Windows Vista still Rife with Insecure Code 330
osxpetition writes "As noted in a News.com article, Symantec researchers have been testing the latest Microsoft Windows Vista build (Beta 2), and have found that the code is 'complete with new corner cases and defects' in the networking component. Symantec describes how Microsoft scrapped the old networking stack code from Windows XP in favour of newer, rewritten code. 'Microsoft has removed a large body of tried and tested code and replaced it with freshly written code.' Since January 2002, Microsoft has put a stronger emphasis on protecting PCs by attempting to implement stable, secure code into Windows XP and their new operating system. This latest report from Symantec brings attention to Microsoft's trustworthy computing campaign, and shows how it will be a long way before it is ready for the mainstream."
beta (Score:3, Insightful)
Re:beta (Score:4, Funny)
Re:beta (Score:2)
Re:beta (Score:4, Funny)
Its the only one I've found to be compatible with Duke Nukem Forever RC1.
Re:beta (Score:2, Insightful)
Re:beta (Score:5, Insightful)
Okay, compare it to the current release of Windows.
Oh, what's that? The newest release is Windows XP OEM SR2? Essentially a five-year-old OS with a few patches?
I guess it IS a fair comparison then, after all. Come make that same argument this same time next year if both:
a) Vista has shipped
AND
b) Folks are comparing Linux to XP rather than Vista
at that point. Until then, XP is the only valid comparison, unless you want to talk servers in which case Windows 2003 would be the logical comparison point.
Re:beta (Score:3, Interesting)
I think what I have gotten out of this is the whole is a damned if they do/damned if they don't issue taken with Microsoft. Before this article came out, people blasted MS for the fact that they had such bloated and bad code. Now that MS is in the practice of trying to replace all this "bloated" code, but are now being attacked on the front that they have untested code.
IMHO, this was something that was going to come regardless of what MS choose to
Re:beta (Score:3, Funny)
Re:beta (Score:5, Informative)
For those too lazy to read the article all it really says is. We found a few issues in early releases of Vista. They've already all been fixed by Beta 2, but we are guessing there are probably more.
Too secure! (Score:5, Funny)
Fun-factor (Score:3, Funny)
(I can't take credit for the thought. JWZ says it somewhere on his site, though I don't have the time to find it.)
Re:Fun-factor (Score:5, Insightful)
Re:Fun-factor (Score:4, Interesting)
From the October 2000 MSDN magazine, "Windows Sockets 2.0: Write Scalable Winsock Apps Using Completion Ports" [microsoft.com] Ironically, it's TDI that's being replaced for something more sockets-like.
I think this is yet another example of Microsoft not understanding code that was previously written by someone no longer available, causing the new developers to misunderstand the original design, who then feel the only option is a rewrite. I've yet to hear any technical comparisons between TDI and "Next Generation TCP/IP", showing how the TDI architecture could never do those things. I bet TDI can support these new features with some new code, but it just wouldn't be as glamorus that way.
To adapt an old saying about LISP and UNIX, "Those who fail to understand NT are doomed to reimplement it. Poorly"
Re:You joke, but (Score:3, Interesting)
Considering that they even have legislation to require wiretappable telecom infrastructure, I wouldn't be surprised.
In fact, I think it's the only way to explain how many security bugs are in Windows. Don't buy the excuse of it taking a lot of resources -- Microsoft h
Re:You joke, but (Score:5, Interesting)
In fact, I think it's the only way to explain how many security bugs are in Windows.
I think you perhaps need to take some lessons in critical thinking. This is the equivelent of saying, "The only reason auto-manufactuers put problems into cars so they have to recall them is because the government makes them, which is why Japanese cars are better than American cars."
Large monolithioc systems are inherently more complex that smaller componant built systems. (Although those have problems too along the boundary interfaces.) Auto-makers put lots of time and money into making a car that A) doesn't fall apart and B) doesn't require a multi-billion dollar recall effort. Microsoft puts lots of time and money into trying to make their software more secure.
On the whole, I'd say the auto companies do a better job. :-) Thowing money at a problem very rarely solves the problem. The need to have an understanding of the problem, and how to fix the underlying problem is vital. I think that is where Microsoft fails. The systems they have in place (from what I hear) are more frustrating to the engineers than helpful.
I also have problems believing MS engineers are really motivated these days. Many of Microsoft's security issues have stemmed from their own code interactions which they implemented as deliberate features. Many more have been from sloppy programming (such as buffer overruns).
