Dan Kaminsky on Microsoft’s Security

Submitted by anonymous 2005-07-21 Privacy, Security 30 Comments

SecurityFocus published an interview with BlackHat/Defcon speaker Dan Kaminsky. He was guest-hacker at the Microsoft BlueHat event, and met Redmond’s engineers and management. His conclusion: “My sense is that a combination of respect for SP2 and growing fear of Google (which has an entirely different, and arguably more managable security posture than Microsoft can achieve) has really pushed people towards seeing security in 2005 as stability was in 2000/2001.”

About The Author

Thom Holwerda

Follow me on Mastodon @[email protected]

30 Comments

2005-07-21 12:20 pm

timosa
And we got rid of Windows stability problems after 2001, right?

2005-07-21 12:25 pm

Anonymous
> And we got rid of Windows stability problems after

> 2001, right?

Yes. After 2000, actually, or to be more precise, after the release of Windows 2000.

2005-07-21 1:28 pm

gilboa
> And we got rid of Windows stability problems after

> 2001, right?

Yes. After 2000, actually, or to be more precise, after the release of Windows 2000.

Umm… Windows 2K, in its RTM form was far from being “rock solid”. Same goes for Windows XP.

At least on my SMP setup(s), Windows 2K became stable (read: NT4SP5 like) right around SP3. XP/SP2 has yet to achieve this goal.
2005-07-21 1:40 pm

rayiner
Windows 2000 wasn’t used by home users, though. If we’re including Windows 2000, we might was well include NT workstation and say the stability problem was solved in the mid 1990s. To be more accurate, the stability problem was solved generally in 2002, with the release of WinXP.

2005-07-22 11:57 am

hobgoblin
i cant realy comment for others then myself but i have been running win2k as a desktop for years now…

2005-07-21 12:31 pm

pravda
I don’t know what Microsoft even thinks. Until Microsoft open sources their entire OS, entire toolchain, and all the CPU and other chips, there will be no security on Windows.

The reason Microsoft bought their own anti-virus and anti-spyware is so Microsoft’s rootkits can still work undetected (along with Microsoft’s spyware applications) and Microsoft can give security/spyware/adware exceptions to those it has to and those who pay for an exception.

The computer, as defined by Microsoft and Intel, has proven to the public that it cannot be trusted. No matter how much big brother TPM hardware Microsoft/Intel adds, it will not help change this belief.

And so it just makes me laugh.

Trusting Microsoft with security is like trusting the fox to guard the henhouse.
2005-07-21 12:49 pm

Anonymous
the problem is the default, out of the box, permissions setup from ms. until an ordinary user is not merrily chugging along as an admin, things can only be covered up with band aids.

one can argue that you can run as a limited user, etc., but that only happens for those in the know. tons of biz and most home users have no idea and use ms default of admin (with no password to top it off).

the priviledge model is due to change with longhorn, and when it does, ms achilles heel will be gone.

and yeah, i agree windows has been rock solid since the release of windows 2000. 2000, xp, and server 2003 perform fantastically. the lockups and blue screens of the windows 95/98 era are gone.

2005-07-21 12:58 pm

rugbuzpafnuti
I was yet to see any problem or even bluescreen when people worked as users.

Personally I didnt have a bluescreen for years, and spyware only once in the last 5 years (and that was ironically when I logged in as admin just to download and install an update on the fly…).

I got my linuces and my mac to core dump or lockup pretty quickly though. (yeah I know, this is against ‘the common opinion’ – only windows gets fucked up over time, unices are rock-solid… well, not for me)
2005-07-21 1:03 pm

Thom Holwerda
The thing is, the Windows NT line is a very capable and decent operating system, with a lot of security principles that are very much the same as on UNIX. But as Anonymous (IP: 68.235.182.—) pointed out, the default setup leaves a lot to be desired.
2005-07-21 4:13 pm

orestes
A couple comments:

1. Better default setups, while most definitely needed, are a not a substitute for proper user education. If the user isn’t properly informed, they’re just as likely to turn off the new security measures as they are to use them.

