Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

64-Bit Vista Kernel Will Be a "Black Box"

kdawson posted about 8 years ago | from the abandon-all-hope-ye-who-ener-here dept.

402

ryanskev writes with news from RSA Europe, where a Microsoft VP spoke bluntly about the lock-down that will apply to 64-bit Vista. From the article: "Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture." While Microsoft has seemed to be making some concessions to the likes of Symantec and McAfee, considerable doubt remains as to their ultimate future.

Sorry! There are no comments related to the filter you selected.

Sounds like the right plan (5, Interesting)

Zeinfeld (263942) | about 8 years ago | (#16569956)

Sounds like the right approach to me. We will soon find out whether Symantec and McAfee are helping or hindering security.

Re:Sounds like the right plan (4, Insightful)

Coopjust (872796) | about 8 years ago | (#16570118)

Either way Mcafee & Symantec will claim that it was needed later, simple business.

If the new model seems to be secure, Mcafee and Symantec will boast about how they've kept the next generation of Windows safe.

If the new model is less secure, McAfee & Symantec will "point out" the need for their products.

Win win for AV companies...

Re:Sounds like the right plan (3, Interesting)

smitty_one_each (243267) | about 8 years ago | (#16570276)

MicroSoft has historically, and cleverly, built the market by putting out, shall we say "minimalist" interfaces and then let third parties do the grunt work of establishing the product category.
If the category becomes profitable, Mr. Softy can "find the principle, and buy him[1]"
You see this in tools, as Redmond pushes a Visual Studio release, and little third-party vendors groan as thier value-added kits have their coolness reduced by new chrome and tailfin on the library widgets. I'm guessing that there will be suffiecient room to put some polish on 'Doze.
Too, there are going to be plenty of people that puke at the odious licensing policies, and stick with the tools that have helped them limp along thus far.

[1] To quote my personal favorite Redmond Sales drone, on the consumption of Groove Networks.

Re:Sounds like the right plan (2, Interesting)

PieSquared (867490) | about 8 years ago | (#16570154)

I get the feeling it will end up that Symantec and McAfee products will be able to replace the default windows security, but since the windows version is free and just as good there will be no reason to pay and security vendors will fade into obscurity. About two years later, after the old security vendors are all dead, the windows security will stop getting major updates and ten years later (shortly before they release the next version of windows) free, open source replacements that are disadvantaged from the start due to not being worked into the OS will begin being used because the old windows version does pretty much nothing at this point! Suddenly one of these will break out from the others with massive marketing and slowly people will begin to switch, eventually forcing windows to finally update again.

Re:Sounds like the right plan (1)

vmardian (321592) | about 8 years ago | (#16570472)

I can't figure out if you are intentionally or unintentionally describing Netscape vs IE -> Firefox.

Re:Sounds like the right plan (4, Interesting)

QuantumG (50515) | about 8 years ago | (#16570254)

I'm trying to understand what you're in favour of here (and what the article is all about). As I understand it, Windows Vista 64bit Edition will simply not allow kernel drivers to load unless they are signed with Microsoft's private key. Which means that you'll need to either exploit kernel bugs to load your own code (which they'll plug eventually) or boot off a CD and patch the kernel files on disk to disable this checking (which will be hard to do without destablizing the whole system). If that's what we're talking about (and I have no idea if it is) how can you possibly be in favour of it? I mean, it sounds like The Right To Read [gnu.org] all over again.

Re:Sounds like the right plan (5, Insightful)

Zeinfeld (263942) | about 8 years ago | (#16570560)

As I understand it, Windows Vista 64bit Edition will simply not allow kernel drivers to load unless they are signed with Microsoft's private key. Which means that you'll need to either exploit kernel bugs to load your own code (which they'll plug eventually) or boot off a CD and patch the kernel files on disk to disable this checking (which will be hard to do without destablizing the whole system). If that's what we're talking about (and I have no idea if it is) how can you possibly be in favour of it? I mean, it sounds like The Right To Read all over again.

Thats exactly what I want. I do not want to have any software patch the kernel.

If there is no way for the spyware to patch the kernel I don't need McAfee or Symantec there at all. First thing I do with a new home machine is to strip off the AV software provided by Dell as cramware. Machines run so much faster and more reliably without. Then I turn off AutoRun and hook it up to my internal network which has twin SPI firewalls.

I have never had a virus but I have had machines go wonky because of buggy AV code.

I want to have as few kernel mode device drivers as is possible. Printers should not require kernel mode, nor should video cameras etc. Only the bare essentials talking directly to the DMA interfaces should ever use kernel mode.

I don't need to run my code in kernel space and I don't think anyone else does either.