Trying to blame MS security issues on government mandated back doors smacks of plain political diatribe with a nice glossy veneer of ignorance on the top to give it a nice sheen.
Re:You joke, but (Score:4, Insightful)
My critical thinking skills tell me that this is a false analogy because the government has no incentive to make automobile manufacturers issue recalls, and really the attorneys and enforcement and regulations involved would make this nothing but an expense for the government. When consumer protection laws are enforced, the governmental officials involved can at least claim that they are doing this to benefit the public, even when doing so does further someone's personal agenda.
The situation as described by the A.C. is where the government requires backdoors so that its own governmental snoops (law enforcement and possibly more shady, less accountable organizations) can easily access systems that would otherwise be difficult to access due to security protections. This directly benefits the government because it makes their legitimate law enforcement job easier and it also makes less legitimate ventures (potential data mining, eavesdropping, etc) much easier and has the nice side-effect of eliminating some of the need to do old-fashioned police work. This scenario certainly does not benefit the users of Microsoft software and so the intent shown is nothing like your analogy. If this is actually happening, then this is a very dangerous precedent for two reasons: One, if the government can use such a backdoor, so can anyone else who learns of it; two, the job of law enforcement was not intended to be easy and efforts to make it an easy job immediately preceded the rise of most totalitarian states that existed during the 20th century (at the risk of invoking Godwin's Law, Nazi Germany and the USSR did not take place due to powerless and ill-informed police forces).
Further, when speaking about Windows you are dealing with proprietary, closed-source software. You and I simply do not know with 100% certainty whether or not there actually is such a backdoor in any of the Windows code, nor do we know what agreements Microsoft has made with which governments. What you can know is that we are in an era where privacy is on the decline and law enforcement powers are increasing, and being able to easily access over 90% of all desktop computer systems does fit the stated purpose of programs that we do know about, such as the NSA wiretap program. To say that we already know about every possible threat to privacy and that the statists who desire this kind of surveillance are now satisfied and will not be seeking further powers is a lofty claim indeed. Study history and you will observe that the USA has a bad case of "it can't happen here" regarding foreseeable abuses of power.
Also, unmotivated programmers and undocumented backdoors are not mutually exclusive. It is possible that they both contribute to the sad state of security in Microsoft's code. It is also possible that neither are true and that some third factor (such as program design being dominated by marketing and forcing otherwise good programmers to work within these parameters) can explain the lack of security. But to observe that the possible existence of unmotived programmers could explain the situation and then claim that this is a valid reason to dismiss other arguments out-of-hand does not fit the spirit of critical thinking that you mentioned earlier.
But it does indicate that maybe, just maybe, you live in the USA and are in denial about the direction towards which it is headed.
Re:You joke, but (Score:4, Insightful)
DA GUBBERMINT WANTS MAH TEEFS!!! RUUUN!
Re:You joke, but (Score:4, Insightful)
> multiple, back doors to be programmed in? And why would they do that? What
> is Microsoft getting out of the deal?
(dons tinfoil hat)
A free ride on the court rulings?
Re:You joke, but (Score:2)
Oh, and tin foil doesn't work, You have to go with LeadHat [comcast.net] if you REALLY want security.
And we... (Score:4, Insightful)
Re:And we... (Score:2)
Ms will fix its worm problems and as a compensation the antivir guys get a new insecure IP stack.
I would like to know (Score:2, Insightful)
Re:I would like to know (Score:5, Informative)
Since you didn't provide any useful context to your question, allow me. From here [biznix.org]:
Re:I would like to know (Score:4, Informative)
Re:I would like to know (Score:3, Insightful)
Re:I would like to know (Score:2, Interesting)
Are any of those running as privileged, or communicating with the system services in an unsafe manner?
Re:I would like to know (Score:4, Informative)
Re:I would like to know (Score:2)
Re:I would like to know (Score:4, Insightful)
Whether they will or not is yet to be seen.
Re:I would like to know (Score:3, Informative)
Re:I would like to know (Score:3, Informative)
In that case, I'm going to post a wikipedia article stating that your a midget. It's gonna be tough living out the rest of your life as a little person.
"Design flaw" suggests that they didn't consider this scenario. This is false. They absolutely did consider this scenario and decided it was still a good decision due to the performance implications. The developer documentation clearly warns against displaying high-priv GUI on a low-priv de
Re: (Score:2)
It has been fixed (Score:5, Informative)
BTW, almost no Microsoft written applications are still vulnerable to shatter attacks on XP. This is mostly an issue that still hits ISVs because they don't understand the problem.
