Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Microsoft Takes Vista to Hacker Confab

By Nate Mook, BetaNews

August 3, 2006, 4:34 PM

The annual Black Hat conference in Las Vegas plays host to the world's top hackers and security professionals, who come together to discuss the industry and delve into code. Microsoft is playing a major role at this year's event, inviting attendees to find holes in Windows Vista.

A Vista beta build was handed out to about 3,000 experts on Thursday in hopes they will uncover flaws before the operating system is completed later this year. Microsoft's director of security outreach, Andrew Cushman, also gave a talk about the security enhancements added in Vista, telling the crowd, "We're here to show our work."

Windows Vista is the first operating system from Microsoft to be built from the ground up using the SDL development model. Every bit of code is scrutinized for Common Criteria Certification and security compliance checkpoints must be met along the way.

Services are now run with reduced privileges that contain profiles specifying allowed file system, registry and network activities. Further below the surface, the Vista kernel makes it harder for rootkits to elude detection, while better protecting against unauthorized patches.

Spyware and malware threats, meanwhile, are contained by the operating system's built-in scanning engine that is based upon Windows Defender. In addition, the Vista firewall extends the functionality added in Windows XP Service Pack 2 to provide full directional filtering and application blocking.

Potentially malicious applications are also restricted with Vista's new User Account Control feature, which has spurred a great deal of complaints from beta testers. UAC forces programs to run in a specific Integrity Layer, with a default of medium, and request elevated privileges from the user when performing system commands or writing to sensitive directories.

On the hardware level, Microsoft has implemented BitLocker full disk encryption. Using a TPM chip located on the motherboard or USB stick, BitLocker literally encrypts data while it is being written to the disk. If a laptop were stolen, the hard drive would be inaccessible without a recovery key.

But Microsoft acknowledges that nothing is infallible when it comes to computer security. This is where black hat hackers like those in Las Vegas are intended to help out. Internally, the company has also put together what is called a penetration, or pen, test team. This group has only one duty: to break the security in Windows Vista and help the company develop fixes for the vulnerabilities.

Add a Comment (50 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By PC Rat

posted Aug 6, 2006 - 4:52 AM

...

The Wall Street Journal did this
story LAST WEEK.

...

The Computer Rodent

...

Score: 0

By PC_Tool

posted Aug 7, 2006 - 9:08 AM

Not everyone READ the Wall Street Journal LAST WEEK.

Aren't you special.

Can you go away now?

Score: 0

By wincement

posted Aug 6, 2006 - 8:19 PM

Dude. Just get lost if you don't like it here.

Score: 0

By marrix

posted Aug 5, 2006 - 10:01 AM

Got my new MS Partnership package Wednesday. Installed Vista on desktop running AMD 64x2DC 5000+. Looks good, but still far too slow to load. And, size is a shocker @>13GB. will be intersting to se what size it can be hacked down to for a pro version. My own build of XP Pro runs in @1.4GB. Substantial difference.

Score: 0

By jbaltz69

posted Aug 4, 2006 - 3:01 PM

I hope it's not so secure that you can't look at internet porn anymore. That would make me sad.

Score: 0

By ds0934

posted Aug 4, 2006 - 1:07 PM

What's funny is most real "hackers" probably already had the latest build before MS handed them an "official" copy. :)

Score: 0

By Mark Gillespie

posted Aug 7, 2006 - 1:21 PM

Hackers and Software Pirates are totally different.

Score: 0

By toasale

posted Aug 5, 2006 - 9:07 AM

You got dat right, Scooter!

Score: 0

By srif_tum_lala

edited Aug 4, 2006 - 8:37 AM

hi sir i need a hacking proggram will u plz send for me

Score: 0

By frankwick

posted Aug 4, 2006 - 9:30 AM

It's a good step that needs to be repeated eavery 6-12 months. Even if Vista is the most secure OS in the history of computing, Windows will always be the #1 target for people wanting to do harm. More holes will be found.

Other OS have a catch 22: Their somewhat obscure status to the real world makes them less of a target and can claim less attacks. However, if their popularity begins to increase, then the number of threats will also increase. They will get the sales, but get that bad pub that comes along with it. Didn't Apple just plug 26 holes in OSX this week? Linux has constant new patches.

