Microsoft Defends Win 7 Security After Pwn2Own
Microsoft compared Windows 7's security measures to a fire-proof safe.
Last week we reported that during Pwn2Own, two hackers were able to sidestep Windows 7's data execution prevention (DEP) and address space layout randomization (ASLR), and hack into Internet Explorer 8 and Firefox 3.6. One of the hackers, Peter Vreugdenhil, a freelance vulnerability researcher from the Netherlands, said that he used "fuzzing" to uncover two vulnerabilities in a fully-patched version of 64-bit Windows 7.
"I started with a bypass for ALSR which gave me the base address for one of the modules loaded into IE. I used that knowledge to do the DEP (data execution prevention) bypass,” Vreugdenhil said last week.
Days later, Pete LePage, a product manager in Microsoft's Internet Explorer developer division, came up to bat for IE's Protected mode, DEP and ASLR in a recent blog, saying that defense-in-depth techniques aren't designed to prevent every attack forever. Instead, they're in place to make it that much more difficult to actually find and exploit a vulnerability.
"One way to think about what defense in depth techniques do is similar to the features offered by fire-proof safes that make them last longer in a fire," LePage wrote. "Without defense in depth techniques, a fire-proof safe may only protect its contents for an hour or two. A stronger fire-proof safe with several defense in depth features still won't guarantee the valuables forever, but adds significant time and protection to how long the contents will last."
Apparently the "safe" isn't all that thick. Vreugdenhil said last week that the Windows 7 defenses weren't hard to overcome, taking at least six or seven days to "get everything to work." While he didn't specify the exploits he used to bypass DEP and ASLR, Vreugdenhil released a white paper explaining how he sidestepped Windows 7's security. The PDF file can be downloaded here.
Vreugdenhil will disclose the exploits once they have been addressed by Microsoft.
- AMD Launches 8 and 12-Core Opteron CPUs
- PC Makers Announce Fermi Gaming Machines
- VIDEO: Modern Warfare 2 Spread to Six Screens
- Steve Jobs Named 'World's Most Valuable CEO'
- DISASSEMBLED: Nintendo's DSi XL
- Sony Kills Off Linux Support in New PS3 Update
- USB Storage Coming to Xbox 360 April 6
- AMD Brings Phenom II X6, Eyefinity6 to PAX
- PAX: What Gamers Think of Nvidia's GTX 480
- Warner Bros. Looking to Hire Secret Pirate Spy
- The Witcher 2 Officially Announced: Dev. Diary #0
- Valve: Next Half-Life Game Needs to be Terrifying
- iPhone Hacker: I'll find a Way to Keep Linux on PS3
- Xbox 360 Flash Drives: $40 for 8GB, $70 for 16GB
- VIDEO: MSI Prepping 24-inch 3D AIO PC
- Gaming Notebook Has Touch, Full HD, Core i7
- WD's New 750 GB 2.5" HDD On The Way
- Intel Launches Eight Core, 16 Thread Nehalem-EX
Unless they were able to break into kernel space with these exploits, or perform a privilege escalation, it's not a Windows vulnerability.
The weakest link in any PC's (Mac's are PC's...they are just more delusional) security is between the chair and the keyboard.
So long as they keep patching I'm happy enough with Windows security. Every security will be bypassed at some point.