2. The 3rd party software vendors are at least partly to blame for the tendency of Windows users to run as administrators. A lot of software packages are so shoddily coded that they refuse to run under a non-administrative account.

2005-07-21 1:02 pm

pravda
A brief restatement of the message that Microsoft (or their minions) voted down:

Trusting Microsoft with security is like trusting the fox to guard the henhouse.

It seems any sort of non-positive statement about Microsoft is getting voted down. And Microsoft complains about bias. Reminds me of an old Polish proverb.

What voting really needs is a list of who voted along with their IP addresses and a smart lookup of where those IPs are coming from.

2005-07-21 1:05 pm

rugbuzpafnuti
No, your childish ignorance enriched with mindless zealotry was voted down:

Until Microsoft open sources their entire OS, entire toolchain, and all the CPU and other chips, there will be no security on Windows

2005-07-21 1:12 pm

pravda
A completely open chain is a well accepted precept of secure systems. If you are ignorant of this, that is your own blindness.

And it doesn’t change the fact that we need voting records.

The world knows very well that Microsoft buys decisions from Congress, buys analyst studies, etc. I would hardly be surprised if Microsoft and their lackeys are perverting the voting system here.

In a somewhat ironic fashion, the lack of a voting record underscores the very issue we are talking about. Without a completely independent and 100% thorough verification of what is secure, there is no security. The same with voting.

2005-07-21 1:18 pm

Thom Holwerda
I voted your comment to -5 with one click, and as far as I can recall, I don’t have a job contract with Microsoft.

A completely open chain is a well accepted precept of secure systems. If you are ignorant of this, that is your own blindness.

Great. But being open doesn’t guarantee a secure system. False logic, Pravda. Kindergarten stuff: Joe puts up an umbrella when it rains. Joe puts up an umbrella. Does that automatically mean that it’s raining?

2005-07-21 1:31 pm

pravda
I will relate the following:

In 1984 the co-author of Unix Ken Thompson gave a theoretical example of how even an open toolchain could be compromised He described what he called the “cutetst program I ever wrote” in a paper subsequently known as Reflections on Trusting Trust. Thompson set about producing a program which produced as output an exact copy of its source, in other words a program that will create a self-reproducing program. His compromised compiler could be used to replace the standard UNIX compiler, and the intruder could then remove the traces from the compiler source code, knowing that any program generated by the compiler would harbor the Trojan.

Thompson’s point was simple. “You can’t trust code that you did not totally create yourself. No amount of source-level verification or scrutiny will protect you from using untrusted code,” he pointed out.

The answer is to have a clean room environment – both tool chain and operating system – that the user has created and knows is free of compromises. This can then be trusted to bootstrap the toolchain and OS of your choice.

2005-07-21 1:38 pm

Thom Holwerda
Pravda– it’s probably not coincidental that your name is also the name of the Communist newspaper that was known for spinning the truth to better fit the communist views .

It is possible to achieve security with opennes. But that does not mean that a system can only be secure when it’s open. I’ll repeat the Joe story. Read it carefully: “Joe puts up an umbrella when it rains. Joe puts up an umbrella. Does that automatically mean that it’s raining?”

Logic, sonny. It’s a difficult concept, but in the end you’ll get it.

2005-07-21 1:48 pm

pravda
You are the one who fails to understand basic mathematics.

If you have any part of your system that is closed, then overall security cannot be achieved.

Think of simple AND logic.

If 0 AND X AND Y AND Z

Obviously it doesn’t matter what X, Y, or Z is.

The value of the expression is ZERO.

And Thom… your newfound power is resulting in oppression of the people!!! Pravda will spread the word!!!

2005-07-21 2:17 pm

Budd
Pravda– it’s probably not coincidental that your name is also the name of the Communist newspaper that was known for spinning the truth to better fit the communist views .

