[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Insecure by design



On Mon, 2003-08-25 at 18:42, Jonathan wrote:
 Interesting article here from the Washington Post:
> http://www.washingtonpost.com/wp-dyn/articles/A34978-2003Aug23.html
> EXCERPT:
> "The usual theory has been that Windows gets all the attacks because almost
> everybody uses it. But millions of people do use Mac OS X and Linux, a
> sufficiently big market for plenty of legitimate software developers -- so
> why do the authors of viruses and worms rarely take aim at either system?"

Yeah, by design Windows favors usability over security. Until Microsoft's
Chief Architect realizes the tail chase that attitude creates and resolves
to strip away "features" like auto-execution, Windows will always be "not
quite secure".

As bad as this may be, there is an even more ominous time bomb ticking
under Windows' bonnet. It takes a bit of preliminary explaining to
understand. At its core, Windows is simply a Win32 API engine. Windows
applications and services are nothng more than one API call after another:
they load up a full set of parameters, call Win32, and repeat.  The
architectural vulnerability is that there's only one execution queue for
all Win32 calls, no matter what the priviledge level of the calling
program. In that API queue you'll find calls from processes belonging to
all classes of users. Calls for system processes are intermingled with
calls for user processes.

Imagine what would happen if an attacker with ordinary access could gain
access to that API call queue, and in particular an API call issued by a
processing running with system level access. If the attacker substitutes
the contents of that call with parameters of his own, he can now do
anything that system level process can do. So much for security rings.

What's really scary about this is that all versions of Windows -- ALL
versions -- share this single execution queue architecture. If it is ever
compromised, there is no work-around. The security of the whole world's
Windows installed base would be reduced to "please don't attack me".

--Doc Savage
  Fairview Heights, IL




-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.