Hack Expert Says Windows 7 is Hard to Hack
Windows 7 is harder to hack than Apple's Snow Leopard--mainly due to Flash being installed by default on SL.
Security expert Charlie Miller has participated in the Pwn2Own contest over the last two years, and has won both times. Held in the CansecWest Conference in Vancouver, British Columbia, Canada, the contest challenges contestants to find "big bugs" in web browsers, operating systems, and even in mobile devices. With the 2010 conference just around the corner (March 24), oneITsecurity conducted an interview with the champ and asked Miller which was harder to crack: Windows 7 or Snow Leopard?
"Windows 7 is slightly more difficult because it has full ASLR (address space layout randomization) and a smaller attack surface (for example, no Java or Flash by default)," he said. "Windows used to be much harder because it had full ASLR and DEP (data execution prevention). But recently, a talk at Black Hat DC showed how to get around these protections in a browser in Windows."
He also added that a safe browsing combination would be to use Chrome or Internet Explorer 8 on Windows 7, however he said that there isn't enough difference between the two browsers to "get worked up about." But he did emphasize that Flash not be installed no matter what browser or OS is used by the consumer.
The interview also covered exploits on game consoles. As the interviewer points out, the devices are in our living rooms, in our dens and offices, yet there are still few exploits and vulnerabilities discovered. Why aren't security researchers working on finding exploits on these devices? Because there are more PCs, and game consoles don't need to be connected to the Internet.
"I’ve had Wii for a year or so and its never been on the Internet," Miller said. "Its hard to remotely attack the box when you can’t get packets to it :) Also, computers, and phones to a lesser extent, are designed to be customized, to download and use/render content from the Internet. This is where vulnerabilities exist and exploits are created. Game consoles don’t do this as much so the attack surface is much smaller. The final reason, is it is hard to do research on them. Its not easy to get a debugger running on an Xbox, for example."
To catch the full interview, head here.
- VIDEO: Skinput Uses Your Body as a Touchscreen
- Leading Intel Executive Suffers Stroke
- Corsair Launches Reactor, Nova SSDs
- Activision Shuts Down Indie King's Quest Sequel
- Aliens: Colonial Marines Back in the Picture
- Plextor Jumps Into SSD Fray With 64GB, 128GB
- Intel Introduces Faster Atom N470 at 1.83 GHz
- The Beginning of the End for Windows 7 RC Users
- Computer Inventor Finds Computers "Annoying"
- Windows 7 Tablet Gets CPU Upgrade, More
- DoomBOX Makes id's Classic Shooter Portable
- AMD Launches 6 Core CPU-ready 890GX Mobo
- More Star Trek Games On The Way
- Microsoft Shows Über-cool Mobile Touch-Surface
- CryENGINE 3, Crysis 2 to Feature Full 3D Support
- Asus' Elusive Eee Keyboard Slips to April
- Ballmer: Microsoft Will Beat Google Eventually
- MSI's Toast PC Doesn't Do Your Bread
I understand the security implications of installing Flash, but given that so many websites use Flash, how are you supposed to have a reasonable web experience without it?
I understand the security implications of installing Flash, but given that so many websites use Flash, how are you supposed to have a reasonable web experience without it?
You can't its real bad. I used two monitors and I have to hack a dll to stop it losing focus on the second monitor when i want to watch a video and does somthing else at the same time.
It really is terible software. Bring on HTMLv5!!!
Bring on HTMLv5!!!
Will HTMLv5 be inherently more secure though?
Will HTMLv5 be inherently more secure though?
As secure as the browser running it. That will at least allow the security to be in the hands of the user, not the "one plugin to rule them all".