Thom,you are pathetic.Even if you intention was to joke. It sucks.You brought no argument into discussion except pointing that that users name is pravda. Get a life.

2005-07-21 1:30 pm

TaterSalad
I’m pretty impressed with Dan and the interview. There was no bashing or zealotry, just explained how MS thinks and operates in the realms of security. At least MS doesn’t just shrug it off despite popular opinion, and I’m glad to see they are taking security seriously.

I’m curious about possible exploits in Longhorn when it is released. From the screenshots it looks like they will do something similiar to linux distros in asking for the admin password when running as a regular user. This may be a problem where social engineering might kick in with an email saying “run this file, type in the password, and you can see the dancing elves”.

2005-07-21 1:53 pm

pravda
Delivering on its promise to release Windows XP Service Pack 1 (SP1) in the coming days, Microsoft announced late Friday that it will issue the critical upgrade to its latest desktop OS on September 9. With XP SP1’s release to manufacturing (RTM), the company will finally provide its first comprehensive set of bug and security fixes to the fastest-selling Windows version ever. Beginning September 9, XP users can download the SP1 release for free from the Microsoft Web site or order the release on CD-ROM for about $10.

“Microsoft is always focused on improving the reliability and security of Windows for our customers, and [SP1] is the latest delivery on our commitment to those customers,” said Jim Allchin, group vice president for the Platforms Products Group. “Windows XP is the most secure and dependable [OS] we have ever produced, but our work doesn’t end when we ship the product. Windows XP [SP1], along with services such as Windows Update, [is an example] of how we help customers keep their PCs updated with the latest and greatest technology.”

XP SP1 includes all the security patches Microsoft has issued for XP since it initially released the product in October 2001, security fixes that resulted as part of Microsoft’s Trustworthy Computing source-code review, support for new technologies such as USB 2.0, and some UI changes the company’s proposed settlement with the US Department of Justice (DOJ) required.

http://www.windowsitpro.com/Article/ArticleID/26484/26484.html

XP1 was released on 09 Sept 2002.

2005-07-21 2:06 pm

pravda
Pravda was founded as a newspaper for workers in 1912; the Bolsheviks started legal publication of the newspaper in St. Petersburg on April 22, 1913. It was a time of unrest, with 400,000 workers striking on May Day 1913, and letters from common workers were encouraged and published in the papers, showing and stirring the workers’ anger. Pravda was regarded by the communists as a successor to the socialist newspaper Iskra.

Vladimir Lenin, who controlled the paper, placed Joseph Stalin on the editorial board; Stalin’s first stint on the board lasted until his exile in 1913. During this period, the editorial board’s more moderate stance often clashed with Lenin’s, and the editors sometimes censored or refused to publish Lenin’s works. The Russian government attempted to suppress publication of the newspaper, but the Bolsheviks built up a loyal readership of over 40,000 and a network of distributors. Pravda was dependent on financial support from workers.

Lenin was now living in Krakow and writing more and more articles for the paper, with increasingly anti-Tsarist sentiments. When the paper was shut down, the Bolsheviks continued to distribute newspapers illegally.

Pravda played an important role in the revolution to come. The February Revolution of 1917 allowed Pravda to reopen, and shortly after Stalin’s return from Siberian exile in March 1917 he returned to the editorial board, working with Lev Kamenev. After Stalin and Kamenev’s return, Pravda initially took a more conciliatory tone towards the Provisional Government; however, its readers were unhappy with this change. During April, Lenin’s April Theses set out Lenin’s analysis of where Russian politics should develop; Lenin strongly condemned the Provisional Government and the prevailing editorial stance of Pravda; a few days later, Pravda’s editorial tone changed, strongly condemning Alexander Kerensky and other Provisional Government sympathizers as being “counter-revolutionaries”. From then on, Pravda essentially followed Lenin’s editorial stance. After the October Revolution Pravda was selling nearly 100,000 copies daily.

http://en.wikipedia.org/wiki/Pravda

The period we are in is the early period. The revolution is not yet upon us. But it coming, as sure as day follows night.

