5 replies to this topic

[nitram]

The annual Black Hat conference in Las Vegas plays host to the world's top hackers and security professionals, who come together to discuss the industry and delve into code. Microsoft is playing a major role at this year's event, inviting attendees to find holes in Windows Vista.

A Vista beta build was handed out to about 3,000 experts on Thursday in hopes they will uncover flaws before the operating system is completed later this year. Microsoft's director of security outreach, Andrew Cushman, also gave a talk about the security enhancements added in Vista, telling the crowd, "We're here to show our work."


Windows Vista is the first operating system from Microsoft to be built from the ground up using the SDL development model. Every bit of code is scrutinized for Common Criteria Certification and security compliance checkpoints must be met along the way.

Services are now run with reduced privileges that contain profiles specifying allowed file system, registry and network activities. Further below the surface, the Vista kernel makes it harder for rootkits to elude detection, while better protecting against unauthorized patches.

Spyware and malware threats, meanwhile, are contained by the operating system's built-in scanning engine that is based upon Windows Defender. In addition, the Vista firewall extends the functionality added in Windows XP Service Pack 2 to provide full directional filtering and application blocking.

Potentially malicious applications are also restricted with Vista's new User Account Control feature, which has spurred a great deal of complaints from beta testers. UAC forces programs to run in a specific Integrity Layer, with a default of medium, and request elevated privileges from the user when performing system commands or writing to sensitive directories.

On the hardware level, Microsoft has implemented BitLocker full disk encryption. Using a TPM chip located on the motherboard or USB stick, BitLocker literally encrypts data while it is being written to the disk. If a laptop were stolen, the hard drive would be inaccessible without a recovery key.

But Microsoft acknowledges that nothing is infallible when it comes to computer security. This is where black hat hackers like those in Las Vegas are intended to help out. Internally, the company has also put together what is called a penetration, or pen, test team. This group has only one duty: to break the security in Windows Vista and help the company develop fixes for the vulnerabilities.

Source - BetaNews

[VROSA]

With all that big brains looking for Vista's security flaws i think MS will be able to release a good quality OS next year, or at least they wont need to release a service pack some months after.

Edited by vrosa x64, 04 August 2006 - 12:10 PM.

[Roadrunner]

I read about this earlier- pretty gutsy move to challenge all the hackers to have at Vista-
I guess they feel it's better to let them do it now so it can be patched before release.

[tc1]

Read this earlier also, thought it to be pretty funny, for every hack they find and fix, there will always be more. Hackers=Tech Support, lol

[Nvyseal]

tc1, on Aug 4 2006, 06:44 PM, said:

Read this earlier also, thought it to be pretty funny, for every hack they find and fix, there will always be more. Hackers=Tech Support, lol

Since Bill stepped down, i just thought they were looking for a new Chairman of the Board!

[m.oreilly]

well, after i met bill in the clink...


...i new i was ready for the big time...someday...



do-be-do-be-do...