Re:It has been fixed (Score:3, Interesting)
You can exploit a buffer overflow by changing the name of the stupid "Start" button! There are PLENTY of MS applications on XP that are vulnerable to this attack.
Re:I would like to know (Score:3, Informative)
The fact that it's on Wikipedia does not automatically mean it is false or quackery. Don't be so quick to write off Wikipedia on every subject - if in doubt, check the sources. Much, if not most, of Wikipedia's content is actually quite good. Just be willing to check the cited works in the footnotes, or verify against other, more authoritative sources. For a free up-to-the-minute encyclopedia, one cannot get anything much better than Wiki
Re:I would like to know (Score:3, Insightful)
Re:I would like to know (Score:3, Interesting)
The application I do this to does provide an API for remote control, but they left out some obvious things. They are not going to add them in, so I take control of their window. Works a treat.
Point is, its not a design flaw. Its damn useful.
However it should be secured in some way - so as a suggestion, have the OS pop up a window: "app A is trying to send messages to or control app B, is t
Re:I would like to know (Score:2)
Re:I would like to know (Score:5, Informative)
But apparently Vista has entirely removed the idea of an "interactive service", so they won't work. Info here: http://blogs.msdn.com/larryosterman/archive/2005/
Re:I would like to know (Score:2)
Re:I would like to know (Score:2, Redundant)
Re:I would like to know (Score:4, Interesting)
The security model is built on "window stations" -- If you put a privileged window into an unprivileged window station, then you have made a configuration error. Period.
The author of the paper stated that *nix/X11 is just as vulnerable to these types of attacks, BTW, so *nix is just as irrevocably mis-designed as Windows. The only difference is that *nix programmers are smart enough not to write interactive software that runs as root.
Shatter attack (Score:5, Informative)
It would seem that Vista allegedly fixes the design flaw that allows for the attack, by not running system services in the same session as the user. At least, that seems to be what the Wikipedia article on the topic [wikipedia.org] is suggesting.
The key to shatter attacks is that Windows allows processes running in the same session to pass messages between each other, the result of which is that via code injection, any process can escalate up to the level of the highest process also running in its session. MS is quoted in the article as saying "[This is not] a flaw in Windows. In reality, the flaw lies in the specific, highly privileged service. By design, all services within the interactive desktop are peers, and can levy requests upon each other. As a result, all services in the interactive desktop effectively have privileges commensurate with the most highly privileged service there." (Which is amusingly doublespeak-ish; they're saying "this isn't a design flaw, we designed it that way!")
This blog post by a member of the IE7 team [msdn.com] would confirm that they've at least tried to address this in Vista (but of course that's what you'd expect them to say). It says: "User Interface Privilege Isolation (UIPI) blocks lower-integrity from accessing higher-integrity processes. For example, a lower-integrity process cannot send window messages or hook or attach to higher priority processes This helps protect against "shatter attacks." A shatter attack is when one process tries to elevate privileges by injecting code into another process using windows messages."
Yet another nice legacy "feature" from the single-user-OS days.
Re:I would like to know (Score:5, Interesting)
This was a design decision with known trade-offs. Attaching security tokens to window messages would result in MAJOR overhead that would, even on today's beefy hardware, kill performance. Having to do a permissions check every time the mouse is moved is not feasible.
So Microsoft decided that they would rely on "best practices" information as apposed to enforced security in the OS to prevent "shatter attacks". The best practices are pretty simple: If your service/application is running with elevated permissions (such as SYSTEM), do not display a GUI on a desktop owned by a lower privledged user.
There have been examples of applications, in particular some poorly written anti-virus applications, that liked to display GUIs to the user despite the fact they were running as SYSTEM. For the most part, however, very few major applications exist today that have this issue.
Applications that run with high privs that need to display a GUI typically launch their GUI with the privs of the user, or display the GUI on a secure desktop. (Like Winlogon.exe.)
This is really a non-issue and hasn't been for a very long time. Please, ignore the FUD.
Re:I would like to know (Score:2)
Re:I would like to know (Score:3, Interesting)
But you have to remember that the only way that dialog will affect the entire system is if the user is running as admin, and if the user is running as admin the malware likely is to... so they don't really have to simulate clicks to do their damage.
I wish I could mod this story -1 Redundant. (Score:2)
Re:I wish I could mod this story -1 Redundant. (Score:5, Funny)
Re:I wish I could mod this story -1 Redundant. (Score:3, Insightful)
Re:I wish I could mod this story -1 Redundant. (Score:2)
I don't know about that; I think once a program is "mature" (which would be very, very far in the future for almost all software) it's possible for it to become completely correct. The only example of this that exists so far is TeX (although some UNIX utilities like ls might be close), but that doesn't mean other software can't eventually be improved to the same standard.