Re:Sounds like the right plan (1)

gkhan1 (886823) | about 8 years ago | (#16570588)

I would rather they went with the linux model of advanced permissions and a (seldom used) root account that had permission to everything, but I see this atleast as a vast improvement over XP. Imagine how much harder it must be to make a rootkit for a kernel that's locked down this way. It's probably not impossible (well, if you modify the system from outside the system, it's certainly possible), but it has to way, way harder.

Agree with parent, why all the fuss? (1)

nobodyman (90587) | about 8 years ago | (#16570386)


Correct me if I'm wrong, this lockdown only applies to the 64-bit versionof Vista, and that in the 64-bit version of XP the kernel is locked down in a similar fashion? If so, I don't see why Symantec and Mcaffe are making such a fuss?

Furthermore, 64-bit vista looks like it will have the same enterprise level demographic (db/web servers and such). So it's not like Symantec's core business is being threatened. It looks like they're just playing this up so for the EC to leverage over MSFT.

Re:Agree with parent, why all the fuss? (1)

3770 (560838) | about 8 years ago | (#16570530)

They are making a fuss because their livelihood is on the line. Not necessarily because they are right.

Re:Sounds like the right plan (0)

Anonymous Coward | about 8 years ago | (#16570418)

Kernel hooks scare me, if they all disappeared I would be happy to say goodbuy to the likes of hackerdefender and various other rootkits which operate as windows kernel drivers. If a system can be made to prevent userland from installing drivers via driver signing and protecting certain parts of the file system and registry from even administrators in all ways that could be used to load shady drivers or certificate chains on bootup..etc it would have real value from a security point of view.

You don't need to make concessions to security vendors - demand any kernel drivers they install be signed by microsoft and the security vendors both stay in business but they focus more on the application layer and they pay Microsoft. Everyone wins.

Admittantly the devil is in the details as driver weaknesses can be exploited to gain kernel access at some point Microsoft needs to choose the ultimiately high ground / ideal / correct path and stick to it rather than making concessions to some of the leaches who depend on old sillyness (kernel hooks!!) that may very well end up leading to less security for everyone.

Re:Sounds like the right plan (1)

obeythefist (719316) | about 8 years ago | (#16570620)

This is all well and good for Microsoft to say "No access to 64 bit Kernel!".

But two questions come to mind:

1) If other A/V companies can do A/V software without kernel access, why do McAffee (or as some other slashdotter erroneously called it, McCafe) and Symantec need kernel access? Why are they so special?
2) Does Windows Defender/OneCare have kernel access, Microsoft?

I would expect that the clear best answers in a perfect world that we probably won't get are:

1) They don't, they're bastard parasites with no real business model who'll be first up against the wall when the revolution comes
2) It doesn't, because Microsoft works on a level playing field.

I think MS is right (3, Insightful)

Anonymous Coward | about 8 years ago | (#16569960)

I know this isn't PC to say on Slashdot.. but MS shouldn't allow undocumented hooks to the kernel. Instead they should provide an API for that.

Re:I think MS is right (3, Insightful)

Anonymous Coward | about 8 years ago | (#16570262)

That'll lead to ugly hacks when the developers find that the API either doesn't allow them to do what they need to do, or it's otherwise buggy and needs to be worked around.

It's enough trouble writing solid modules for the Linux or FreeBSD kernels, and the source code to those is open and widely available. When your module code runs into problems, you can easily see what's going on in other portions of the kernel. It's a very, very useful debugging tool.

Now take this Vista kernel API you speak of. It'll end up being just like the Win32 API. Often times developers had to resort to undocumented calls in order to get their application to perform a certain task. This sort of shooting-in-the-dark coding leads to bugs and security glitches. Even if you understand 98% of what an undocumented API does, it's that remaining unknown 2% that'll fuck you, your product, and your customers over in the end.

Reliable and secure software comes from the developers having a complete understanding of the systems they're working with and building upon. By limiting developer access to such knowledge, they'd be directly promoting buggy, insecure software.

Quite right (1, Funny)

Anonymous Coward | about 8 years ago | (#16570404)

No-one would just give away the recipe to the Kernel's Secret Source

Re:I think MS is right (1)

Watson Ladd (955755) | about 8 years ago | (#16570452)

So why not provide that API to intercept system calls? This is very important when debugging, and pirating software.

Worth mentioning ... (0, Troll)

tomstdenis (446163) | about 8 years ago | (#16569968)

There are other 64-bit OSes ... out .... ALREADY ... that don't have these problems...

Just saying ...

STOP BEING SHEEP PEOPLE!!!

BAHAHAHAHA

Tom

Re:Worth mentioning ... (-1)

77Punker (673758) | about 8 years ago | (#16570164)

64-bit computing is fruitless anyway, unless you're a rocket scientist trying to measure the mass of Jupiter in grams. Think about it. 2^32-1 is a really big number. 2^64-1 is a HUGE number. It's just a gimmick.

Re:Worth mentioning ... (3, Insightful)

QuantumG (50515) | about 8 years ago | (#16570180)

Yeah, and no-one really needs more than 640k of ram.

