Vista is 'more secure' says Gates

BBC ^ | Tuesday, 30 January 2007, 15:33 GMT | BBC Staff

[Ernest_at_the_Beach]

I like your statement beter.....was just reading about this newest Linus distro this morning:

Review: Trustix Secure Linux lives up to its name

This is not a desktop distro...however...

Trustix Secure Linux is an interesting distro for servers that is designed to be all about security. While Linux, in general, is fairly secure, a distro that focuses on security and stability from the ground up should be a good choice for Internet servers. In our testing, we found Trustix lives up to its intentions.

*********************************

Trustix concentrates on keeping it simple. You won't get a GUI or the latest bells and whistles. What you do get with Trustix is a small and secure distribution that incorporates IBM's Stack Smash Protection, which protects the system and applications from stack-smashing attacks. This is one of the major forms of attacks, and many secure Linux distros have this turned on by default.

[Hydroshock]

Vista = Bloatware

[capt. norm]

I've always liked the Microsoft languages and they once had a great flight simulator (possibly still do), but their op-systems, starting with the original MS-DOS (almost entirely ripped off from Gary Killdal's CP/M....they made no effort to hide it) they just continue to get worse with each release.

[goldstategop]

Linux is going to be available to run older computers when Microsoft stops support for XP.

"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." - Manuel II Palelologus

[Hydroshock]

I like linux, would use it if I could, but my wife will not let me load it on her machine. My laptop is a company one so I am limited on what I can tweak.

[Ernest_at_the_Beach]

I wonder what Vista has implemended for this issue:

**********************************************

stack-smashing attacks

Some detail:

**************************************************

Protecting from stack-smashing attacks
Introduction
Attack Scenarios and their Classification

****************************AN EXCERPT *************************************88

The buffer overflow vulnerability appears where an application needs to read external information such as a character string, the receiving buffer is relatively small compared to the possible size of the input string, and the application doesn't check the size. The buffer allocated at run-time is placed on a stack, which keeps the information for executing functions; such as local variables, argument variables, and the return address. The overflowing string can alter such information. This also means that an attacker can change the information as he wants to. For example, he can inject a series of machine language commands as a string that also leads to the execution of the attack code by changing the return address to the address of the attack code. The ultimate goal is usually to get control of a privileged shell by such methods.

Figure 1 shows a typical stack structure after a function is called. The stack pointer points at the top of stack, which is at the bottom in the figure. The programming language C uses the area from the top of the stack in the following order: local variables, the previous frame pointer, the return address, and arguments of the function. This data is called the frame of the function, which represents the status of the function. The frame pointer locates the current frame and the previous frame pointer stores the frame pointer of the caller function.

The function foo (see Figure 2) is a vulnerable function, which produces the stack structure such as shown in Figure 1. It reads the content of the environment variable ``HOME'' into the ``buffer'' which has a size of 128 bytes. Since the function strcpy doesn't check the size of the output, it can copy more than 128 bytes of data to the ``buffer''. Imagine the ``HOME'' variable has this string: 128 bytes of 41, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, and 3. This will assign 128 character 'A's, 0x01010101, 0x02020202, and 0x03030303 into the ``buffer'', ``lvar'', the previous frame pointer, and the return address respectively. (We assume that 32-bit variables are used by default and that C language notation is used.) When the function foo finishes it's operations and returns to the caller based on this memory arrangement, it will go back to the address 0x03030303, which isn't the caller address. If malicious code is located at the address, it is executed with the same privilege level as the application.

We will now introduce a classification of attack methods, how an attacker acquires control of the application. In the first category the target of the attack is to show in the stack. The following lists the data stored in this area and describes the attack method used.

• return address

  It is the most popular point of attack by changing the value of the return address to the address of malicious code.

• local variables
• argument variables

  The function pointer variable is a another target for acquiring the control. Assigning the function pointer variable of an argument or a local variable to the attack code is a typical attack method. In this case, the vulnerable place can be found by checking the source program.

