Windows Vista: Kills Viruses Dead.
Filed under Computers, Software
According to this article, Microsoft co-president Jim Allchin told a reporter that Vista's...
"new lockdown features are so capable and thorough that he was comfortable with his own seven-year-old son using Vista without antivirus software installed."
That is a pretty bold statement! At first I thought it was crazy, but now that I know about the "lockdown features," I'm very impressed with how Vista deals with viruses.
When you hear about security issues, more often than not the issue is related to a buffer overflow exploit. Basically, this means that software was designed to handle a maximum number of characters, but the exploit sends more than the expected. Once the character buffer is filled, the extra characters start to overwrite areas of memory that were not meant to change. The trick to this exploit is to tell the running program to start executing the data in the newly compromised areas of memory. This is how a malicious web page can take control of your system.
This article explains how to use the exploit. I would recommend that anybody doing software development read this to better understand the problem. I find that most people really don't understand how this works, and just continue making software that can be exploited. This problem is *everywhere*...hence the reason we have security updates on such a regular basis.
Vista has a new feature that could very well eliminate buffer overflow attacks. Using a technique called "Address Space Layout Randomization" (ASLR), Vista shuffles how software is loaded in memory. The Buffer Overflow exploit depends on specific software loaded at a specific location, so that it can jump to an area of memory that gives it the ability run other programs or commands. With ASLR, it is highly unlikely that an exploit will be able to find these locations.
I think this is an amazingly clever solution to a *really* bad problem. I don't have any real world data on how effective it is, but the theory is sound. If ALSR works as advertised, it won't eliminate all security issues, but it will significantly reduce the number we deal with today.
I still believe *ALL* computers should run anti-virus software, even if they have ASLR. How else will you know if your system is under attack unless it is checked against a continuously updated list.
I am planning on moving to Vista as soon as it is released (Jan 30th). There is a lot to like in this new release. Vista's ASLR alone may be worth the price of admission.
An interesting side note: Microsoft is constantly bashed for the security of their operating systems. As of this writing, Apple Macintosh and mainstream Linux distributions do not include ASLR. This means that Vista is more secure against buffer overflow exploits than OS X or Linux.
Comments (7)
It's so "cleaver" that it looks like they are chopping malware off at the knees!
I'm sure statements like Allchin's are going to work wonders for the relationship between MS and Norton, McAfee, etc.
We're already getting notices about 3D/game performance in Vista not being as good as XP...I wonder if ASLR has anything to do with it?
Posted by Steve's Cat | November 10, 2006 9:01 AM
Posted on November 10, 2006 09:01
Isn't their some requirement that blogs have spelling mistakes and gramatical errors?
Posted by David Lenihan | November 10, 2006 9:08 AM
Posted on November 10, 2006 09:08
Nice!
Must...resist....
Posted by Steve's Cat | November 10, 2006 9:35 AM
Posted on November 10, 2006 09:35
I would doubt ASLR has anything to do with 3D/game performance. I would imagine the overhead for ASLR is mainly changing pointers when you load an executable...which would be unnoticeable. After loading, I wouldn't expect you to notice any difference with/without ASLR.
As for what *is* causing the Vista 3D/game slow down...I'd look to the drivers. In my experience, the graphics card is the culprit 99% of the time. That may be the drivers or the new driver architecture in Vista that lets you change drivers without rebooting. Also, I've read that RC2 is much faster that previous releases of Vista, probably because they are finally running optimized code instead of debug code.
Posted by David Lenihan | November 10, 2006 10:03 AM
Posted on November 10, 2006 10:03
Read the followup from Jim.
http://windowsvistablog.com/blogs/windowsvista/archive/2006/11/10/windows-vista-defense-in-depth.aspx
Long story short...Jim didn't say that users should NOT run ativirus with Vista.
When the articles and blogs started appearing, I asked the PR folks to send me a copy of the transcript of the call so I could read it over and see if I said something I didn’t mean. After reading the transcript, I could certainly see that what I said wasn’t as clear as it could have been, and I’m sorry for that. However, it is also clear from the transcript that I didn’t say that users shouldn’t run antivirus software with Windows Vista! In fact, later in the call, I explicitly made this point again, because I had realized I wasn’t as clear as I should have been. It’s important for me that our customers are using the appropriate security solutions for the right situations, whether that’s security functionality integrated in the operating systems, or add-on products.
Posted by Bubba | November 11, 2006 9:20 AM
Posted on November 11, 2006 09:20
I don't know about OS X, but linux has ALSR for some time now:
check grsecurity site
Posted by broch | December 15, 2006 4:08 PM
Posted on December 15, 2006 16:08
As far as I know, there are no major distributions of Linux shipping with ASLR. I agree you can add it later, but most Linux users are not going to do this (none that I know do).
Posted by David | December 16, 2006 2:51 PM
Posted on December 16, 2006 14:51