Re:Worth mentioning ... (1)

ehrichweiss (706417) | about 8 years ago | (#16570286)

Maybe so but if you're trying to imply that was Bill Gates who said that, sorry to tell you it's an urban myth.

Re:Worth mentioning ... (1)

QuantumG (50515) | about 8 years ago | (#16570366)

Actually, I was trying to imply that the dude I replied to was being short sighted.. I didn't say anything about Bill Gates (and typically don't).

Re:Worth mentioning ... (1, Insightful)

Skowronek (795408) | about 8 years ago | (#16570232)

I'm running some applications (logic synthesis) that need a few gigabytes of RAM. It's really nice to be address that linearly instead of stuff like highmem.

So, it's not about the integers, it's about the pointers (logically).

Re:Worth mentioning ... (0)

Anonymous Coward | about 8 years ago | (#16570368)

And the pointers don't need to be 64 bits either. 48 would be a very nice middle ground. 64 bit machines waste a great deal of power moving around and adding a bunch of zeros.

Re:Worth mentioning ... (0)

Anonymous Coward | about 8 years ago | (#16570474)

Yeah, I'll get right on designing that 48-bit computing architecture for ya. Screw powers of 2.

Re:Worth mentioning ... (1)

Skowronek (795408) | about 8 years ago | (#16570524)

Moving around zeros doesn't really cost as much, as long as the value is constant (no dynamic power on those wires). Increased area consumption is related to leakage power, which is not as critical on SOI process as it is on bulk.

As to using 48-bit values - have you actually considered the implication of either wasting 25% of memory, or having a natural alignment not being a power of 2? All those cute divide-by-3 circuits everywhere...

Re:Worth mentioning ... (1)

WhoBeDaPlaya (984958) | about 8 years ago | (#16570400)

Have you considered partitioning that synthesis process? Then again, the partitioning problem is also NP :P

Re:Worth mentioning ... (1)

Skowronek (795408) | about 8 years ago | (#16570494)

Unfortunately, I don't have certain FPGA vendor's synthesis tool source code, and - in any case - I don't want to spend the rest of my life editing it. I'd rather have my Verilog fun than this :)

Re:Worth mentioning ... (-1, Flamebait)

tomstdenis (446163) | about 8 years ago | (#16570454)

64-bit computing doesn't always just involve big memory.

I'm not going to explain the other benefits of a 64-bit address space or the new x86_64 instruction set. Since I've done it about 7 times already on slashdot. You're a dumbtard and frankly a low form of troll. Get an original thought. Please.

Tom

Re:Worth mentioning ... (0)

Anonymous Coward | about 8 years ago | (#16570382)

Who the fuck modded this idiot up? Are you moderators all smoking crack?

Re:Worth mentioning ... (0, Flamebait)

tomstdenis (446163) | about 8 years ago | (#16570500)

Probably people who are not preparing to run Windows vista64 as they already have A F'ING CLUE and are already enjoying the benefits of the x86_64 instruction set.

Tom

Re:Worth mentioning ... (2, Funny)

SmurfButcher Bob (313810) | about 8 years ago | (#16570490)

> with the kernel as the holy of holies,

Am I the only one who read that as,
"The kernel will be the holiest of holy kernels in history, spouting more holes per square inch than any preceding set of kernel holes in history."

Something tells me he used a bad phrase.

Re:Worth mentioning ... (0)

Anonymous Coward | about 8 years ago | (#16570640)

1st This is the register reporting this..
2nd Read the article...he didn't say it, the article author did in the very fisrt line of the article/STORY.

Re:Worth mentioning ... (1)

lifebouy (115193) | about 8 years ago | (#16570650)

Heh, When I read it, my brain said "Lets hope the "high priests" are in the "tabernacle" when it gets ransacked." 3rd party antivirus programs have been the only thing preventing total internet meltdown for years. Because A/V is what they do, they have incentive to do a good job. It's their business. Microsoft hasn't been in that business, really, until now. The first time some cracker says, "I love you, Melissa!" I'll be laughing my ass off, happily using Linux.

You're not good enough. (-1, Offtopic)

Anonymous Coward | about 8 years ago | (#16569974)

Remember, you can pay loads of money for this, and then be treated as though you're not good enough to be allowed to edit or modify this software, it's on your computer, but you can't improve it or tweak. The black box doesn't just apply to security companies, it affects you, the people that pay for this, you lose the freedom to tune and change the software you run on your computer. Why does any geek put up with this? Being able to open something up and tweak it is part of being a geek.

Are you allowed to modify your house wiring? (2, Insightful)

EmbeddedJanitor (597831) | about 8 years ago | (#16570230)

Just because it is "yours" (debatable point in the case of software), does that mean you should be allowed to modify it? Depending on where you live, you probably are not allowed to do tweaks/mods on various things that you own - including the wiring in your house.

