Home > Windows > Longhorn Locked Down To Fight Hackers Longhorn Locked Down To Fight Hackers Andrew Youll 2005-07-06 Windows 54 Comments Microsoft’s forthcoming Longhorn operating system places great emphasis on locking down PCs to prevent unauthorised access to hardware and software, the software giant revealed today. About The Author 54 Comments 2005-07-06 10:04 pm Don’t challenge hackers with statements like that it would stop them “99% of the time.” Sure it’s good marketspeak, but it makes the hackers really determined too. 2005-07-07 6:39 am TusharG I totally agree with you. It is more fun when someone say its unbreakable! Specially they love M$ packages when it comes to breaking. Go east -> go west <- M$ is always breakable and it will always remain! 2005-07-06 10:05 pm roguelazer I like the “not all users are by default administrators” idea- it’s one that every operating system except Windows has adopted with good reason. However, the “restricting hardware and memory access to trusted applications” idea seems rather like the current Signed device drivers in that I can see Microsoft charging developers money to get their software authorized for system access. And, of course, anything having to do with the Trusted Computer Group is pretty much bad. Oh well. Not like I’m particularly likely to end up saddled with Longhorn. 2005-07-07 4:11 am Devon — “I like the “not all users are by default administrators” idea- it’s one that every operating system except Windows has adopted with good reason. However, the “restricting hardware and memory access to trusted applications” idea seems rather like the current Signed device drivers in that I can see Microsoft charging developers money to get their software authorized for system access.” I think you’re right on with that. The real question here is who will be considered ‘authorized’? Am I, the humble user who paid for the computer going to be lucky enough to be considered authorized, or will Microsoft be making those choices for me now? Based on whats really good for me or who can pay them enough? Some real causes for concern here. 2005-07-08 10:42 am Doctor Flange YOU may be responsible enough to be able to manage your computer, but remember that there are millions of clueless people out there. These are the kind of people whose computers are infected with email worms and they don’t even know, since they don’t run antivirus or anti spyware systems. Believe me, I know a lot of them (and have to change my email address often as a result). These people need restrictions such as these. 2005-07-07 5:13 am Erpo Oh well. Not like I’m particularly likely to end up saddled with Longhorn. You are, whether or not you use it on your computer. The power of a TPM chip to take away your freedom depends on its attestation features; a computer with a TPM chip can create a digitally signed attestation message proving that the computer is running certain software (say, an unhacked copy of Longhorn). One day, 95% of desktop users will have this chip and run a mainstream OS. Once that happens, service providers (from e-commerce sites to regular sites to ISPs) will be able to deny you access if you’re not running an unmodified mainstream OS. You’ll have a choice: switch to Longhorn (or whatever’s the most popular OS at that point) or be denied access to Internet services or even the Internet. Once your friends are in the same bind and they’re forced to switch to the mainstream OS, that OS can even include code to refuse to talk to you unless your computer is running an unmodified mainstream OS. Unless you convince everyone you know to avoid computers with TPMs (and convince them to do the same for their friends), we’re all going to be running Longhorn, like it or not. Today, it’s trivially easy to create an OS that grants total control over a machine to its vendor. Trusted Computing is just a tool to force you to run such an OS, and to force you not to modify it so that you can get your power back. 2005-07-06 10:18 pm mini-me … Lets take bids to see how fast this “feature” gets dropped just like the other ones that have been dropping like flies lately – Better yet – a bid to see how much this “feature” will extend the release of shmoghorn 🙂 2005-07-06 10:19 pm I hope they mean ‘crackers’… 2005-07-06 10:25 pm I’d bet 3 buttons, a bottle cap and a small plastic soldier that MS offers a sercurity patch in less than three months after release. 2005-07-06 10:41 pm Actually its 6 to 9 months and its called SP1. 