Re:I wish I could mod this story -1 Redundant. (Score:2)
I hear that Win 3.11 is almost there.
And the solution? (Score:2, Funny)
Is this news? (Score:3, Insightful)
Re:Is this news? (Score:5, Funny)
That's the nicest thing I've ever heard anyone say about Theo!
Another reason... (Score:2)
Also, both of them lack marketing departments.
However (Score:5, Insightful)
I am much happier with well laid out, structured and simple code that has X rate of defects than well polished over the years, old, cruddy and complex with X rate of defects because with the former:
Fixes will be faster.
Fixes will be easier/cheaper.
Fixes will be possible!
Bug fixes will have less chance of introducing new bugs.
Given time we can then be sure that we will end up with... err well polished over the years, old, cruddy and complex. But it probably won't be as bad as if the process never happened in the first place.
Re:However (Score:4, Informative)
Re:However (Score:5, Insightful)
It has been my repeated experience that "Cruddy and complex" code is that way because the problem space is cruddy and complex and thats what bugfixes do to code.
You throw out that complexity and you throw out accumulated knowledge. I have yet to see a second system or third or fourth that managed to keep the bugfixes of the previous system. These issues return and they are accompanied by new ones.
In this case there might be a reason to thow out this particular baby with this particular bathwater: the only thing that new code gives you is resident experts on the new code. If you have staff turnover (Which MS always does), they may have already lost the resident experts on the previous design.
So that brings up the next point: MS may now be jumping its proverbial code shark: They've not increased in price in 3 years: stock options are worthless, they're losing people, and the hardware vendors are saying "When are you going to get us a decent 64 bit system?". They can't seem to ship secure code and now they throw out working subsystems, possibly because they've got a brain drain. MS owns the office market, but they're starting to really fall behind in shipping modern security at the OS level.
Re:However (Score:4, Informative)
http://www.joelonsoftware.com/articles/fog0000000
Re:However (Score:3, Interesting)
Yes, yes. Cruddy and Complex code is cruddy and complex because it needs to be cruddy and complex (not because it was hacked together on an impossibly short schedule, or written by a novice developer using a fundamentally bad design. Or both.) And you should never rewrite code. Ever (except when you should).
There are no absolute rules in software
So (Score:3, Insightful)
So they're saying that beta software still has bugs in it?
I don't think its particuarly fair to be making these public accusations at this time. I'm sure the developers appreciate the testing, but an article to CNET seems a little too much
Mistake? (Score:2)
On the one hand, you can see thier point. The XP code has become more mature and has all the latest fixes and is more or less stable, as Windows goes. On the other hand, t
Re:Mistake? (Score:3, Interesting)
Crackers will become familiar with Vista's net stack soon or later, either by reverse-engineering the new not-so-secure stack, or by utilizing their familiarity with the XP stack (in case MS didn't replace it)
Re:Mistake? (Score:2)
That's not my assumption at all; given Microsoft's track record however, you have to wonder if that will be the case. Symantec is saying it isn't based only on their review of the beta software, but you can't take that as gospel, anymore than you can accept MS's assurances that Vi
Outrage! (Score:5, Funny)
How dare they! Just when I know all the exploits in the old code, they make me go and have to discover all new bugs in their new code. Being a hacker is hard some days...
Conflict of Interest (Score:5, Insightful)
FUD. At least they learned Microsoft's greatest marketing strategy.
Another way of saying it (Score:2, Insightful)
Abuse of Moderation (Score:2)
Hey, you're not supposed to mod people "troll" when you don't agree with what they say. It means they don't agree with what they say. And anyone who actually has experience maintaining windows knows that it's not wort
Semantec's attempt to reassure stockholders (Score:5, Insightful)
Isn't it to Semantecs best interest to generate demand for their product by creating uncertainty when it comes to OS security. They did this to linux too...
Granted Microsoft may be using new code, but that doesn't necessarily mean it's more insecure than the current network stack.
Let's see what the non-beta software looks like, and see what a independent lab reports.
Bill
Put up or shut up (Score:2)
Oh, you have none? It was just fearmongering to scare people into buying your products? I'm shocked, I tell you. Shocked!
This would be half as funny if Symantec products didn't open more holes than they close.