Re:Are you allowed to modify your house wiring? (1)

WhodoVoodoo (319477) | about 8 years ago | (#16570388)

The wiring on your house can create a fire hazard, the bits on that disk can't generally hurt anybody.

Re:Are you allowed to modify your house wiring? (0)

Anonymous Coward | about 8 years ago | (#16570432)

What kind of communist jurisdiction do you live in? You flip the circuit breaker, and you go ahead and change the light socket/switches/run new wiring/whatever.

Re:Are you allowed to modify your house wiring? (1)

LifeNLiberty (975116) | about 8 years ago | (#16570572)

Um... Where the hell do you live? I've rewired things in my house countless times.

Re:Are you allowed to modify your house wiring? (0)

Anonymous Coward | about 8 years ago | (#16570594)

It depends on how your local laws are -- where I live (small town in Colorado) you CAN do your own wiring, plumbing, etc. There is just a specific procedure that you have to follow to ensure that 1. you are still within building code, and 2. anyone that works on it knows you modified it yourself.

I'm confused (3, Insightful)

maynard (3337) | about 8 years ago | (#16569982)

Fathi conceeded for 32-bit systems the firm will never have the amount of control over security. He said: "That train has left the station."

For 32-bit versions of Vista, it'll be mostly as you were on security. Developers will be able to patch the kernel, only now they'll have to compete with Microsoft's own brand anti-spyware, encryption, and anti-spam offerings. Fathi lamented Microsoft had "missed a great opportunity" last time round.

What's the difference between the 32 bit and 64 bit kernel? And what does a 'tabernacle of security' mean?

I don't think there's a significant difference in DRM hardware between 32bit and 64bit systems. Why make the distinction? If they're going to secure Windows - why not secure Windows?

Re:I'm confused (1)

Sqwubbsy (723014) | about 8 years ago | (#16570036)

I am *so* not a kernel developer, but aren't there chip extensions on 64-bit systems, flags or something, that can be addressed to prevent 'mucking' which was not the case, or at least, not such that Microsoft utilized it.
I'm sure someone much smarter than me can say this better than what I think I'm saying.

*sips Scotch*

(And don't look at me, I'm just waiting for 64-bit MEPIS.)

Re:I'm confused (2, Informative)

maynard (3337) | about 8 years ago | (#16570090)

No. There are certainly register extensions to support 64 bit registers. And both AMD and Intel chips support greater than 32 bits of address space (neither support full 64 bit addresses - which would be gargantuan and unnecessary right now). The real issue is what DRM support is on the motherboard in order to hardware verify the signatures of whatever drivers are inserted into the kernel. This does not need 64 bits.

However -- I too -- am not a kernel developer. I've read through the linux and BSD kernel sources. And I've read the Tannenbaum book. But I don't claim to be able to write the stuff.

OTOH: I could use a scotch. (nudge nudge) :)

Re:I'm confused (1)

NeoSkandranon (515696) | about 8 years ago | (#16570144)

JMR's Rich Spicy One for myself. What's your pour?

Re:I'm confused (1)

MindStalker (22827) | about 8 years ago | (#16570046)

Mainly that it being 64-bit they are garunteed its a newer system and that they don't have to support a lot of legacy junk.

Re:I'm confused (5, Informative)

phantomcircuit (938963) | about 8 years ago | (#16570074)

The only way to run kernel code is drivers, 32 bit drivers are currently only sometimes signed. ALL 64 bit drivers must be signed, or they won't be loaded. This is why there is a distinction between 32 bit and 64 bit Vista.

Re:I'm confused (3, Funny)

ameline (771895) | about 8 years ago | (#16570078)

> And what does a 'tabernacle of security' mean?

It makes sense if you think of it in the typical French Canadian usage of the word Tabernac! :-)

Re:I'm confused (5, Informative)

Foolhardy (664051) | about 8 years ago | (#16570096)

The main reasons they aren't implementing the same thing in 32-bit Windows is because of "limitations of the 32-bit architecture" that apparently don't let them do what they want, and since a lot of programs already patch the syscall table in 32-bit windows, it'd break compatibility with a lot of software to change it now. Binary compatibility for drivers that patch the syscall table on 64-bit Windows isn't an issue because 64-bit Windows for AMD64 has always prevented syscall patching. They figure that the 32->64 bit change is big enough to pile on some more changes, like this.

This has more to do with system stability than it does for security. Many syscall interceptors are not multiproc safe or do bad things: if the computer bluescreens because of a poorly written syscall interceptor, Microsoft gets blamed for writing unstable software. The syscall interface is considered an internal interface, not to be tampered with by outside parties because its behavior has subtleties not documented, and could change. This is a technical enforcement of that policy.

Thank you! (1)

maynard (3337) | about 8 years ago | (#16570128)

Somebody mod that post informative. It actually answered my question!

