<body><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d7479606163476751976\x26blogName\x3dPC+Topics\x26publishMode\x3dPUBLISH_MODE_BLOGSPOT\x26navbarType\x3dBLACK\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://pctopics.blogspot.com/search\x26blogLocale\x3den_US\x26v\x3d2\x26homepageUrl\x3dhttp://pctopics.blogspot.com/\x26vt\x3d-3250569260821294010', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>

PC Topics


Latest news...

New Security Feautures of Windows Vista in System and Kernel Mode

Saturday, July 7, 2007

Author: Mojtaba Sadeghi

Section 1: Security Development Lifecycle

The Security Development Lifecycle technique or SDL is a professional process that helps for making sure that the software are built from the base to reduce security risk. The SDL implements a professional process of secure design, coding, implementing, testing, review and response for all Microsoft products specific windows Vista. The SDL removes the surface area for attacks, improves operating system and application be bugless, and helps organizations high securely management and isolate the network.

We can say that The Windows Vista is the first client operating system to be Designed and developed from the first step to finish using SDL.More than 1,000 threat models were developed for Windows Vista to ensure identification and reduse of risks in different parts of the operating system that required especial testing.

Section 2: Kernel Patch

The most important security issue is out "operating system kernel". These rootkits are usually very useful for unwanted software, like spywares. Kernel patch Protection of rootkits can reduce the Risk and increase stability, reliability and performance in the system, include all User data and programs. Handling of these problems were very difficult before, because 32-bit Windows drivers like windows XP are not identified and compatible with digital signature and It has Unsupported and poor kernel. Windows 32-bit security products that provide blocking action capabilities modify the kernel through unsupported techniques .

Although the computer system moves from 32-bit to a 64-bit architecture but the smaller installed base of 64-bit software makes it possible to making significant enhancements for security in the kernel and reduce the potential for rootkits .

What is Kernel Patching?

Kernel patching is the practice or trying for using unsupported methods or features to change or replace of kernel code. Kernel patching can have different result in behavior during system instability and performance errors and problems such as the Blue Screen error that we know it can reach to lost user data. another issue that is very important in kernel patching is increase the mechanism versus malware developers and attackers for Windows Vista Operating system.

The biggest risk in kernel patching is about virus and spyware writers that use this technique with malicious for hiding their presence and effects.

Of course Malware authors are motivated for patching the kernel because That's a powerful and great mechanism for attacking the computers and data.

What is Kernel Patch Protection?

There are many features of security in Windows Vista. But I want to emphasize Kernel Patch Protection is not one of them. I mean Kernel Patch Protection created in x64 CPU architecture versions and Microsoft used it in Microsoft Windows Server 2003 SP1 and Windows XP Professional. but it not supported in x86 architectures or 32-bit systems. With increasing of using of 64-bit computers, the Vista users will see more benefit from this technology. Actually Kernel Patch Protection monitors and looks if any resources used by the kernel or probably kernel code has been changed or modified by itself. Fortunately If windows vista detects or feels any unauthorized patch of data or code it will shut down the system automatically. But we should consider that the Kernel Patch Protection can not prevent all viruses and malware . It can prevent one way versus attackers to system.

Section 3: Encrypting File System improvement:

We can say that The Encrypting File System or EFS is best tool for encryption of files in client and server computer. It helps users to protect their data from Unreal and unauthorized access by other person or computer or external attackers. In Windows Vista EFS includes many new security techniques and features.In Vista, EFS Technique supports "user keys storing" and also administrative keys on the smart cards. If smart card uses for login, EFS will operates in a Sign On mode, where it uses the login smart card for file encryption without require for the PIN. In windows vista through the process of creating and setting smart card keys performs their files from an old smart card to the new smart card . The utility program for smart card has these features as well.

EFS is available in Windows Vista Business, Enterprise and Ultimate.

Section 4: USB Device and Removable Devices Control:

As we know , connecting between Devices with computer is very usual in these days and users should have the ability to add new hardware to the computer or use USB Devices or another removable storage devices.It can create two problems in system: First it may make harder
to maintain the computer when we install any unsupported device, and second it can create threats to data security as well. with a USB Device or removable storage, with “autorun” technique can use by an attacker to install malwares or any malicious software on an
unattended system.

Fortunately Windows Vista manages or blocks the installation of unsupported or unauthorized parts or devices. These security configuration can applied independently on a client computer, or in numbers of systems in a network. Administrator has a lot of power for setting these policies and controls in Windows vista. We can say that the Group Policy settings are available special for manage and control for reading and writing action in removable storage devices like USB
Devices as a per user or per system base.