2005-07-07 6:07 am If they need to release one then I hope they would do so ASAP! As long as software is being written by humans it will not be perfect and requires patches from time to time. 2005-07-06 10:27 pm Hardware locking via a dedicated chip is combined with “hardening” of the OS to restrict how memory can be accessed. So hack then format to install LINUX 2005-07-06 10:41 pm truckweb Everything that can be done in software to secure the OS can and will be undone by virus, trojan or any other crack code. Give it some time, let the bad guys learn how this new OS works and they will be back full swing with new things to break. Longhorn will be better than XP, no doubt. But something will break…. 2005-07-07 3:49 am Everything that can be done in software to secure the OS can and will be undone by virus, trojan or any other crack code. This is incorrect and is part of the mentality that has gotten us into this mess. Software IS securable. Microsoft just isn’t very good at making secure software. That said, I much prefer the “ask the user model” of security introduced with the Windows Firewall to the unix model of simply preventing it from working. They need to extend the model to things like setting up an application to launch at startup, adding plugins to explorer/IE, accessing private user data, etc.. not just accessing the network. The problem with the old model is that if I need to do something like install an aplication I need the abillity to do that but I don’t really want programs running as me to be able to do it too without my knowledge. Thus.. ask the user. 2005-07-06 10:43 pm Longhorn is still struggling with proper device driver integration. As long as those issues are not resolved Microsoft should not even talk about “locking down” PCs. Longhorn is not anywhere near an usable release. If they are lucky they can release it in another two years after more serious and focused development. 2005-07-06 10:49 pm sappyvcv I’m looking forward to Longhorn, but this is hardly news. They’ve been saying from the beginning that this is their plan. Of course, they have to say these things. This time, I do think they’re actually taking it very seriously though. If the new IE is truly locked down and secure, along with Outlook, then we will see a slowdown in this trojan/spyware thing. It will slowly decrease as people upgrade and less use pre XP versions of windows. or IE6 pre SP2. The key points for security here are definately (1) IE and the rendering engine (since it powers outlook) (2) LUAs to prevent programs from gaining too much access without the user knowing. If Microsoft can do these right, which they definately can, Longhorn will be a security success. The sad part of all this is that there are people that will be disappointed if Longhorn turns out good security-wise. 2005-07-06 10:55 pm Martin Software companies always say the next version of [insert software name here] is going to be more secure, particularly OS companies. They just need to stop making these claims. How else would they sell their software? Place emphasis on features you CAN provide, not empty promises. 2005-07-06 11:05 pm Even OpenBSD releases security patches.. you’d rather they wouldn’t? The problem is patching due to bad security design or taking too long to address security vulnerabilities. Until now, most of windows security measures cover bad design. You need to install all these Anti-Virus, Anti-Spyware, Anti-*… they could start by limiting normal user’s priviliges. It seems they are addressing this (only) now. I’m still sceptical about it being effectively enforced. 2005-07-07 2:09 pm This brings up another point that has bothered me about the MS patches. Consider the OpenBSD patches: There is a clear description of the code/design error and a precise list of the types of faults that can be corrected. You then get the source code so you can see exactly what is changing. It is almost always a small fix (tens of lines of code.) Contrast this with MS patches which are only described in vague terms and which typically involve several MB of compiled binaries. (I don’t object to binary distributions, but they can install a lot of ‘silent fixes’ if they care to.) Some patches have even required you to sign a new EULA. You litterally have to give up some of your priviledges in order to secure your computer. 2005-07-06 11:12 pm Milo_Hoffman <poor attempt at humor alert> Hey Microsoft! The 1970’s called, Unix wants its security model back. </humor off> 2005-07-06 11:29 pm orestes An OS is only as secure as its users’ actions. It’s going to take a lot more than fancy hardware and default settings to reverse the 20 years of bad habits that Windows users have acquired. 2005-07-06 11:33 pm Sabon I don’t believe for one second they are more serious about security than before. They might be more serious (i.e. concerned) about profits than before. Meaning that people that would never have thought about a Mac, and to a lesser extent Linux in the past are buying them because they are sick of viruses and worms with Windows. Most likely, as in the past, only honest people will be affected, and in a bad way, by this. It won’t take long for virus and worm writers to get around MS’s new “security.” 