If every computer had antivirus software running, life would be tough
for bot herders and cyber crooks. Their ability to orchestrate spam campaigns
and denial of service attacks relies on a plentiful supply of unprotected
computers. Windows 8 will
put the squeeze on those creeps. It has antivirus protection built right in,
enabled by default if no other antivirus is present. But the new security
features at the very deepest level may be even more significant. To understand
what Windows 8 adds, we need to look back at the evolution of operating system
security.
The Story So Far
COM file programs for the original MS-DOS were laughably insecure by modern standards. DOS simply copied the program byte for byte from disk into memory and started it running. It made no distinction between code and data, so a buffer overrun attack could easily force execution of arbitrary code. Early file-infector viruses simply appended their own code to the program's end and replaced the very first instruction with a jump to that code.
COM file programs for the original MS-DOS were laughably insecure by modern standards. DOS simply copied the program byte for byte from disk into memory and started it running. It made no distinction between code and data, so a buffer overrun attack could easily force execution of arbitrary code. Early file-infector viruses simply appended their own code to the program's end and replaced the very first instruction with a jump to that code.
The
EXE file format, still in use today, isn't quite as open to manipulation. It
does distinguish between memory areas used for code and those used for data.
Windows XP SP2 introduced Data Execution Protection, which ensures that a
memory area marked as data will never be executed. (Note, though, that it's
possible for a hardware backdoor attack to
disable this feature).
Even with these enhancements,
malware writers managed to craft attacks that could inject arbitrary code into
trusted processes. Address Space Layout Randomization (ASLR), introduced with
Windows Vista, made those attacks tougher by making it impossible for an
attacker to predict where in memory a given code module would load.
Windows
8 Toughens Up
Despite all these protective features, malware attacks can still succeed in Windows 7. Windows 8 will block many such attacks by toughening up at the very deepest level—memory allocation. Many low-level memory functions have new safeguards in Windows 8, rejecting invalid input and adding a degree of randomness. "Guard pages" before and after in-use memory chunks prevent attacks that work by writing beyond the end of allocated memory. A new "Fast Fail" function lets a program terminate instantly if it detects memory corruption.
Despite all these protective features, malware attacks can still succeed in Windows 7. Windows 8 will block many such attacks by toughening up at the very deepest level—memory allocation. Many low-level memory functions have new safeguards in Windows 8, rejecting invalid input and adding a degree of randomness. "Guard pages" before and after in-use memory chunks prevent attacks that work by writing beyond the end of allocated memory. A new "Fast Fail" function lets a program terminate instantly if it detects memory corruption.
Windows keeps track of free and
in-use memory chunks using a structure called a doubly linked list. Each chunk
has an entry in the list with links to the next entry and the previous entry.
Various attacks take advantage of this structure by changing the entries so
they link to malicious code. That won't work in Windows 8, though, because the
pointers are protected.
ASLR
makes it tough for an attacker to predict where a given code chunk will load in
memory. Windows 8 also randomizes the allocation of smaller memory blocks
within memory heap sub-segments. "Random" numbers generated by a
computer aren't random in an absolute sense, but in Windows 8 the random number
algorithm is very much enhanced over Windows 7.
A
Black Hat briefing by researchers Chris Valasek and Tarjei Mandt delivered an
amazing level of detail about these and many other security enhancements found
in Windows 8. Thepresentation slides and full paper are available online, for those with
the chops to understand them. The overall point of these low-level security
enhancements is to let Windows 8 perform its tasks efficiently while resisting
all memory modification by external processes.
Windows 8
isn't totally hack-proof. Valasek and Mandt detailed a number of areas that
could still be vulnerable. After the briefing, I asked Valasek whether we'll ever see a totally hack-proof
operating system. His response: "No, that doesn't exist. Not as long as
humans are writing the code." Even so, he noted, any attack or exploit
that worked under Windows 7 will fail against Windows 8.
Source PcMagazine
Get more here
Written by thecodewhiz
Thecodewhiz is a tech savvy internet enthusiast,Designer,ICT Support Specialist, amatuer Dj and Photographer who loves sharing information.Find Technology tips and tricks and more here...
0 comments:
Post a Comment