Windows Vista still Rife with Insecure Code 330
osxpetition writes "As noted in a News.com article, Symantec researchers have been testing the latest Microsoft Windows Vista build (Beta 2), and have found that the code is 'complete with new corner cases and defects' in the networking component. Symantec describes how Microsoft scrapped the old networking stack code from Windows XP in favour of newer, rewritten code. 'Microsoft has removed a large body of tried and tested code and replaced it with freshly written code.' Since January 2002, Microsoft has put a stronger emphasis on protecting PCs by attempting to implement stable, secure code into Windows XP and their new operating system. This latest report from Symantec brings attention to Microsoft's trustworthy computing campaign, and shows how it will be a long way before it is ready for the mainstream."
Re:However (Score:4, Informative)
Re:I would like to know (Score:5, Informative)
Since you didn't provide any useful context to your question, allow me. From here [biznix.org]:
Re:I would like to know (Score:5, Informative)
But apparently Vista has entirely removed the idea of an "interactive service", so they won't work. Info here: http://blogs.msdn.com/larryosterman/archive/2005/
Re:I would like to know (Score:4, Informative)
Shatter attack (Score:5, Informative)
It would seem that Vista allegedly fixes the design flaw that allows for the attack, by not running system services in the same session as the user. At least, that seems to be what the Wikipedia article on the topic [wikipedia.org] is suggesting.
The key to shatter attacks is that Windows allows processes running in the same session to pass messages between each other, the result of which is that via code injection, any process can escalate up to the level of the highest process also running in its session. MS is quoted in the article as saying "[This is not] a flaw in Windows. In reality, the flaw lies in the specific, highly privileged service. By design, all services within the interactive desktop are peers, and can levy requests upon each other. As a result, all services in the interactive desktop effectively have privileges commensurate with the most highly privileged service there." (Which is amusingly doublespeak-ish; they're saying "this isn't a design flaw, we designed it that way!")
This blog post by a member of the IE7 team [msdn.com] would confirm that they've at least tried to address this in Vista (but of course that's what you'd expect them to say). It says: "User Interface Privilege Isolation (UIPI) blocks lower-integrity from accessing higher-integrity processes. For example, a lower-integrity process cannot send window messages or hook or attach to higher priority processes This helps protect against "shatter attacks." A shatter attack is when one process tries to elevate privileges by injecting code into another process using windows messages."
Yet another nice legacy "feature" from the single-user-OS days.
Re:I would like to know (Score:3, Informative)
Re:I would like to know (Score:4, Informative)
Vista has been improving... (Score:4, Informative)
Re:I would like to know (Score:3, Informative)
In that case, I'm going to post a wikipedia article stating that your a midget. It's gonna be tough living out the rest of your life as a little person.
"Design flaw" suggests that they didn't consider this scenario. This is false. They absolutely did consider this scenario and decided it was still a good decision due to the performance implications. The developer documentation clearly warns against displaying high-priv GUI on a low-priv desktop.
You would be very hard pressed to find a major/popular application available today that makes this attack possible. It wasn't that common to begin with, and after Microsoft's warnings, it's virtually non-existant.
It has been fixed (Score:5, Informative)
BTW, almost no Microsoft written applications are still vulnerable to shatter attacks on XP. This is mostly an issue that still hits ISVs because they don't understand the problem.
Re:However (Score:4, Informative)
http://www.joelonsoftware.com/articles/fog0000000
Re:I would like to know (Score:3, Informative)
The fact that it's on Wikipedia does not automatically mean it is false or quackery. Don't be so quick to write off Wikipedia on every subject - if in doubt, check the sources. Much, if not most, of Wikipedia's content is actually quite good. Just be willing to check the cited works in the footnotes, or verify against other, more authoritative sources. For a free up-to-the-minute encyclopedia, one cannot get anything much better than Wikipedia. Its greatest strength (anyone can edit) may be its greatest flaw, but at the same time its greatest flaw is its greatest strength. If you spot an error, you can correct it on the spot.
Re:beta (Score:5, Informative)
For those too lazy to read the article all it really says is. We found a few issues in early releases of Vista. They've already all been fixed by Beta 2, but we are guessing there are probably more.
Re:Before the MSFT bashing commences (Score:1, Informative)
Comment removed (Score:2, Informative)