Saturday, December 17, 2005

Microsoft is moving the GUI code back out of the kernel in Vista according to this article. This is bad news: Finding local priviledge escalation bugs might become hard in the future.

The move of the GUI into the kernel (done with NT 4.0) was a misguided attempt at increasing performance in order to get people to switch from Win9x to NT - something that did not work until Windows 2000 / XP really. A lot of headaches (outside of the usual out-of-bounds-memory-access-bugs) were created by that move (shatter attacks etc). From the defender's standpoint, this totally makes sense. I have a feeling that security-wise the gulf between MS and all other closed-source vendors (which have to operate under market conditions and thus can't pump a few billion into security) is widening.

Coming back to audit "random" closed source code after having worked on MS binaries is a bit like auditing a "random" open-source project after having spent time on well-audited bits of OpenSSH. You're surprised that things can be so easy.

No comments: