been killed. So what does not kill you , only makes you stronger. I see this applies to windows and its very true.


    I also, realize that you cannot make a 100% secure system, because technology is always evolving. But atleast MS is increasing the bar level higher, so that only capable engineers would be able to jump the bar level, and the majority of script kiddies are blocked. This is very cool.

    If people had waited 2 more years, we might have had a more secure system than vista. Vista is claimed to be more secure, but its not tested in the wild. So its security is to be verified by how it stands up to hammering by the outside world. Vista's new innovative security features, makes Windows more secure by default than XP (out of the box sense), but not "Secure" in the absolute sense of the word.

    So we can watch and see how Vista does, and wait patiently for Vienna.

    Again, Thanks for giving us this inside look into Vista's security. You asked alot of good questions, that I myself and I am sure others, have woundered about, and got them addressed at least in part.Big Smile

  • RichardRudekRichardRudek So what do you expect for nothin'... :P
    35:34. Checking...

    Hmm, Good Info.  But the abrupt ending was a worry...


  • CharlesCharles Welcome Change
    RichardRudek wrote:
    35:34. Checking...

    Hmm, Good Info.  But the abrupt ending was a worry...




    It was a long interview. Hard to find the perfect spot to create a part 1 from. We found it, but the window was real small..... We talked about so much and it is all related, technically.


    C
  • RichardRudekRichardRudek So what do you expect for nothin'... :P
    Charles wrote:
    
    It was a long interview. Hard to find the perfect spot to create a part 1 from. We found it, but the window was real small..... We talked about so much and it is all related, technically.
    C


    D'oh (magoo), I've done it again.

    I didn't realise it was a two-parter... [A]
  • neilfmorrow wrote:
    I read, heard something about the Blue Pill what is exactly is that and how does it affect Hypervisor???

    In relation to patch-guard, is it true that patch-guard, in part, needs to read the number of pulses generated by the clock and can patch-guard be disabled or told in effect not to read the clock?

    Will, the patch-guard like technology or technologies, be implemented at the hardware level at some-point in the future?


    Blue pill was a proof of concept piece of software that ran as a hypervisor.
  • I went through the video for 20 minutes. Scott field is talking sooo sloww..he reminded me of the guy from the movie "office space". the way he says yeahhhh....("About the TPS report..."). its making me fall asleep. Have to get back to this later Big Smile

  • Im sorry but MS lied, I remember seeing a video saying Vista wont get spyware any more, and it does. I went onto a website I new had spyware, the system got infected, and when i tryed to remove the spyware, the computer restarted. After that each time i loged into Vista, it kept on saying explorer has crashed and it restarts explore, doing that in a loop. Thats not a driver problem, its a Vista is not as good as we was told problem Sad

    Now ok if i was not in admin mode I would of had to enter a password, but when you get a system from say PC world, its not going to have a admin account stopping you from installing things, as PC world would get loads of phone calls, saying hay i cant install something. So there UAC wont help at all sadly.

  • Just for Fun
    CoolExpressionlessPerplexedSad
  • evildictaitorevildictait​or Devil's advocate

    It looks like child999 has run into one of  the following:

    • He is running Windows Vista and when he went to the spyware site, was prompted for administrative permissions which he gave. Since he allowed an unsigned application to have administrative permissions, he is a muppet and should not complain that his system got compromised.
    • He ran IE7 as an administrator by right clicking on it and running it as administator, thus providing admin credentials. See above. Note that he will also have to give his permission to install the activeX control, thus requiring two "acceptances" on his behalf.
    • He turned UAC off. It warned him, and he should have known the consequences. If he compromises his own system after being informed that he is compromising his system, he shouldn't be surprised that his system gets compromised.
    • He is using Windows Vista Beta 1. Perhaps he should try Windows Vista.
    • He is not running Windows Vista at all, and is propogating information that he has (mis)heard on the internet.


    To cut a long story short, his story doesn't add up. He should try again, and if the same thing happens with a release version of Windows Vista, he should write in to Windows Vista support.

Remove this comment

Remove this thread

close

Comments Closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.