Scott Field: How secure is Vista, really? - Part I

Posted By: Charles | Nov 29th, 2006 @ 9:26 AM | 36,926 Views | 11 Comments
Scott Field is an Architect who's been working on software security at Microsoft for twelve years. His most recent work has been focused on improving security in general purpose monolithic operating systems, from the kernel to the shell. You've heard a lot about how Vista is our most secure OS ever. Now, sit back and learn exactly why we feel this accurate. Here we learn how and why Vista will do a great job protecting you from harm from one of the minds behind Vista's overhauled and much improved core security architecture.

In part 1 of this two part series, Scott takes us through a historical perspective of security at Microsoft and outlines what's new in Vista. In Part 2, we go whiteboarding and dig into the architecture of Vista security. The venerable Jeremy Mazner, technical evangelist and software developer,  joins me in conducting this interview.
Media Downloads:
Rating:
0
0
#Nov 29th, 2006 @ 12:40 PM
neilfmorrow
neilfmorrow
I read, heard something about the Blue Pill what is exactly is that and how does it affect Hypervisor???

In relation to patch-guard, is it true that patch-guard, in part, needs to read the number of pulses generated by the clock and can patch-guard be disabled or told in effect not to read the clock?

Will, the patch-guard like technology or technologies, be implemented at the hardware level at some-point in the future?
#Nov 29th, 2006 @ 12:52 PM
SecretSoftware
SecretSoftware
Code to live, but Live to code.
Very cool video Charles. Way to go!

I think alot of concerns I had with Vista's security had been addressed to some extend in this video.

I realize that Vista is just a snapshot of the roadmap to windows Vienna. The innovations in the security area with respect to Windows OS, will match those of Unix and Linux, and when Vienna comes out, it will be a matter of flavor to run Unix versus Vienna, rather than by security criteria.

The hyperviser technology and virtualization at the kernel level, is one reason I say this. The heuristics code that will check suspecious behavior in the system, will cripple root kits significantly.

I wish MS would have enforced the signed driver policy on 32-bit systems also, and worked with vendors to recompile their drivers and sign them to work in a digitally signed world.

The future is bright for Windows OS because Windows has been hammered for the past 20 + years more than others, and it has not been killed. So what does not kill you , only makes you stronger. I see this applies to windows and its very true.


I also, realize that you cannot make a 100% secure system, because technology is always evolving. But atleast MS is increasing the bar level higher, so that only capable engineers would be able to jump the bar level, and the majority of script kiddies are blocked. This is very cool.

If people had waited 2 more years, we might have had a more secure system than vista. Vista is claimed to be more secure, but its not tested in the wild. So its security is to be verified by how it stands up to hammering by the outside world. Vista's new innovative security features, makes Windows more secure by default than XP (out of the box sense), but not "Secure" in the absolute sense of the word.

So we can watch and see how Vista does, and wait patiently for Vienna.

Again, Thanks for giving us this inside look into Vista's security. You asked alot of good questions, that I myself and I am sure others, have woundered about, and got them addressed at least in part.Big Smile

#Nov 29th, 2006 @ 4:07 PM
RichardRudek
RichardRudek
So what do you expect for nothin'... :P
35:34. Checking...

Hmm, Good Info.  But the abrupt ending was a worry...


#Nov 29th, 2006 @ 4:21 PM
Charles
Charles
Welcome Change
RichardRudek wrote:
35:34. Checking...

Hmm, Good Info.  But the abrupt ending was a worry...




It was a long interview. Hard to find the perfect spot to create a part 1 from. We found it, but the window was real small..... We talked about so much and it is all related, technically.


C
#Nov 29th, 2006 @ 6:45 PM
RichardRudek
RichardRudek
So what do you expect for nothin'... :P
Charles wrote:

It was a long interview. Hard to find the perfect spot to create a part 1 from. We found it, but the window was real small..... We talked about so much and it is all related, technically.
C


D'oh (magoo), I've done it again.

I didn't realise it was a two-parter... [A]
#Nov 30th, 2006 @ 6:41 AM
LarryOsterman
LarryOsterman
neilfmorrow wrote:
I read, heard something about the Blue Pill what is exactly is that and how does it affect Hypervisor???

In relation to patch-guard, is it true that patch-guard, in part, needs to read the number of pulses generated by the clock and can patch-guard be disabled or told in effect not to read the clock?

Will, the patch-guard like technology or technologies, be implemented at the hardware level at some-point in the future?


Blue pill was a proof of concept piece of software that ran as a hypervisor.
#Dec 1st, 2006 @ 8:46 AM
kishoret
kishoret

I went through the video for 20 minutes. Scott field is talking sooo sloww..he reminded me of the guy from the movie "office space". the way he says yeahhhh....("About the TPS report..."). its making me fall asleep. Have to get back to this later Big Smile

#Dec 4th, 2006 @ 7:53 AM
child998
child998

Im sorry but MS lied, I remember seeing a video saying Vista wont get spyware any more, and it does. I went onto a website I new had spyware, the system got infected, and when i tryed to remove the spyware, the computer restarted. After that each time i loged into Vista, it kept on saying explorer has crashed and it restarts explore, doing that in a loop. Thats not a driver problem, its a Vista is not as good as we was told problem Sad

Now ok if i was not in admin mode I would of had to enter a password, but when you get a system from say PC world, its not going to have a admin account stopping you from installing things, as PC world would get loads of phone calls, saying hay i cant install something. So there UAC wont help at all sadly.

Microsoft Communities