Section 5 : Windows Defender

As we know in these years spyware and other unwanted software like adware, bots and rootkits create big problems for systems and users.The progress of job for these type of software is Usually they installed without a user’s knowledge or confirmation and they can damage or corrupt personal information and passwords and send them to third parties without the user's permission.

Microsoft Knows that it is very important for users to use anti-spyware protection in system. As customer choice, Microsoft supports users for having choice about what program install and run on their computer or from where it came or what it does and how we can to remove that.Based on these discuses and users complains about spyware, Microsoft decided to create and use anti-spyware solution or Windows Defender in Windows Vista. In fact Windows Defender will help for protection and remove spywares, adwares, rootkits, control utilities and such these things that we call “malware.”

In Windows Vista, Windows Defender helps us for protection of unwanted application and software installation. It prompts and monitors different aspects of OS when feels it abused by malware , like the Startup folder in windows and the registry file. If any software to attempt for changing to one of the protected areas of the Vista , Windows Defender prompts and appeara a message the user for allow or reject that changes.Good news , Windows Defender is available as a free download plug ins for licensed customers of Windows 2000, Windows XP and Windows Server 2003.

Section 6 : Windows Firewall

Most of Windows XP users used from Firewall. A firewall is a critical first line for defense versus huge kinds of malware before they can enter to user’s computer or our network.

When Microsoft XP released in the first version of that the built-in firewall be turned off by default. The reason was because of compatibility with some applications or probably third-party firewalls. Based on that Microsoft released the Windows XP with the disabled Firewall by default. Naturally , a lot of customers and users did not get any benefit from firewall protection whenever any network worms arrived to their computer.

Windows Vista Firewall

Base on this experience and for prevent of such events, naturally the firewall in Windows Vista should be on as a default and also compatible with another software. because of that the Customers who want to use a third-party firewall can turn off the built-in firewall easily.

It means the firewall in Windows Vista will turn on by default at the beginning when Windows starts for user protection. Another issue is that the Windows Firewall in Windows Vista also allows the administrator of network or single system to block some applications as a peer-to-peer sharing softwares or instant messaging softwares that usually nobody like them.

Section 7: Protecting the Kernel of Windows in 32-Bit vs. 64-Bit

Microsoft as a designer and developer of Windows vista tried the best for create more reliable and more secure product from attacks. In fact in basic level, It means that the design and development of kernel mode code in Windows Vista needs to have a security-focused design and development, and then test and release.

As I Mentioned Microsoft has been started this Method since 2002 Under Security Development Lifecycle (SDL) progress. The Microsoft development team had an important and clear goal for improving the reliability and security in new product . As a producer It has a risk because of application compatibility should considered in during security platform. In 32-bit windows mostly Windows XP there is , over time, third-party developers used unsupported in a lot of applications that used by users. Actually to simply using unsupported and undocumented interfaces , there is a technique that called "kernel patching” . I emphasize here that kernel instructions and data structures are responsible directly for manipulating to modify , change and control of system behavior.

Windows 32-Bit Architecture in Kernel and User Mode .This technique is very useful for prevent with malwares but even without malwares the using of this technique can introduce instability and stability in the system.Advantage of supported interface is that If this kind of interface is used,and changed the developers are informed about that From Microsoft documents and he/she can update their code for handle the changes. In other hand , the changes to undocumented and unsupported interfaces can not tracked and will reach to crashes or other unexpected problems and effects when the kernel patching technique is used.

Unsupported patching techniques usually will patch the undocumented kernel interfaces and naturally without introducing this side it can reduce security in the system. When some Software and Program packages try to chain together to using of unsupported patching techniques these issues will be important.

For example, some times the order of calls from a package to next package is undefined, the
same as its behavior when we want remove one package from that chain. This kind of problem is too complex and it can lead to other subtle problems that are very difficult to diagnose and mostly it happen frequently. Although , these techniques will be bad computer science and techniques practice, and we can say it does not support most of computer science engineering disciplines.

With malicious or malwares , rootkits can be much more dangerous, because of allowing malicious program for hiding and protecting itself while controlling and monitoring all user, as well as controlling access and performing to all software, files, and connecting to network and even hardware. These activities of malwares can do to online theft for passwords of banks or IDs.