  There is a third attack method using redirection. Assume that a variable is declared as the pointer of the structure that holds a function pointer. This is vulnerable to attack, but it is hard to find it without traversing the pointer. However , an attacker can create a fake structure that has the same contents as the original except for the function pointer.

  There is a possibility that changing a pointer variable which is not a function pointer variable will acquire the control of the application. In the case of the function foo from Figure 2, the pointer variable ``lvar'' can be changed to point to the location of the return address. If there is a statement that modifies the value pointed to by ``lvar'' after the ``strcpy'' statement, changing the return address may be possible.

• previous frame pointer

  Attacking the previous frame pointer can also take the control of the application. The connection between the previous frame pointer and the return address is based on the following dependencies:

  • the location of the return address is determined by the frame pointer.
  • the frame pointer is assigned to the value of the previous frame pointer at the time of function return.
  An attacker can create a fake frame that has the return address pointed to attack code. He can also change the previous frame pointer to the address of the fake frame. When the function returns to the caller function, the frame pointer will point to the fake frame according to the second dependency. It means that the return address could be changed by the attacker.

[Marine_Uncle]

MSDOS with a few more wrinkles in the GUI layer interfaces.

[DalcoTX]

I am sure I am not the only one that can envision a scenario where flaws in XP/2000 are released and exploited in order to sell more copies of Vista.

[CertainInalienableRights]

"Vista is 'more secure' says Gates"

My 8-year-old used car is 'more new' than my 9-year-old used car.

[Little Ray]

I suppose it depends your definition of "secure." If it means secure from files unapproved by RIAA and Microsoft, this is probably the case...

[Still Thinking]

Secure as in keeps ME safe from crooks and software companies or secure as in Bill can do whatever the heck he wants to me?

[goldstategop]

The latter. If you have several thousand dollars worth of fancy audiovisual equipment, it won't work with Vista - not unless it complies with content restrictions. That sucks.

"Show me just what Mohammed brought that was new, and there you will find things only evil and inhuman, such as his command to spread by the sword the faith he preached." - Manuel II Palelologus

[Still Thinking]

I know. The question was somewhat rhetorical. I have no intention of "upgrading" to Vista. I'm not entirely sure I won't chuck XP and revert to 2K.

[RegulatorCountry]

"dramatically more secure than any other operating system released"

Now THAT'S a statement begging to be parsed, lol. Released by whom? Microsoft?

[Ernest_at_the_Beach]

Reference Link:

Protecting from stack-smashing attacks
Hiroaki Etoh and Kunikazu Yoda
IBM Research Division, Tokyo Research Laboratory,
1623-14 Shimotsuruma, Yamato, Kanagawa 242-8502, Japan
June 19, 2000

**********************EXCERPT****************************

Abstract:

This paper presents some new ideas for improving the state of the art in buffer overflow detection. The main ideas are (1) the reordering of local variables to place buffers after pointers to avoid the corruption of pointers that could be used to further corrupt arbitrary memory locations, (2) the copying of pointers in function arguments to an area preceding local variable buffers to prevent the corruption of pointers that could be used to further corrupt arbitrary memory locations, and the (3) omission of instrumentation code from some functions to decrease the performance overhead.

[Ernest_at_the_Beach]

Prompted me to post this....wonder if they have implemented the techniques published in 2000 or something even more recent....see post # 35.

[E. Pluribus Unum]

Vista is "dramatically more secure than any other operating system released", Microsoft founder Bill Gates has told BBC News.

Translation: "Vista is 'dramatically more secure than any other MICROSOFT operating system released,' Microsoft founder Bill Gates has told BBC News."

[Squawk 8888]

Golden rule of IT: NEVER upgrade a stable platform unless a new business requirement calls for it. I will not be going to Vista until it's time to replace my current PC.

[Wyatt's Torch]

"Vista is so wonderful that when my current PC craps out I'm getting a Mac."

Ditto. Waiting on Leapard to drop and the Mini's to be updated to C2D and I'll buy.

[Ernest_at_the_Beach]

It's here! Introducing Windows Vista