Re:I'm confused (3, Informative)

TheRaven64 (641858) | about 8 years ago | (#16570294)

Actually, the 32-bit model is better in a lot of ways. One of the ways AMD 'tidied up' the x86 instruction set with x86-64 was to get rid of the four ring model and move to a privileged/unprivileged model. They also threw away the segmented addressing[1]. This means you can't run a driver in ring-1 or 2 with its own segment and prevent it from accessing the kernel's segment but still let it have direct access to a device, which is possible with IA32. Of course, Windows NT didn't use this model in recent releases (it might have done in the 3.5 days; I can't remember), but OS/2 and later versions of Netware did.


[1] By the way, the Wikipedia x86-64 article is horrendously biased, and just plain wrong in this area to such an extent that I can't even be bothered to fix it. Apparently Minix 3 is not a 'modern operating system,' and the creators of Xen do not fall into the category of 'modern' in terms of operating system thought.

Re:I'm confused (1)

maynard (3337) | about 8 years ago | (#16570422)

Isn't address segmenting a throwback to the old 8086 days anyway? I used to have to deal with 64kb segmented addresses back in the day, and I can say it was a horrible PITA. Or are you speaking to traditional paging segments?

Also, on the difference between privileged and unprivileged vs. multi-ring privileges, one could argue that bifurcated privileges are all that's needed.

(though I realize that you are arguing in opposition to that position)

Re:I'm confused (1)

Watson Ladd (955755) | about 8 years ago | (#16570488)

Well, you want an additional layer of containment between device drivers and the Operating System, but you also want to bar apps from sending things to devices directly.

Re:I'm confused (0)

Anonymous Coward | about 8 years ago | (#16570464)

> Apparently Minix 3 is not a 'modern operating system,'

When it comes to memory models and linkers, it isn't. It's not that Minix has do do everything the way Unix does, but it really fails to offer anything reasonably equivalent. As for Xen, virtualization through rings alone is no longer necessary due to the virtualization support that's built in -- having only unpriveleged/supervisor modes never stopped IBM from becoming the king of virtualization, and that's because they also supported it at at a much lower level.

That the 32 bit architecture enabled some gross hacks the likes of which were used by netware is hardly an intrinsic benefit. Any modern microkernel gets the same benefit as segments from page protection.

Re:I'm confused (1)

Foolhardy (664051) | about 8 years ago | (#16570518)

Windows NT didn't use this model in recent releases (it might have done in the 3.5 days; I can't remember)
It never did, and there were never plans to. NT 3.5 was written in C (minus the HAL and a few parts of the kernel, which are assembly), and was source-compatible with Alpha and MIPS, neither of which support more than two privilege modes. Cutler wouldn't let the kernel become non-portable enough to depend on multiple CPU privilege levels. The kernel is designed such that any kernel mode code can dereference pointers anywhere in the kernel's address space (at PASSIVE_LEVEL anyway), and the current thread's user address space (if any). Drivers often operate in the calling thread's context (from user mode), an arbitrary context or in a system worker thread. Most data is stored in the kernel's heaps, and when an object is created, there's no telling which drivers may need to access it in the future. It'd be quite a lot of work to marshall those arbitrary pointers across driver-segment boundries. Apparently, the current kernel designers thought it'd about as much work as just running the drivers in user mode, hence the new User Mode Driver Framework [microsoft.com] .

Re:I'm confused (1)

merreborn (853723) | about 8 years ago | (#16570112)

I think the answer is backwards compatibility. These changes will break backwards compatibility with many legacy 32-bit apps. However, I believe the assumption is that 64-bit users aren't expecting backwards compatibility anyway.

Nabbersnackles (1)

Ungrounded Lightning (62228) | about 8 years ago | (#16570152)

what does a 'tabernacle of security' mean?

Only the priesthood and those among the flock that they approve are allowed in.

Re:I'm confused (1)

WhoBeDaPlaya (984958) | about 8 years ago | (#16570424)

oh yeah, thank you (0)

Anonymous Coward | about 8 years ago | (#16570592)

that was a *big* help

Re:I'm confused (1)

Joebert (946227) | about 8 years ago | (#16570582)

And what does a 'tabernacle of security' mean?

Well, according to Google,
Definitions of tabernacle on the Web:
the Mormon temple

Which brings us to,
Definitions of Mormon on the Web:
the ancient prophet whose writings were revealed to Joseph Smith who founded the Church of Jesus Christ of Latter-Day Saints

Now, when I look at all of that, it starts to look like Microsoft is going to keep the secrets of their security locked up as tight as tight can be, BUT, some anonymous person with the last name Smith is going to get ahold of them via a rastafarian who wants mor-mon & spread them across the web.

In other words, Vista-64 is already doomed.

