Microsoft Windows Vista has been released! Well, released to enterprise customers, at least. Consumer and foreign language versions will be released in January.
In preparing my most recent book, Windows Vista Security: Securing Vista Against Malicious Attacks (Wiley), co-authored with Dr. Jesper Johansson, I’ve counted more than 180 new security improvements and features in Vista. I’ve been developing a PowerPoint presentation on it, and it’s already exceeded 220 slides (and I’m only a third of the way done).
Here are the most significant new features:
** The real Administrator account is disabled by default
** User Account Control prompts users in the Administrators group for an additional confirmation before every administrative task
** Even the Administrator cannot directly overwrite files in the \Windows and \System32 folders. They have to take ownership first, and add the correct permissions
** Internet Explorer 7 runs in Protected Mode by default, which will stop many “drive-by” download attacks
** Address Space Layout Randomization will randomly place critical Windows functions and applications in 1 of 256 places in memory, making many types of buffer overflows significantly harder to pull off
** BitLocker allows one or more drive volumes to be encrypted, and protected with an encryption key that can be stored locally, on a cryptographic chip on the motherboard, or on a USB key
** LM password hashes are disabled by default (finally!) as are LM and NTLMv1 authentication protocols
** Windows Firewall is enabled by default, protects better at boot-up, is integrated with IPSec, and has outbound blocking
** Firewall rules can be applied to specific users, computers, or groups
** Windows Defender is installed by default
** Password-protected screensaver is installed and made active by default
** Over 800 new group policy settings
** You can set multiple user or group-specific Local Security policies
** Session isolation (i.e. Windows kernel services and user-mode programs run in different Windows sessions) will prevent most “shatter”-style attacks
** Services now have SIDs, which simplifies setting security permissions. All default services have been given least-privilege permissions, and are limited by firewall security domain protection
** Portable media devices (such as USB flash memory, CD-ROMs, etc.) can be controlled with read, write, and execute permissions, both per user and per computer
** Integrity levels have been assigned to all files and objects. A security principal must meet or exceed the target resource’s integrity level in order to modify it; regardless of the NTFS permissions
** There are dozens of new log files, all collected in the expanded Event Viewer. Event triggers can be created on any event, and events can be collected to centralized computers
** Transactional NTFS ensures that NTFS changes will be written completely before being made permanent
** Previous Versions client is installed by default, allowing users to self-recover accidentally deleted or modified files
** System Restore now backs up user’s My Documents folder
** Creator Owners now no longer automatically get Full Control permissions, if you don’t want them to
** Commonly manipulated folder and registry keys are virtualized so that malicious modifications don’t result in system-wide infections
** EFS supports smart cards, can encrypt the page file, and has proactive key archival
** Remote Desktop Protocol (RDP) supports strong authentication with digital certificates
** Internet Explorer 7 has an anti-phishing filter and is more resistant to malicious attacks, spyware, and add-on abuse
** Internet Information Service 7 supports more granular loading of code. IIS is no longer a single monolithic executable
** Two more network domain profiles to plan firewall and IPSec rules around
** IPv6 and IPv4 are turned on by default
** Improved wireless security. Now, GPOs and logon scripts can be accomplished through wireless logons
** Improved SMB (file and printer sharing) protocol. Anonymous null session connections are no longer the great threat they once were
If you want more information on any of these features, just e-mail me at firstname.lastname@example.org.
Will Vista be hacked? Sure, anything super-popular gets hacked. IE 7 is the most likely target, of course, followed by Windows Mail (the Outlook Express replacement), because these applications have the highest visibility and hacker interest.
Which new services are likely to be hacked? I’d put my money on the RSS feeds, XML, and the new P2P and collaboration applications. Aside from the more than 70 new services, Vista has a lot of new file formats for hackers to explore, as well.
I will go out on a limb and say that I believe Windows Vista, and the forthcoming Longhorn server, will be tough to hack. Outside of client-side attacks and Internet Explorer, the fully-patched Windows XP Pro SP2 is already pretty hard to hack externally. Vista will never be as secure as OpenBSD, but I believe it will be secure enough to ensure that Microsoft becomes known as a vendor of choice for a secure operating system. And that’s a far cry from where it was five years ago.
If you don’t believe me, talk to the many professional hackers that Microsoft has invited to test and strengthen Vista. Hundreds of internal and external hackers gave it their best whacks. A few succeeded in finding new exploits (or in re-finding old exploits). But ask any of them what they think of Microsoft’s new OS, and all will tell you it’s a lot harder to hack than its predecessor.