Unfortunately, making compact or zip for kernel of 32-bit systems would have a risk for some attack techniques. but for reduce this compressing and risk rate Microsoft decided to implement and improve these changes in 64-bit Windows. Because of that we have “clean start” state in Vista with native 64-bit drivers and all software adapted to these changes.

Section 8: What was Vista security holes?

As we heard Kaspersky Anti Virus Company is one of the best company for prevent of Malwares and Viruses in these days. Their experts Labs have predicted more that 90% of current and distributed of malware will run on Windows Vista.

We believe now that Vista appears to be much more secure than previous Windows XP but The researchers warned to Microsoft and users that as Vista becomes more popular in these days and it should increase protection of kernel vs hackers.

As we know the first pieces and parts of any operating system would be attacked by attackers. It should be PatchGuard that protects the Vista kernel that we talked about that.

Although the first thing as a aim can be the technology that it take access to the kernel of operating system more difficult.

PatchGuard as we said or kernel protection tries to prevent or protect the Vista kernel from illegal access and unauthorised user or softwares. It can lock the system completely if it detects any risky patch or code.

Unfortunately some hackers could try to install malware to the kernel of vista in the test stage by using new method. Actually as a drivers they ran their software in kernel space of vista.

Section 9 : New Security vs. Convenience Usability

Sometimes with appearance of new features some of advantages will be lose.in fact One of the basic issue in security designing is keeping fair between security and usability. We can say If the security is too complex, then usable simply will be gone.

If a feature offers very good level of security protection level , if it is much more complex or it has poor design of usability it will be disabled by users or administrator of systems. When microsoft engineers and designers underestood that Windows Vista is very secure , they tried to create security capabilities and they enabled by default for usable enough for users for prevent of inconvinience. It's great when you know the risks decrease by adding new security features and you can use as well as before or may be appear easier to use .

That was very hard and expert balance that you know How many softwares or applications will be need harder security and how many users wants to turn off security feature if their usability comes down?One of the great new thing in Windows Vista is User Account Control or UAC. In fact UAC is a "standard user that works" or "non-administrative user that can actually do things." For doing some things such as change the local time zone on the windows XP , you had to have local administrator level.

It means we can say everyone did a login account to system he or she was a member of the local administrators level.

But in Windows Vista, one of the main goal of User Account Control was to protect users from attack of malware or another users. To achieve that goals for Vista, they defined a standard user for all end-user that they wanted to get their changing , but for protect some user that they really need to be an administrator from something bad and risky. Totally The primary aim of microsoft was to protect the system from user with malicious and some users that they want to illegal access.

Section 10: Windows Defender

For that when you want to see the usability of vista , the first thing may be that the system asked too frequently for permission. Microsoft before release of vista also worked and contacted with application and software vendors to making sure that they do not require elevation and verificatin from administrators side except whenever it is necessary.

Another example for comparing convenience versus security is the policy and strategy for enabling Data Execution Prevention or DEP in Vista. In fact DEP treats data as data even code as code, and then it blocks execution stage. The benefit of this is it allows the data buffer to be overrun with DEP, so it is harder for attacker to execute the malware codes that was placed already in the data buffer.

DEP is turned on in vista by default for the kernel Mode and it is an excellent technique for protecting parts in the system mostly Internet Explorer. The problem is that it turns out that a third-party add-ons that generate a dynamically code and store that code in the data buffer and there is no way for DEP to diagnose between this add-ons and malware. It mean we have more security or we can select application compatibility issues.


Windows Vista can make our job easier and more secure our system. If we are a systems engineer or expert , surely we will find it nearly for develop to high level secure client platform. For nonprofessional users I think there is a little problem for using windows vista just for unsupported some programs that they probably need and some hardware as well. From security point of view with these terms that I explained , windows vista is really one big successfully for Microsoft.

Because by using of Security Development Life Cycle, Kernel Patch Protection , Encrypting File System, Preparing security for USB and Removable Device, Windows Defender ,Windows Firewall and a lot of techniques that Microsoft never pulished that it's too hard attacking and cracking and any abuse of probably holes in this product.I recommend to everyone for installing from today and enjoy from the latest operating system in the world.

Article Source: ArticlesBase.com
About the Author:

Published By: Mojtaba Sadeghi
Master of computer Engineering in Software
IAU University
Date of Publishing: July 2007

Labels: , , , , , , , , , , , , , , ,


© 2006 PC Topics | Blogger Templates by Gecko & Fly.
No part of the content or the blog may be reproduced without prior written permission.
Make money with Google AdSense :