Windows Defender anyone? (Score:2, Insightful)
Did you also notice? (Score:2)
And about vista's new stack "This may provide for a more stable networking stack in the long term, but stability will suffer in the short term."
I think the report overall is positive for Vista. ANYONE who expects a new OS to come out bug free is a fool. Unfortunately, on CNET as on Slashdot, a positive microsoft article isn't news, thus the SPIN.
So they kicked out the BSD code (Score:2)
Is this that fucking hard? (Score:2, Flamebait)
Re:Is this that fucking hard? (Score:2)
Re:Is this that fucking hard? (Score:2)
Well, no it isn't. (Score:3, Interesting)
It should be very easy to build a networking stack for Windows (or any other OS) that is bullet-proof, compact and fast, because it's not a particularly complex pie
Turned upside down (Score:2)
Vista has been improving... (Score:4, Informative)
Re:Vista has been improving... (Score:3, Funny)
I work as a tester at a large, well-known tech company. I started using Vista back in February of this year, and I've used one of the latest versions, 5474, recently. Here are the changes I've seen:
[better graphics, crashes a bit less, more widgets, file copying is a bit faster]
Sounds like it was really worth spending more money than the Apollo programme on then!
Rich.
Re:Vista has been improving... (Score:3, Insightful)
Never buy a 1.0 product from Microsoft.
Eyecandy. (Score:3, Insightful)
Best Quote from TFA... (Score:5, Funny)
Oh man! I can't even begin to think of a joke worthy of that setup...
I got one... (Score:2)
By the time the average person gets a shot at this network stack it will about as "virgin" as Madonna!
BTW, saw her in concert live in Chicago... kick some major ass she does!
Shortening the credits (Score:2)
Yeah, I imagine it really irked them, having to include that mention of BSD in their credits. Networking code written in-house by Microsoft Software Engineers should be WAY more secure.
Hmm... I wonder if anyone over there, even for a moment, talked about "extending" TCP/IP? Or maybe IPv6-MS?
I kid, I kid...
Bye Bye Corporations (Score:3, Insightful)
Windows Vista still Rife with Insecure Code (Score:2, Funny)
See what happens when you constantly tease it? Now it's got an inferiority complex. You people should be ashamed.
Somewhat OT - keyboard shortcuts? (Score:2)
More Symantec Propoganda; a new stack is better (Score:2)
The new provider modules are a step ahead of what they'd been using. This is what Symantec is mad about: being left out of the anti-virus and spyware game. Look to see that Microsoft also purchased Win/Sysinternals today to see what else motivates Symantec. Their cash cow, a flea-bitten operating system-- might just work for a change.
But I doubt it.
It's part of the bigger picture (Score:4, Interesting)
Emphasis (Score:2, Insightful)
They've been too busy with cool stuff [softpedia.com].
FUD? (Score:3, Insightful)
So, point me to the place in the article which says something is still rife with insecure code?
Well, of course, there'll be securite holes in Vista too, like most other OS's, but I'm not sure that's what the article means? It seems someone somewhere have come to the conclusion that there are still major problems with it and I just, darned as much as I try, can't find the place in the article.
It seems to me Symantec only speculates, as Vista will have a new network stack?
But then, Symantec themselves say:
So, which is it, and is the article just spun like this on Slashdot because it's Slashdot?
Re:Before the MSFT bashing commences (Score:2)
Apparently nothing is secure according to Symantec
Re:Before the MSFT bashing commences (Score:2)
Except this should be perfect. (Score:4, Insightful)
This isn't a problem if the problem you find is a minor thing where if you click on a button it crashes only if you have a ATI card that was made in June 2005.
This is a problem if the majority of code, that has been rewritten from near scratch has major flaws that would take another full rewrite to get rid of (or years of critical updates). Vista is supposed to be the reinvention of Microsoft security, however this isn't secure. This isn't a "we're still adding features" problem this is a critical flaw at the core of the system.
Re:Before the MSFT bashing commences (Score:4, Insightful)
Please THINK before you post.
Re:Before the MSFT bashing commences (Score:2)
Re:Slashdot...biased?! Never! (Score:2)
That isnt bias, that is a reality.
It is history that creates expectations.
Apple does not have an extremely consistent pattern of making poorly secured products. People would be interest and expecting a high quality securely coded system from them. They have earned a good repuation. Microsoft has routinely released bug infested crap, ther
Re:Sometimes its easier (Score:2)
It is like in construction
Nice list, minor correction suggested (Score:2)
Is still able to get work done EVEN if supervisor helps.
Emphasis on correction.