"Concessions to.." (5, Insightful)

MoriaOrc (822758) | about 8 years ago | (#16570026)

Am I the only one who read the line "Making concessions to Symantec and McAffee," and the first concessions that popped into my mind were "Just a little security hole here, buffer overflow there, ect."

I'm no fan of MS, especially when it comes to their horrible security track record. However, if they really can manage to get it right (or even significantly better) in Vista, they shouldn't be going and making concessions to the people who've been making a living off the things that were broken in their last OS.

Re:"Concessions to.." (0)

Anonymous Coward | about 8 years ago | (#16570278)

Except that they also sell the "OneCare" program.

Did you Care about your Os today? Will Care fore you ...

Just asking for more trouble (0, Troll)

Revek (133289) | about 8 years ago | (#16570032)

I remember back in the day I could always find a hole in any computer system microsofts black box policy wont prevent the determined hacker from finding a hole. The only question is will he just cause mayhem or will he sell it to someone who will profit off it.

Should surprise no one..... (2, Insightful)

ezratrumpet (937206) | about 8 years ago | (#16570034)

Microsoft wants to be responsible for its own security - more importantly, Microsoft wants to reap the financial rewards for becoming responsible for its own security. The personal home user will end up paying a bit more for lack of competition in security software, which won't matter to Microsoft - the real market is corporate sales.

Not to worry. (-1, Troll)

Anonymous Coward | about 8 years ago | (#16570042)

The only black box anyone here at slashdot is exposed to are $5 crack whores.

Priests huh? (1)

TubeSteak (669689) | about 8 years ago | (#16570052)

Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture.

There's going to be a kybosh on naughty developers mucking about with the 64-bit kernel; patching will be banned.
MS doesn't want any outsiders to see the priests molesting the kernel.

/Yes, I went there.

Re:Priests huh? (1)

amRadioHed (463061) | about 8 years ago | (#16570252)

That joke probably would have worked better if they were referring to Catholic priests.

Re:Priests huh? (0)

Anonymous Coward | about 8 years ago | (#16570504)

Well the kernel is getting kinda old now... 1987... so 19 going on 20. Frankly, the priests have probably moved on to fresher meat!

Good luck (1, Insightful)

gweihir (88907) | about 8 years ago | (#16570092)

Others have tried this before. Never works. Unless it uses trusted hardware, it can allways be run in emulation to facilitate analysis.

If it uses trusted hardware, then it will have other serious problems, like making virtualisation hard or impossible, something that could make it fail entirely in the market.

This tough act is just a smokescreen for something else. Hmmm. Do they think they could get around some (e.g. EU) interoperability requirements that way?

Not trying to be a troll... (1)

AltGrendel (175092) | about 8 years ago | (#16570312)

...but could you cite some examples?

TIA!

Sounds like security by obscurity (5, Insightful)

49152 (690909) | about 8 years ago | (#16570106)

Isn't this just another variation of security by obscurity?

Which everyone by now should have learned does *not* work.

"Sounds like security by obscurity" is good (2, Insightful)

AHumbleOpinion (546848) | about 8 years ago | (#16570168)

Isn't this just another variation of security by obscurity? Which everyone by now should have learned does *not* work.

Actually it does work. Where people go wrong is using it as their sole security measure. In concert with various other good practices obscurity is good.

Re:"Sounds like security by obscurity" is good (1)

49152 (690909) | about 8 years ago | (#16570420)

Depends on how you define "it does work".

If you define it as "would prevent black hats from finding security holes" then computer history proves you to be horribly wrong. It may in some circumstances make the job harder and slow down the attackers but it WILL NOT prevent them.

The opposite model "disclose everything" - has a much larger chance of succeeding in the long run. Simply because if the security model is well understood and scrutinized by a large number of professionals it has a much bigger chance of getting implemented correct (eventually).

The cryptographers have understood this a long long time ago, that is why no serious cryptographic systems are based on the premise that the algorithm must be kept secret.

Re:Sounds like security by obscurity (1)

gweihir (88907) | about 8 years ago | (#16570174)

Isn't this just another variation of security by obscurity?

Which everyone by now should have learned does *not* work.

Looks very much like it. Reinforced by some chest-thumping and bluster. Maybe they hope they can scare hackers off....

Re:Sounds like security by obscurity (1)

Keeper (56691) | about 8 years ago | (#16570324)

Since when is implementing logic which prevents mucking with internal kernel structures "security by obscurity?"

Re:Sounds like security by obscurity (0)

KarmaMB84 (743001) | about 8 years ago | (#16570336)

Combined with active protections from tampering...no. I really wish the zomg "security by obscurity" buzz phrase would just die. If you think about it, anything but blocking physical access or requiring bullet proof biometric authentication is security by obscurity. Hiding behind passwords and encryption keys is no different.

Re:Sounds like security by obscurity (1)

49152 (690909) | about 8 years ago | (#16570536)

Bullshit. If this is what you come up with by "thinking about it", one can only hope you do not work in an area where security actually matters.

