Scott Field: How secure is Vista, really? - Part I

Sign in to queue

Description

Scott Field is an Architect who's been working on software security at Microsoft for twelve years. His most recent work has been focused on improving security in general purpose monolithic operating systems, from the kernel to the shell. You've heard a lot about how Vista is our most secure OS ever. Now, sit back and learn exactly why we feel this accurate. Here we learn how and why Vista will do a great job protecting you from harm from one of the minds behind Vista's overhauled and much improved core security architecture.

In part 1 of this two part series, Scott takes us through a historical perspective of security at Microsoft and outlines what's new in Vista. In Part 2, we go whiteboarding and dig into the architecture of Vista security. The venerable Jeremy Mazner, technical evangelist and software developer,  joins me in conducting this interview.

Embed

Download

Download this episode

The Discussion

  • User profile image
    jmazner
  • User profile image
    neilfmorrow
    I read, heard something about the Blue Pill what is exactly is that and how does it affect Hypervisor???

    In relation to patch-guard, is it true that patch-guard, in part, needs to read the number of pulses generated by the clock and can patch-guard be disabled or told in effect not to read the clock?

    Will, the patch-guard like technology or technologies, be implemented at the hardware level at some-point in the future?
  • User profile image
    Secret​Software
    Very cool video Charles. Way to go!

    I think alot of concerns I had with Vista's security had been addressed to some extend in this video.

    I realize that Vista is just a snapshot of the roadmap to windows Vienna. The innovations in the security area with respect to Windows OS, will match those of Unix and Linux, and when Vienna comes out, it will be a matter of flavor to run Unix versus Vienna, rather than by security criteria.

    The hyperviser technology and virtualization at the kernel level, is one reason I say this. The heuristics code that will check suspecious behavior in the system, will cripple root kits significantly.

    I wish MS would have enforced the signed driver policy on 32-bit systems also, and worked with vendors to recompile their drivers and sign them to work in a digitally signed world.

    The future is bright for Windows OS because Windows has been hammered for the past 20 + years more than others, and it has not been killed. So what does not kill you , only makes you stronger. I see this applies to windows and its very true.


    I also, realize that you cannot make a 100% secure system, because technology is always evolving. But atleast MS is increasing the bar level higher, so that only capable engineers would be able to jump the bar level, and the majority of script kiddies are blocked. This is very cool.

    If people had waited 2 more years, we might have had a more secure system than vista. Vista is claimed to be more secure, but its not tested in the wild. So its security is to be verified by how it stands up to hammering by the outside world. Vista's new innovative security features, makes Windows more secure by default than XP (out of the box sense), but not "Secure" in the absolute sense of the word.

    So we can watch and see how Vista does, and wait patiently for Vienna.

    Again, Thanks for giving us this inside look into Vista's security. You asked alot of good questions, that I myself and I am sure others, have woundered about, and got them addressed at least in part.Big Smile

  • User profile image
    RichardRudek
    35:34. Checking...

    Hmm, Good Info.  But the abrupt ending was a worry...


  • User profile image
    Charles
    RichardRudek wrote:
    35:34. Checking...

    Hmm, Good Info.  But the abrupt ending was a worry...




    It was a long interview. Hard to find the perfect spot to create a part 1 from. We found it, but the window was real small..... We talked about so much and it is all related, technically.


    C
  • User profile image
    RichardRudek
    Charles wrote:
    
    It was a long interview. Hard to find the perfect spot to create a part 1 from. We found it, but the window was real small..... We talked about so much and it is all related, technically.
    C


    D'oh (magoo), I've done it again.

    I didn't realise it was a two-parter... [A]
  • User profile image
    Larry​Osterman
    neilfmorrow wrote:
    I read, heard something about the Blue Pill what is exactly is that and how does it affect Hypervisor???

    In relation to patch-guard, is it true that patch-guard, in part, needs to read the number of pulses generated by the clock and can patch-guard be disabled or told in effect not to read the clock?

    Will, the patch-guard like technology or technologies, be implemented at the hardware level at some-point in the future?


    Blue pill was a proof of concept piece of software that ran as a hypervisor.
  • User profile image
    kishoret

    I went through the video for 20 minutes. Scott field is talking sooo sloww..he reminded me of the guy from the movie "office space". the way he says yeahhhh....("About the TPS report..."). its making me fall asleep. Have to get back to this later Big Smile

  • User profile image
    child998

    Im sorry but MS lied, I remember seeing a video saying Vista wont get spyware any more, and it does. I went onto a website I new had spyware, the system got infected, and when i tryed to remove the spyware, the computer restarted. After that each time i loged into Vista, it kept on saying explorer has crashed and it restarts explore, doing that in a loop. Thats not a driver problem, its a Vista is not as good as we was told problem Sad

    Now ok if i was not in admin mode I would of had to enter a password, but when you get a system from say PC world, its not going to have a admin account stopping you from installing things, as PC world would get loads of phone calls, saying hay i cant install something. So there UAC wont help at all sadly.

  • User profile image
    lesterli
    Just for Fun
    CoolExpressionlessPerplexedSad
  • User profile image
    evildictait​or

    It looks like child999 has run into one of  the following:

    • He is running Windows Vista and when he went to the spyware site, was prompted for administrative permissions which he gave. Since he allowed an unsigned application to have administrative permissions, he is a muppet and should not complain that his system got compromised.
    • He ran IE7 as an administrator by right clicking on it and running it as administator, thus providing admin credentials. See above. Note that he will also have to give his permission to install the activeX control, thus requiring two "acceptances" on his behalf.
    • He turned UAC off. It warned him, and he should have known the consequences. If he compromises his own system after being informed that he is compromising his system, he shouldn't be surprised that his system gets compromised.
    • He is using Windows Vista Beta 1. Perhaps he should try Windows Vista.
    • He is not running Windows Vista at all, and is propogating information that he has (mis)heard on the internet.


    To cut a long story short, his story doesn't add up. He should try again, and if the same thing happens with a release version of Windows Vista, he should write in to Windows Vista support.

Add Your 2 Cents