Microsoft has used a number of techniques to combat buffer overflow exploits, such as stack canaries, ASLR, hardware DEP, and software DEP, some of which require code to be recompiled with Microsoft’s more recent development tools in order to be used, and hardware DEP requires a more recent processor. Why doesn’t Microsoft incorporate technology similar to CMF into Windows? I would especially wish to hear Mr. Durden’s opinion on this.
lol… Microsoft? Well… You think about Windows Vista & How they are already going to release Windows 7 in 2009/2010.
Let’s all switch to a Mac
Hi. I dunno actually, but I think DEP is pretty “ultimate” protection, if some (many ! a lot of, actually) apps are written in the wrong way, why should MS protect them ? They just make their techniques more loyal to such apps and disable DEP for them. Novadays many programmers are in the heavens of the high-abstraction levels, they just don’t care about so “stupid” thing like memory pages attributes or other NX-related stuff. If you remember, CMF detected such bugs even in some PC security software, what should I say about more users-related apps ?
This is Microsoft we’re talking about. They will only invest enough money to make people “feel safe”, rather than re-design or properly implement their solutions. This isn’t because of the engineers and programmers working within Microsoft. Its the management side of things.
The thinking is to maximise profit and focus on beating or stunting the competition, at the cost of everything else. In fact, they’re willing to make compromises to gain and maintain as much as they can in marketshare…That includes security.
Had they done what Apple did with OS 9 to OS X transition, then Windows would be a different story. The features you talk about are like bandages that don’t solve the underlining root problems. If MS really wants to secure Windows, they would have to spend tons of money and time to do the job properly with a clean slate.
Some notable things they’ve done include:
(1) Administrator account by default.
That’s like giving a 16yr old the keys to your car, and letting them run freely on public roads. Someone at Microsoft was smoking some serious “funky stuff” when they did this.
(2) Implement a security feature that is designed to annoy…UAC.
Disabling UAC is a bad idea from a security perspective. But where did they get the idea that they need to annoy people to change their habits? How hard is it to explain why they’re changing the security approach?
(3) Implement things that aren’t “straight to the point” or don’t cover potential security issues as well as third-parties.
In Firefox, you just install NoScript extension. By default, it blocks every site except those in its whitelist…A simple click will allow you to add a site within seconds using a minimal number of mouse clicks.
One thing it does that IE doesn’t handle is iframe related security issues. (You need to enable “Forbid iFrame”, as its unchecked by default).
If you look at ASLR, you’ll see the implementation done by Microsoft isn’t as good as the implementation done by the open source project called PaX. (In fact, the buffer overflow counter measures is a bit of a joke)…You’ve already noticed this when third-parties do a better job!
(4) No education program for the users!
They spend all that money slapping all that stuff on…Why not include video tutorials of “good security practices”? It surely beats posting tombs and tombs of security info on their site!
I mean, have you guys ever heard of creating Limited User Account with Software Restriction Policy and SuRun to escalate to admin privileges when necessary? This approach kills a tremendous amount of security problems without spending a cent! (Its all built into WinXP or newer!)…The only thing you need to worry about, are those security exploits that involve privilege escalation. Even then, that’s a potentially null issue if you use trusted applications from trusted sources…So then, it all boils down to staying updated.
(5) Delibrate trade-offs of security for the sake of convenience. (Stuff they conveniently leave out when they’re marketing their products).
This is a big issue for Microsoft. If they make dramatic changes, they will anger alot of people. So what do they do, they take the “path of least resistance”. Why? Because doing things properly takes too much time and money, not to mention, it will kill their marketshare! This is about shipping a product as quickly as efficiently as possible.
(6) Not harsh enough on third-party developers!
They should have had a facility to force developers into proper coding practices that meets certain quality standards. Heck, stop coding in C/C++ and go back to coding in something like Ada. (C/C++ is like a free state. Ada is like a dictatorship…Ada’s compiler is really anal about programming errors, and it’ll give the programmer a good slap on the back of the head for being stupid!)
What does all this do in the end? This leaves the end user relying on third-parties like Comodo to pick up the pieces!
Thank you for your reply :). Regarding UAC, a manager at Microsoft has said that UAC’s intention was to annoy users, to force developers to write code that doesn’t cause UAC alerts (http://software.silicon.com/security/0,39024655,39187853,00.htm).