2005-07-07 12:14 am Emil IMHO, Microsoft puts to much effort (or maybe it’s another PR stuff about Longhorn) into things that are not so high at priority. When you can access HW directly, there’s not much person can do. You can have all the Super Security Systems, but when user wrote down his password under keyboard or you can force him to give it away (by force or trick) you’re done with it. MS should care more about BAD (Broken As Designed) IE/OE holes. This is important thing for Windows users. 2005-07-07 2:25 am ma_d Do you honestly believe you can brute force an encrypted file system? We’re not talking about a bad 40-bit keyed algorithm here. My understanding is that these chips are just hardware implementations of common encryption routines like AES. Let’s say you have a disk that you stole, you don’t have the password because it wasn’t written on the guys laptop that you found/stole. So, you try guessing passwords: How long do you think it’s gonna take you to get it assuming he didn’t use “god,” “love,” or “sex?” I think Windows XP already has encrypted filesystem though; they’re just “slow” because the cpu has to do the work. Well worth the speed costs if your work is sensitive. 2005-07-07 2:35 am Night XP SP1+ and 2003 use 256 bit AES for NTFS EFS. Just so you know, recent Via CPUs have hardware accelerated crypto. I doubt XP and 2003 use it, but OpenBSD certainly does. This is seperate from a secure hardware element (i.e. TPM) for key storage. If using one, the only way to obtain the keys is by deconstructing the chip. 2005-07-07 1:11 am If they’d fix once for all just only the msvcrt.dll string routines… /me fighting with unicode routines… 2005-07-07 1:29 am Wowbagger Another Windows version and another round of: “This time it’s really going to be a usable, stable and secure OS. Really. Believe us. This time only. Just ignore that we were lying to you when we brought out Windows 1.0, 3.0, 3.1, Win95, Win98, WinME, Win NT, Win 2000, Win XP. We really have changed and are an honest software company now.” Well, there’ll rather be Butterflies flying out of my ass before I believe those guys. Microsoft has lost any credibility so long ago, it’s not even funny anymore. 2005-07-07 2:03 am In OS X, the admin user already has write access to /Library and /Applications, so installing 3rd party applications is supposed to be just drag-and-drop. But NOOOOO, developers insist on authenticating to get root access. This happens with almost any app that uses the Allume installer it seems. And MS Office requires root to write a log file to /. Lame. Anyway, the point being that as users are constantly being asked to authenticate, CONSTANTLY, it loses all meaning. “Sure, have my password, I type it in for everything. This is so annoying. I wish there was an auto-password-enterer-thingy.” Unwitting users will give their password to anything. It’ll happen with Longhorn. 2005-07-07 2:46 am It’s long past the time when Microsoft can tell us that they’re going to improve security. Less talking, more doing. 2005-07-07 2:50 am One of two things will happen. Either they will lock down so much it is un-usable. Or it will be a hackers dream and so many viruii or other things will be bombarding the os that it will make it un-usable. 2005-07-07 3:04 am Amanda Are those security technologies employed in the processors are allowed to be used by Windows only? If so, this step may be a dangerous one – M$ may eventually work with Intel/AMD and add in more Windows-specific features to their chips, eventually hijacked the the PC hardware standard for its own good. If that’s what M$ plans to do, and if all major processor makers ally with M$, the entire PC industry would become M$’s proprietary… 2005-07-07 10:05 am andreiy This is a real concern. So the people in the US should watch very closely what is happening on the hardware side and then pressure their authorities for another anti-trust trial (MS is still an US-based company). P.S. Sorry foe my English. 2005-07-07 3:34 am anand78 This is like the Clean desktop feature that Windows XP has. Or even the Firewall Security alerts. Most of the people I knew used some kind of registry hacking to disable the feature. 2005-07-07 11:27 pm CPUGuy Ummm… you don’t need registry hacks to turn them off, it comes up and asks you if you want them on or not. 2005-07-07 4:24 am i also hear Microsoft Longhorn Mobile OS is coming out for coffee machines. i heard a beta tester stated that it blew up and set their house on fire. 2005-07-07 4:32 am Devon Do you have a link or are you just trolling? 