There is an enormous difference between for instance an encrypted password algorithm where it is well understood (usually on a mathematic basis) *why* it will take an exceedingly long time to crack it and simply trusting on the bad guys not to discover where we hid the password.

Re:Sounds like security by obscurity (2, Insightful)

misleb (129952) | about 8 years ago | (#16570438)

Preventing programs and drivers from tampering with internal OS structures is not security through obscurity any more than preventing people on the internet from accessing your computer directly (firewall) is security through obscurity.

-matthew

Re:Sounds like security by obscurity (1)

49152 (690909) | about 8 years ago | (#16570586)

If that is what they are doing, then yes you are correct.

Assuming they do not botch the implementation as they have done before (see the Xbox boot loader for a good example). However I find the article very vague on the actual technical details.

For God's sake... (1)

$RANDOMLUSER (804576) | about 8 years ago | (#16570116)

Don't open it! Remember what happened to Pandora!

Re:For God's sake... (0)

Anonymous Coward | about 8 years ago | (#16570486)

I once knew a girl named Pandora, but she never let me see her box.

(great movie if you can ignore the "stars" and main plot line, btw. The supporting cast and side stories were great)

Re:For God's sake... (1)

winomonkey (983062) | about 8 years ago | (#16570492)

What, it [pandora.com] became a pretty nifty streaming media service?

Let evolution take it's course (0)

Anonymous Coward | about 8 years ago | (#16570126)

Symantec and McAfee should just concentrate on other OS's and leave MS to the wolves as they seek obscurity by security.

Joe Blow (5, Funny)

Ice Wewe (936718) | about 8 years ago | (#16570134)

64-Bit Vista Kernel Will Be a "Black Box"

Microsoft also warned 32-Bit users to be careful, because if you run the 32-Bit version, you're screwed

"Our old stuff was crap" (2, Insightful)

EmbeddedJanitor (597831) | about 8 years ago | (#16570284)

Yup. Like parent, I detect MS putting a PR spin on this. They've done this often enough in the past - telling people that the old stuff was crap to get people to but the new.

Given that Joe Public no longer believes MS has control over security, they need to build some new mental images to sell. 64-bit black boxes sound pretty solid.

except that tabernacles are open (0)

Anonymous Coward | about 8 years ago | (#16570148)

In the past, the church tightly controlled access to religious texts.

Of course such suppression can not live forever. ... someone please finish this post.

Re:except that tabernacles are open (1)

AHumbleOpinion (546848) | about 8 years ago | (#16570244)

In the past, the church tightly controlled access to religious texts. Of course such suppression can not live forever. ... someone please finish this post.

Of course such suppression can not live forever, but if the information being protect has a short enough lifespan/relevance then suppression works. The "freeing" of the information being merely academic rather than effective.

Hey, one vague tangent deserves another. :-)

finished (1)

GeorgeS069 (956679) | about 8 years ago | (#16570376)

...and they all lived happily ever after...The End

Sayonara, Symantec (5, Insightful)

Cid Highwind (9258) | about 8 years ago | (#16570334)

There's going to be a kybosh on naughty developers mucking about with the 64-bit kernel; patching will be banned.


If it will stop crapware like StarForce and the Sony rootkit from sneaking extra drivers in, bring on the kibosh. People who want to tinker can use one of the fine Open Source operating system kernels [kernel.org] that run on 64-bit Intel machines. Those that just want to play games or run Office can feel a little bit safer from malware.

Sorry Symantec, but after dealing with the disaster that is Norton Internet Security, I won't shed a tear when I read that you've filed for Chapter 7.

Re:Sayonara, Symantec (1)

drsmithy (35869) | about 8 years ago | (#16570646)

If it will stop crapware like StarForce and the Sony rootkit from sneaking extra drivers in, bring on the kibosh.

Unlikely. Those developers will simply get their drivers signed so they are allowed to load.

Adoption of Vista 64-bit (3, Insightful)

postmortem (906676) | about 8 years ago | (#16570338)

Will not go very well, at least in beginning. This enhanced security won't sell it. There won't be drivers for some existing stuff ever. Seems that MS wants to push this version and keep 32-bit as legacy, but in the end when end user can't make it work as well as 32-bit, it is just going to slip and create confusion. In long run it may pay off, when systems and components are designed for 64-bit, until then, 32-bit will be preference. I wonder if any of corporate users are going to put 64-bit on employeees workstations in upcoming months -it seems as a big risk without much gain.

Why is Microsoft even bothering.. (5, Interesting)

flummoxd (1017734) | about 8 years ago | (#16570348)

..to release a 32-bit version of Vista?

