Heading Off the Hackers

BusinessWeek Online ^ | 10 August 2006 | Steve Hamm

[ShadowAce]

File it under the category of "be careful what you wish for." In early August at the Black Hat Conference, an annual meeting of computer security experts in Las Vegas, Microsoft handed out 3,000 test copies of its new operating system, Windows Vista, and challenged attendees to help spot security glitches. A short time later, Joanna Rutkowska obliged. In a packed ballroom at Caesar's Palace, the 25-year-old Polish programming whiz delivered a devastating presentation in how to hack an earlier but similar test version of Vista. Before a crowd of fellow researchers and hackers, she bypassed security measures and implanted a potentially undetectable piece of malicious code called "Blue Pill." The presentation, titled "Subverting Vista Kernel for Fun and Profit," was rewarded with a hearty round of applause.

The exercise wasn't much fun for Microsoft security mavens. They put on a brave face: "We'll take a look and see if there are ways we can mitigate it," says Stephen Toulouse, program manager for Microsoft's 650-member Security Response Center. But Rutkowska's demo was the latest reminder of how difficult it will be for Microsoft to make the new version of its flagship product truly secure.

Microsoft went to full battle stations over PC security four and a half years ago, when Chairman William H. Gates III acknowledged in a memo to his staff that the plague of viruses and worms afflicting Windows and other products had gotten out of hand and something drastic had to be done. Henceforth, Gates decreed, security would be the top priority. All programming was temporarily halted as Microsoft embarked on an effort to make its products safe.

[ShadowAce]

Thanks to tubebender for the heads-up on this article.

[frankenMonkey]

Chairman William H. Gates III???

You mean our little boy, Billy?

[HEY4QDEMS]

I attended a MS connections seminar two days ago, the focus was SBS03-R2, Office07, and Vista, with a little SPS and ISA thrown in.

I was actually quite impressed with the way Vista cross indexes with Office 07. The AeroGlass 3D effects are cool, the gadgets feature was also pretty cool although I can see a potential for administrative headaches.

I also like the user application level security feature which allows the admin to create a list of allowed apps for install by a user, no more granting full admin rights to local machines.

I downloaded a beta release for testing and bug reporting but I haven't had time to install them, but now I'm enthused to do so.

[I still care]

I was dealing with a service call for Sallie Mae that of course ended up in India. It was one of the worst calls ever - couldn't understand the guy, and he obviously didn't know what he was talking about.

I asked him his name (knowing I would get a pseudonym) and he told me "Mac Gates". Wonder where he got that from...

[HEY4QDEMS]

Freddie Mac perhaps?????

[garyhope]

Since I got my laptop in late August 2003, I've dowloaded over 240 "updates" or "security" patches from MS.

Is that good or bad? My Mac based friends never stop trying to give me grief over this.

When I tell them that the 2 essential stock trading and charting programs that I use only run on Windows, they stare uncomprehendingly and become silent. I stil think PC's are faster than Mac's for what I'm doing.

And my friend's Mac's still crash or freeze just like PC's.

[oldcomputerguy]

Poland 1, Microsoft 0.

[HEY4QDEMS]

Macs freeze from time to time, I had a server running RedHat pro which also froze allot.

But to be fair, I won't declare that windows doesn't freeze as much, they're all about the same.

Perhaps your friends are not checking for updates regularly, the last place I worked had two Macs in the graphics dept and we downloaded and installed updates and patches weekly.

Linux also has patches released weekly, at least RedHat does. Windows, does tend to have more however. It's a price that MS must pay, they have the biggest market share, therefore they are the biggest target and need to be more diligent.

[webstersII]

"I also like the user application level security feature which allows the admin to create a list of allowed apps for install by a user, no more granting full admin rights to local machines."

Oh boy. That means every time you want to add a program (like a small helper app of some sort) to your computer you have to get permission from the IT department.

Talk about slowing productivity to a crawl.

[HEY4QDEMS]

Oh boy. That means every time you want to add a program (like a small helper app of some sort) to your computer you have to get permission from the IT department.

Talk about slowing productivity to a crawl.

You mean the "small helper app" that screws up the computer it's installed on?
Then the user calls IT / tech support and says their machine is not working and then lies when asked if they downloaded or installed any programs recently.

I'm very familiar with those "helper apps".

[HAL9000]

When I tell them that the 2 essential stock trading and charting programs that I use only run on Windows, they stare uncomprehendingly and become silent. I stil think PC's are faster than Mac's for what I'm doing.

Macs are PCs now. Apple has switched to Intel's top-of-the-line processors, and according to their television commercials, can run Windows along with Mac OS X.

And my friend's Mac's still crash or freeze just like PC's.

Maybe your friend is running the Mac OS 9? There are still a lot of people running that old operating system. Mac OS X is rock solid, and it's extremely rare that the whole computer would crash or freeze up.

[KoRn]

"Oh boy. That means every time you want to add a program (like a small helper app of some sort) to your computer you have to get permission from the IT department."

It's always been that way. Actually by allowing users to install certain programs it will make it easier for both the users, and IT people. Before if workstations were secured PROPERLY, users couldn't install ANYTHING without admin privileges.