64-Bit Vista Kernel Will Be a "Black Box" 402
ryanskev writes with news from RSA Europe, where a Microsoft VP spoke bluntly about the lock-down that will apply to 64-bit Vista. From the article: "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." While Microsoft has seemed to be making some concessions to the likes of Symantec and McAfee, considerable doubt remains as to their ultimate future.
Sounds like the right plan (Score:5, Interesting)
Re:Sounds like the right plan (Score:2, Interesting)
Re:Sounds like the right plan (Score:5, Interesting)
Re:Sounds like the right plan (Score:4, Interesting)
If the category becomes profitable, Mr. Softy can "find the principle, and buy him[1]"
You see this in tools, as Redmond pushes a Visual Studio release, and little third-party vendors groan as thier value-added kits have their coolness reduced by new chrome and tailfin on the library widgets. I'm guessing that there will be suffiecient room to put some polish on 'Doze.
Too, there are going to be plenty of people that puke at the odious licensing policies, and stick with the tools that have helped them limp along thus far.
[1] To quote my personal favorite Redmond Sales drone, on the consumption of Groove Networks.
Why is Microsoft even bothering.. (Score:5, Interesting)
Every week, I hear about a new thing that will "only be in 64-bit Vista". First it was HDTV content only on 64-bit [slashdot.org] for DRM reasons. Now, we're hearing the reasoning that Windows will be more secure if we don't let third parties in the kernel. Fine, whatever. If we were to assume that makes it more secure, then so be it.
But why bother to release an inferior 32-bit version? Under the presumption that closing the 64-bit kernel off will make things better, why not use the same strict security policies in 32-bit? Surely, there can't be any technical reason for all of this. It's all marketing, right? ("Microsoft recommends a 64-bit PC.")
Or is there some real reason why it feels like 32-bit Vista and 64-bit Vista are two entirely different operating systems?
How to patch the kernel anyway (Score:5, Interesting)
In a recent blog entry, Rutkowska criticizes Microsoft's response to the pagefile attack [blogspot.com]. Boiled down, it amounts to the problem that as long as a disk utility can run, someone can still edit the pagefile. Her preferred fixes would have been encrypting the pagefile or simply not swapping the kernel. NetBSD's Elad Efrat suggested simply hashing the kernel for integrity checking.
It's a matter of trust (Score:5, Interesting)
I think the crux of debate will be what MS considers its own high priests. If that means MS security products that compete with Symantec and McAfee, then the two vendors have a legitimate gripe that MS is using its monopoly power to lock them out. MS has said that its security products will not have access to undocumented APIs, but how much do you trust MS at their word? I don't trust them that much because I think MS still plays dirty. As recently as the Burst lawsuit in 2004, you can still see MS is refusing not only play fair but abide by court orders: Both parties were told to disclose emails as part of discovery. Burst.net discovered that not only did MS destroy emails but it was the policy of a multi-billion dollar company not to retain any emails over 30 days. And Burst listed out the many ways the company actively followed this policy. [groklaw.net]
The holy of holies! (Score:1, Interesting)
The Cathedral and the Bazaar is an extended essay that says that the proprietary development model (the cathedral) cannot compete with the open source model (the bazaar). The reason is not price, it is quality. Because of the number of eyes available to look at open source code, it will be less buggy than its proprietary cousin.
Given the delays in the introduction of Vista, I would say there is some evidence that ESR (Eric S. Raymond the author of CatB) is right.
Re:Sounds like the right plan (Score:5, Interesting)
What about devs? (Score:4, Interesting)
Re:Worth mentioning ... (Score:2, Interesting)
1)the amount of register space literally doubles. Optimized properly, that can go a long ways.
2)simpler memory model: 52 physical bits for physical RAM (don't believe me, look at http://www.amd.com/us-en/Processors/DevelopWithAMD /0,,30_2252_869_875%5E7044,00.html [amd.com]) and 64 bits of virtual addressing space. No segments, just a flat memory model.
3) removal of the old priveledge system and intro of a new user/kernel page allocation scheme to simplify the memory model.
4)Direct addressing of a very large amount of ram directly accessible.
Those are just some of the advantages. if you want to look them up in detail, go look at the link that I have given in this post to the AMD64 manuals.
Re:I'm confused (Score:2, Interesting)
I suspect they're referring to the tabernacle of Judaism, due to the reference to the "Holy of Holies," or the inner sanctum of the temple. Prior to the building of the temple, the "tabernacle" was a tent the Israelites carried and inside of which they stored the Ark of the Covenant, which was the container for the Ten Commmandments. After the temple was built, the Ark was stored behind a covering in the Holy of Holies AKA The Most Holy Place (the area directly outside this was the Holy Place) and it was only entered once a year by the high priest on Yom Kippur, or the Day of Atonement, when sacrifices were presented to God for the forgiveness of the entire nation's sins.
Anyone who entered the Holy of Holies or touched the Ark (who wasn't the high priest on Yom Kippur who had undergone rituals of cleansing) was said to die instantly. Even the high priest couldn't be sure he would live: they tied bells to his shawl so they could hear him moving once he was inside and a rope to his ankle so they could pull him out if he died while inside the Most Holy Place.
So the lesson is, I suppose, that if you screw with Vista 64's kernel, prepare to die :-P
64 bit Vista == Palladium without the hardware (Score:4, Interesting)
Re:Sounds like the right plan (Score:3, Interesting)
Re:All CPU's going 64-bit (Score:1, Interesting)
This isn't about NOT ALLOWING KERNEL ACCESS to anyone. No sane operating system has ever done that.
This is about Microsoft moving to a system whereby YOU don't get to decide. It's more to do with DRM than anything else. A Microsoft exec let it slip recently -- device signing (and the enforcement) is about reducing the number of device makers to a more manageable level. Every device will be require to honour digital restrictions, or not get a signing key... and, of course, the NGSB (palladium as it was once called) will call home to ask which key should be revoked on a regular basis.
So MS people are priests now? (Score:2, Interesting)