|
|
The following is a short discussion of a keynote by Bill Gates on the security measures Microsoft will take during the next one or two years to improve security. Security of what? In the same month Gates made a speech at a security conference in Munich where some new cooperation between state, industry and Microsoft was announced. In the newspapers the next day you could read headlines like “ Microsoft to improve internet security ”. Did you have problems with the internet lately? Was it bandwidth? routing? Unreliable transports? If yes, then you've had an internet related problem. But I doubt it. You've probably had security problems like viruses or trojans ON YOUR MACHINE. You may have received spam ON YOUR MACHINE. Neither of them where made by the internet. The internet does not know about security and does not impose restrictions on senders and receivers beyond what is needed to communicate. Whining about this fact is like complaining that trees don't have airbags. A statement like "MS wants to improve internet security" is like DaimlerChrysler saying that they want to improve the public roads. Both should focus on THEIR products first. But there is a tight connection between the product and its network (just think about putting guidance systems along roads) and we will come to this intersting point later. So let's take a look at how Microsoft wants to improve the security of your machine. And for the beginning we will naively not make a distinction whether this machine in part of an enterprise network or a simple home computer. Gates divided secure systems into three parts:
Most of the talk was focussed on technology so let me just cover the other two shortly. Interaction and communication with customers is a key feature of building secure systems. Gates mentioned several times the effort Microsoft puts into talking with large scale enterprise customers about security problems. Customer guidance is seen as essential. This covers configuration help and education as well. With respect to law Gates mentioned several activities and legal actions like taking spammers to court. Gates divided the technology element into five parts.
Secure coding means development standards and tools that prevent security risks like buffer overflows. A number of tools and technologies where mentionen (module relationship checking, FXCop, PREfast etc) which are probably related to buffer overflow problems. Here a question would be why then CSharp has gotten options to decrease code security like -unsafe? He also mentioned that threat modeling has become a standard part of the development process and that every bit of coude would go through code reviews before it reaches production. A security response center has been set up where developers can contact experts about security problems. What are the properties of a good software update? One can probably list the following properties:
Please do not forget that every update is AFTER THE FACT that a vulnerability existed. It is always only a second class measure, no matter how good it is marketed. And if you look careful at the above list you will notice that some items conflict: A safe update requires mass testing and this goes against the immediacy in case of exploits. The update features are mentioned in Gates speech under technological innovations but to me they look more like process improvements because they do not tackle the underlying problem. Microsoft distinguishes three customer groups which are served through different update technologies- from automatic updates for home user to customizable updates through the windows update service to the full monty of SMS driven management. Some interesting numbers: SP2 is now installed on about 50% of all machines. This is actually quite frightning given the number of exploits against pre-SP2 systems. Gates mentioned also a Gartner statement that 75% of all security problems would be found in customer applications. That may be true but it is of little relevance: If you are broke that's not my problem. If the nations money system is broke we all got a problem. This means we need to weigh security problems with respect to affected machines. This topic covered most of the speech. Problems covered where:
Some topics are IE related and Bill Gates announced another improved version (7) for the future. Version 6 already had some improvements against tricking users by manipulating the GUI elements of the browser. Unclear to me is whether the zone/domain config (which is actually something used in large corporations) will be really used in home environments. I'd love to see some usability studies and empirical results in this area. Do you want spyware to fight spyware? You better do because a surprising nubmer of security problems will be solved in the future using collaborative technologies. MS software will report incidents to a central service (called SpyNet) where security experts will investigate. Gates hopes to detect attacks by spy-software and viruses or worms very early. Individual machines can then be made to stop downloading malware. Microsoft wants to use this pattern also to detect phishing attacks. It is a combination of technology and organisation and begs asking one question: when will this service cost something? A whole bunch of new tools (including new anti-virus software) for security management was announced as well. They can e.g. replicate a central security policy defined in active directory against a large base of machines. Only the spynet stuff will be included at no cost. Here the two important statements where that passwords will be replaced by smartcards and again a couple of new tools for identity and system management. The goal is to centralize identity management AND policies and be able to put these rules in place everywhere. A reverse proxy (called web listener) will be included which does authentication before handing over the requests to applications. Secure configuration of applications and services is made easier through tools and templates. Digital restriction management is another topic and here some efforts where made to avoid the server callback in some cases. According to Gates phishing is now much more critical than e.g. spam. He agreed that browser work was needed (probably to reduce GUI manipulation and to improve feedback for the user) and mentioned vaguely that other sources of authenticity could be used to validate mails but provided no details. Microsoft wants to use the same collaborative techniques as in the case of spyware to fight spam and phishing. That means global databases, services and experts at Microsoft which collect the data and create a verdict on mails. The speech is about 20 pages in print and that means it contained a lot of information some of which I tried to concentrate on above. Here now comes the final conclusion and what I learned from the paper.
The talk is about 20 pages long and I had to read it three times to at least see some structure (I wonder what the people attending the live talk did understand). Full of technical bits, product names etc. it was extremely hard to understand. I used a technique called mindmapping to create an overview. I learned this technique last term from Timo Kössing, a student at the HDM and I must say it was very helpful. This time I did it on paper but next time I will use the freemind open source product. |
|
| $Date: 2008/02/16 14:07:15 $ | Home | printer friendly format | view comments | Feedback |
Copyright © 2001-2009  Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution 2.5 License by Walter Kriha. | ||