PaulSpoerry.com

In a presentation at the Black Hat briefings, Mark Dowd of IBM Internet Security Systems (ISS) and Alexander Sotirov, of VMware Inc. will discuss the new methods they’ve found to get around Vista protections such as Address Space Layout Randomization(ASLR), Data Execution Prevention (DEP) and others. Essentially they’ve figured out a way to hack Vista using Java, ActiveX controls and .NET objects to load arbitrary content into Web browsers.

What they are indicating is that they have revealed a fatal flaw in Windows Vista which potentially blows the OS wide open and in such a way that it cannot be fixed. The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista’s fundamental architecture and the ways in which Microsoft chose to protect it.

Many of the defenses that Microsoft added to Vista and Windows Server 2008 are designed to stop host-based attacks. ASLR, for example, is meant to prevent attackers from predicting target memory addresses by randomly moving things such as a process’s stack, heap and libraries. That technique is useful against memory-corruption attacks, but Dai Zovi said that against Dowd’s and Sotirov’s methods, it would be of no use.

“This stuff just takes a knife to a large part of the security mesh Microsoft built into Vista,” Dai Zovi said. “If you think about the fact that .NET loads DLLs into the browser itself and then Microsoft assumes they’re safe because they’re .NET objects, you see that Microsoft didn’t think about the idea that these could be used as stepping stones for other attacks. This is a real tour de force.”

They go on to imply the approach can also potentially be applied to other operating systems such as Windows XP and Mac OSX (but not with this specific technique).

Read more at TechTarget or TrustedReviews

Windows 7 (formerly known as Blackcomb and Vienna) is the working name for the next major version of Microsoft Windows as the successor of Windows Vista. Microsoft has announced that it is “scoping Windows 7 development to a three-year timeframe”, and that “the specific release date will ultimately be determined by meeting the quality bar.” Windows 7 is expected to be released sometime in 2010. The client versions of Windows 7 will ship in both 32-bit and 64-bit versions. A server variant, codenamed Windows Server 7, is also under development.

Microsoft is maintaining a policy of silence concerning discussion of plans and aspirations for Windows 7 as they focus on the release and marketing of Windows Vista, stating that Microsoft does not want to promise features and then fail to deliver, as happened with Windows Vista Ultimate, though some early details of various core operating system features have emerged. As a result, little is known about the feature set, though public presentations from company officials have disseminated information about some features. Leaked information from people to whom Milestone 1 (M1) of Windows 7 was shipped also provides some insight into the feature set.

Read the rest of this entry �

Techcrunch posted an article stating “Gartner Says Vista Will Collapse. And That’s Why The Yahoo Deal Must Happen”.The last paragraph sums up the Gartner view:

The real question isn’t “What can Microsoft do to fix their Windows product?” but rather “Even If Windows and Office were perfect, would it be enough to keep Microsoft relevant in the medium term?” I think the answer to that latter question might be “nope.” And that, of course, is why they want Yahoo so badly. Online advertising revenue is their only real hope of long term survival.

This of course is a complete load of crap. Vista WAS handled poorly by Microsoft, but its not the collapse of Windows by any stretch of the imagination. The most laughable thing is that while so called “analysts” are predicting the demise of Windows,Vista alone (ie, not counting Windows server or XP) still has more market share than *nix and OS X COMBINED. The real reason Vista isn’t selling as well as MS hoped is because of Windows XP. XP has turned out to be a mature, stable, and secure OS. Vista has new plumbing and the kinks are still being worked out (to be expected). The underlying plumbing put into Vista however will position it for the long term, and XP will ultimately be phased out. Don’t count Vista, or Windows as a whole “out”.

The image below shows Windows market share versus the only other statistically relevant OS’s (ie, over 1% market share) as of March 2008.

It’s true that *nix based systems have made some inroads in business computing, however, Windows still controls 90% of the market. Linux doesn’t even show up on the list… it ranks at  0.61% (though OS X REALLY is a flavor of unix so you could count that in the *nix category) Ask any non-geek what OS they run and you’ll get two answers, Windows or OS X, but mostly just windows. The people predicting these things needs to step out of the basement and away from their Tux stuff animals for a bit and look at the real world. Could the apple cart be upset, absolutely, but it won’t happen over night and Microsoft will have time to react.