Every week, I hear about a new thing that will "only be in 64-bit Vista". First it was HDTV content only on 64-bit [slashdot.org] for DRM reasons. Now, we're hearing the reasoning that Windows will be more secure if we don't let third parties in the kernel. Fine, whatever. If we were to assume that makes it more secure, then so be it.

But why bother to release an inferior 32-bit version? Under the presumption that closing the 64-bit kernel off will make things better, why not use the same strict security policies in 32-bit? Surely, there can't be any technical reason for all of this. It's all marketing, right? ("Microsoft recommends a 64-bit PC.")

Or is there some real reason why it feels like 32-bit Vista and 64-bit Vista are two entirely different operating systems?

How to patch the kernel anyway (4, Interesting)

Beryllium Sphere(tm) (193358) | about 8 years ago | (#16570352)

Joanna Rutkowska gave a talk about this at Blackhat. Take a program in usermode but with administrative privileges, force the kernel to get paged out, edit the pagefile.

In a recent blog entry, Rutkowska criticizes Microsoft's response to the pagefile attack [blogspot.com] . Boiled down, it amounts to the problem that as long as a disk utility can run, someone can still edit the pagefile. Her preferred fixes would have been encrypting the pagefile or simply not swapping the kernel. NetBSD's Elad Efrat suggested simply hashing the kernel for integrity checking.

The article is filled with such great lines! (5, Insightful)

Psykechan (255694) | about 8 years ago | (#16570360)

For 32-bit versions of Vista, it'll be mostly as you were on security
Translation: You're screwed! Upgrade to 64 bit ASAP (P.S. some of your software won't work)

Defender has already become the most popular download ever from Microsoft
If I was MS, I certainly wouldn't brag about anti-malware being the most popular application.

referring to third parties being able to patch 64 bit Vista - "It's just not the way the box was designed...we're putting a stop to that."
Great. What happens when MS doesn't quickly put out a patch... no choice on using the good samaritan patches anymore, you just have to sit and twiddle your thumbs.

referring to ever being able to secure 32 bit Windows - "That train has left the station."
I think it's more like the Windows train has left the station. Why bother to convert to 64 bit Windows? Switch to something else as soon as possible.

It's a matter of trust (4, Interesting)

UnknowingFool (672806) | about 8 years ago | (#16570362)

Microsoft will operate 64-bit versions of Windows Vista as a tabernacle, with the kernel as the holy of holies, where only its own high priests of security may venture."

I think the crux of debate will be what MS considers its own high priests. If that means MS security products that compete with Symantec and McAfee, then the two vendors have a legitimate gripe that MS is using its monopoly power to lock them out. MS has said that its security products will not have access to undocumented APIs, but how much do you trust MS at their word? I don't trust them that much because I think MS still plays dirty. As recently as the Burst lawsuit in 2004, you can still see MS is refusing not only play fair but abide by court orders: Both parties were told to disclose emails as part of discovery. Burst.net discovered that not only did MS destroy emails but it was the policy of a multi-billion dollar company not to retain any emails over 30 days. And Burst listed out the many ways the company actively followed this policy. [groklaw.net]

Great (1)

SQLz (564901) | about 8 years ago | (#16570398)

Now even Microsoft is catering to the right wing religous fanatics.

no, no, no (4, Funny)

circletimessquare (444983) | about 8 years ago | (#16570402)

everyone got it all wrong

the os isn't a black box, the os needs a black box

you know, for when it crashes

The holy of holies! (1, Interesting)

Anonymous Coward | about 8 years ago | (#16570444)

I wonder if the "holy of holies" reference is a deliberate evocation of "The Cathedral and the Bazaar"? http://en.wikipedia.org/wiki/The_Cathedral_and_the _Bazaar [wikipedia.org]

The Cathedral and the Bazaar is an extended essay that says that the proprietary development model (the cathedral) cannot compete with the open source model (the bazaar). The reason is not price, it is quality. Because of the number of eyes available to look at open source code, it will be less buggy than its proprietary cousin.

Given the delays in the introduction of Vista, I would say there is some evidence that ESR (Eric S. Raymond the author of CatB) is right.

More things change... (1)

djupedal (584558) | about 8 years ago | (#16570540)

...the more they stay the same.

"...where only its own high priests of security may venture."

The concept of 'programmer priest' came about when mainframes ruled. You were not allowed direct access to your data. You had to present your request to the men in white lab coats and wait for the proper circumstances to occur before, even frequently if, you were deemed worthy of receiving an 'output'.

Today, we continue to hear the phrase 'information wants to be free'. MS, having yet again painting itself into a business model corner, simply shows it hasn't learned how to play nice outside the sacred shelter of the priests private club.

Aw, yeah, it's time for the Ballmer Boogy! (1, Funny)

XNine (1009883) | about 8 years ago | (#16570546)

DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! DEVELOPERS! *gasp!* DEVELOPERS! *cough cough cough* *gaaaaaasp cough* can't... breath... must.... go on....
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?