2005-07-07 4:57 am Indian programmers (what a pun on words) like they would have the brain power to wipe their ass. Sand programmers are too blame, they are so dam smart look at the shit they turn out. Off-shoring jobs to 3rd world shit holes are the result of Windows bugs, so don’t blame Americans, they are cheap fuking labor, nothing more, nothing less. Plus they stink and are stupid as fuk. 2005-07-07 6:38 am benxor you mispelt ‘fuck’. good job with ‘negroids’. now go to the back of the class and repeat ‘i will not masturbate to my own diatraibe’ 640,000,000 times. all the main OS programmers at MS might be poor interface designers, and hog-tied with backwards-compatability bullshit, weakening the standard of their product, but you know – indian or not, they have more PhD’s in applied computer science than you have penises. So, one or more. 2005-07-07 6:28 am I wonder if Apple will use that TMP chip too.I think that people who buy an OS will probably not create virusses for their own platform.It remains to be seen how well the TMP chip behaves 🙂 MS would be wise to see that their info is channeled through some serious websites with more info and less ads. 2005-07-07 6:31 am benxor as usual an exciting puff-piece featuring lots of pseudo-technical buzzwords. ‘Locked down’? What the hell are they locking down exactly, the electrons or the magnetic fields? It’s a computer. ‘Hardware locking via a dedicated chip is combined with “hardening” of the OS to restrict how memory can be accessed.’ Sounds a lot like…. the hardened linux kernel? Oh, nice use of a proprietary chip – I suppose this will be included on all motherboards as standard throughout the world from now on? Or will it be included as a USB dongle in the box with windows? Tell me, if amateurs with fab-labs in SE Asia can reverse engineer nvidia cards, how long do you think it will take to open up this little chestnut? Also, the cleverness of the chip design is inversely proportional to the number of companies who’ll bother paying to have it on their boards – the more complex it is, the more expensive, and the more complex the equipment to create and install it. ‘Security will also be boosted using a technique dubbed User Account Protection, which aims to ensure that computers can be locked so that local users are not given full administrator access by default.’ Yeah, that’s called ‘not making all users root by default’. Ever heard of it? It’s been in every single multi-user OS ever. ‘This will act as a vault for a user passwords and identity information. If a computer is stolen a thief would not only have to unlock the computer, but break into the chip to access any personal information.’ Tell me, would you rather have your data with you, or on the computer that’s been stolen? What’s the difference, any thief will simply flash the data out and resell the machine (which is why they…. stole it in the first place?) or steal your identity using all the other stuff lying around your desk and filing cabinet, which they’d have access to if they’re clever enough to steal your entire desktop computer. As for laptops, same diff: they’ll either wipe and resell or, if you’re someone famous they want the personal data of, well…. attach a bomb to your laptop and have a detonator on your car-keys, what the hell is some MS-designed personal data chip going to do for you? ‘Finally, User Account Protection will help protect against local PC infection by locking user rights, so that a hacker cannot gain full control if a computer is infected.’ Because hackers often do this, it’s much easier than exploiting the OS to do anything you damnwell like. Guessing a user’s password is more difficult than just gaining root access through one of a hundred billion different exploits – although good for MS in finally promising a feature that’s been in every other OS since 1970 and giving it a snappy name to make it sound like they invented it. Just like how they invented HTTP and the aeroplane. You might have noticed, I’m a tad skeptical of MS’s promises – and they *are* empty, unsubstantiated promises – because I’ve already heard them all before, 800 times, and nothing ever changes. Boo-yah for XP and MS finally making an operating system that only needs to have the computer reset every time you install a driver or a program or an update or an add-in, not just every time the mouse reaches 104 clicks and you have to wipe the corrupted swap file. Bravo, gentlemen, only needed a bit of competition and the gunpoint threat of open-source to make you promise something that approaches the abilities of Solaris 7. 2005-07-07 9:38 am …In order to fight users. Come on, this system is designed to be controlled by MS, not by user! User gets his restrictions and DRM. 2005-07-07 9:53 am Yep! That’s what I thought when I read the title: “smells like DRM”! 