2005-07-21 2:09 pm

rugbuzpafnuti
Someone mod this dunderpate permanently -5, please.

2005-07-21 2:15 pm

pravda
It is an unalienable right to defend oneself — in public.

Unfortunately, it does mess up the thread.

I support moderating all the off-topic threads as off-topic, but not “voting” them down when the “voting” is done by Microsoft employees and lackeys.

2005-07-21 3:11 pm

Anonymous
Since we are comparing experiences and all . . .

Locked up XP many times. XP doesn’t bluescreen by default, it’s set to automatically reboot. Have many coworkers who have complained of auto rebooting on they’re new dell systems with XP.

I’ve had XP service pack 2 corrupt a few machines. I’ve had other XP services become corrupted such as MMC. This is on heavily used development machines that don’t access the internet. So spyware is not the prob.

I’ve managed to lockup X, a few times. I’ve had Ubuntu crash on me as well. Debian has been rock solid, FreeBSD even more so.

2005-07-21 3:21 pm

Anonymous
Yeah, I got a kick out of the comment about ‘stable’ and all that… Almost a troll. I hadn’t used dozer for quite a while, then on a contract recently had to use XP. Right away I felt like I was crippled, no command line, sluggish, click, click, click, reboot, click, more reboots.. Then made the box sort of usable (about as much as my palm pilot), and then it started – hanging apps, hanging logins, reboots, all the “usual” stuff. Thought to myself – same as before with different hairdo. Come on and get real, it’s the same crap.

2005-07-21 4:12 pm

Anonymous
Pravda you know something…you are a joker. How old are you? All you are doing here is insulting yourself and your parents by acting so childish and foolish. If openness == security then no exploit on Linux will exist. How about firefox bugs? What about big history of sendmail attacks? Don’t forget buffer overflow was mostly used on UNIX initially.

Now please stop your childish rant pravada and learn to grow up. You will never get to see the source code of Windows because hey it is something called IP…intellectual property and if you are so intelligent then go write your own OS

2005-07-21 4:29 pm

Anonymous
A couple comments:

I’ll add…

3. Better default tools and the complete ability to unhide all the little hidden parts and deal with them with those tools.

4. (and personally) A more unix-like mode that allows for fewer arbitrary blocks when dealing with file system issues such as permissions and ownership. (VV frustrating at times.)

2005-07-21 11:01 pm

Anonymous
I think some people have never used it or have gone all nostalgic and forgot the problems. When did it ever gain 4 Nines uptime? And was it not always safer not to run more than one or two services otherwise it would fall over in a heap? WINS was a lovely system – not.

Memory leaks require machine reboots

http://www.windowsitpro.com/Windows/Article/ArticleID/4764/4764.htm…

http://www.macwindows.com/NTunsolv.html

And the list goes on and on.

BUT it was a first step in the right direction – they may get it right in a few more iterations.

2005-07-22 7:44 am

morgoth
Microsoft Windows security is better, with the advent of Windows 2000 onwards, but there are still issues. Take a Windows XP system (non sp2), put it on a ‘always on’ internet connection and watch it get infected in less than an hour. You can solve this by employing a software firewall, anti virus software, and installing sp2, but still…that’s not good in my eyes.

Windows ships as admin by default, and that’s never going to be good. Never.

Dave

2005-07-22 8:40 am

Anonymous
> BUT it was a first step in the right direction –

Technically v4 was a step back from v3.51 though…

> they may get it right in a few more iterations.

Not very likely. MS-Windows 2003 Server blue screens about monthly (if not rebooted weekly.) And the sudden reboots on XP have happend to me as well. Not to mension printing problems, often, requiring manual reboot.

Ofcource a powered-down machine is very “secure” indeed.