2005-07-07 10:11 am most Windows users would be considered Hackers. Most Windows users enjoy downloading mp3z and other war3z from their favorite 1337 crewz. Somehow I see this promise towards security turning into a promise for user prison. 2005-07-07 11:00 am If that thingy is a dongle kind which will prevent the starting of the OS(or the computer itself) then i wonder how many users will lose that password and probably after entering (guessing) it a few times the computer will probably freeze and then they will be forced to take it to the service from the firm that they’ve brought it. I think that’s funny And the other funny thing is that lot’s of users are using sticky notes containing their user names and passwords stick to the monitor(i saw many of them do that) so they wont forget them and in this way You should not be worried wen you decide to actually steal the whole computer(just don’t forget to check the monitor or take that as well wit you) 2005-07-07 1:22 pm Richard James An additional layer of defence comes from what Echert calls “system hardening “. This ensures that only certain parts of the computer’s memory can be written to, thus stopping memory resident malware from causing disruption. System hardening is the entire process of making a system harder to break into. What he is talking about is either enhanced memory protection or stack execution protection . These pages give an interesting overview of this sort of technology in use in windows. http://msdn.microsoft.com/security/productinfo/XPSP2/memoryprotecti… http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2m… 2005-07-07 1:32 pm What kind of security chip is this if you can extract the passwords out of it? I don’t care if you’re an expert with technicians tools, you still shouldn’t be able to do it. I’m an electrical engineer and I work with code protection on flashed chips, and I can guarantee you won’t be able to get the code out of that chip once you secure it. Unless you know how to disassemble a .90nm IC die and suck out the bits. 2005-07-07 4:09 pm How can they tell us they are going to lock down Longhorn and then downgrade Claria Adware detection??? This is really really outraging, I’m sick of all their lies and hype. http://www.eweek.com/article2/0,1759,1834607,00.asp I’m not a unix zealot, I use whatever is better for my needs but many people don’t have a choice because they don’t know better… Microsoft should be more responsible about their software. If they want to raise security then DO IT! Do it in a consistent fashion, do it openly, do it thinking that it IS an important issue! It’s way more important than desktop searching! “Nice! I can find my files easier!” Well, with all this stupidity, ill-intended people and companies can also do that with YOUR files! 2005-07-07 4:30 pm Looks like Microsoft is finally taking enough time to put a product out that isn’t full of bugs and exploits. About time they didn’t try to put out broken software. 2005-07-07 5:20 pm Anonymous Coward I doubt I’ll be upgrading to Longhorn for a long long time. Maybe I should switch back to Debian again, or just wait ’till Apple finally decides they want to sell OS X on non-Apple Computers. DELTREE C:*.* /Y or FORMAT C: /Q/AUTOTEST is the fastest way to tighten Windows Security. (Disclaimer for thise with cranial rectal inversion syndrome: I didn’t tell you to do these) 2005-07-07 5:22 pm Anonymous Coward I don’t know if 2.0 did this or not, cause I didn’t really care, but now I do. After posting a comment, I should be returned to the page I was on, not the first page of comments. 2005-07-07 6:33 pm mark I’m wondering what exactly they mean when they claim hardware can be locked down? If I have a screwdriver, I can certainly open up a computer and remove the hard drive and just about any other piece I want. I can read that hard drive with any number of tools, and reuse it in another computer. Before you claim they are not talking about physical security, I think a large number of users will perceive the claim of hardware lockdown as their computer can’t be stolen. I also see this as an attempt to block users from installing other operating systems. Make of that what you will. 2005-07-07 7:59 pm This is just another MS ploy to further lock-in users to windows. The lock-down ploy is just an excuse to wrest control from users of their own PC’s. This is just part of the “trusted computing” initiative. Welcome to the Microsoft world where they own a partition on your hard drive, require a license to install and execute software, and prevent you from installing a free OS. They’re not locking down hackers, they’re locking down users. 2005-07-07 9:18 pm joelito_pr Better start finding a good lawyer because when that happens I might just place an antithrust suit on M$ 2005-07-07 9:45 pm Open the source code for real coders to patch the holes, make Windows open source for Christ’s sake.