Score: 0

By deminicus

posted Aug 4, 2006 - 1:58 PM

I agree as well. To add, other OS's may get less hackers but I would venture to say that in general these hackers probably have more skill simply because they work in a smaller ecosystem.

Score: 0

By Grazer

posted Aug 4, 2006 - 2:37 PM

I hope you are not trying to say
[smaller user base] -> [more skill].

That would have to be one of the worst conclusions drawn from user base ever.

Score: 0

By jbaltz69

posted Aug 4, 2006 - 11:57 AM

You are correct sir.

Score: 0

By eunichman

posted Aug 4, 2006 - 7:24 AM

"all the best hackers" huh? LOL that is hilarious...

the story SHOULD read, all the hackers stupid enough to get caught. The true best hackers are still plying their trade behind the scenes and you can bet THEY wont be there

Score: 0

By wincement

edited Aug 4, 2006 - 7:14 PM

You apparently don't know the meaning of the word "hacker."

A hacker is someone who has enough technical know-how to make a program do something it was not designed to do.

A malicious hacker (the kind you seem to think all hackers are) practices something called "cracking."

There is a difference. Most hackers are known and hired professionally to do their job. They work in IT Security.

Score: 0

By deminicus

posted Aug 4, 2006 - 2:01 PM

prove it. btw the best way to hide a wolf is within a group of wolves.

Score: 0

By xyzcb1

posted Aug 4, 2006 - 7:34 AM

hackers just basically mean someone that's highly technical. hollywood is the one who give hacker a bad name. do yourself a favor and sitting in of a TV or computer and go learn something.

Score: 0

By Grazer

posted Aug 4, 2006 - 12:09 PM

hackers just basically mean someone that's highly technical.
But "Black Hat" implies more than that.

Score: 0

By bigsexy022870

posted Aug 3, 2006 - 11:12 PM

It's sad that any company has to worry so much about hackers and such. I mean most of the problems are caused by morons who have nothing better to do then create problems. It's not that the OS has holes but that some idiot created a way in. Millions of people just wanna have fun with there pc's not worry about them. I shouldn't have to have a firewall and viruscanner wasting systems resources that could be used for gaming.

Score: 0

By bourgeoisdude

posted Aug 3, 2006 - 5:05 PM

Vista will have some security flaws...Apple did this challenge a while back, and look what happened. If it was made by imperfect humans, it can be broken. Period.

I do think Vista is much much more secure than XP, for the record, but it will have flaws. Get ready for a busy week next week folks.

Score: 0

By Heero

posted Aug 3, 2006 - 7:04 PM

Every OS has flaws, just like Sherlok said: "If a human mind put it together, another human mind can take it apart."

It's good to see, at least, that MS is getting the 'e-community' to help them out to, let us hope, produce a better product.

Let us hope Vista works out... though, I think it may be a hard sell. OS-X has been gaining a lot of ground.

Score: 0

By xyzcb1

posted Aug 3, 2006 - 9:47 PM

"OS-X has been gaining a lot of ground."

As in what 3 to 4% of the market? Of course it gained a lot of ground going from 3% to 4%, that's a 33% in increase. With Windows covering 90%+, it's will be hard for them to have a 33% :)

Score: 0

By fewt

posted Aug 3, 2006 - 6:24 PM

Every OS will have flaws, what's important is reacting to them before they are exploited.

:-)

Score: 0

By Grazer

edited Aug 4, 2006 - 12:07 PM

If it is really source code they handed out, then I think Vista just unofficialy became open source.

[Disclaimer: The article originally stated code was given out.]

Score: 0

By bigsexy022870

posted Aug 3, 2006 - 11:15 PM

they didn't hand out the souce code, that wouldnt make sense. With the source code any moron could find a way in. They gave out the current build which consumers would get. Thus the hackers will try to access the OS much like anyone would.

Score: 0

By Paul Skinner

posted Aug 3, 2006 - 4:55 PM

I think you mean: "The beta build that has the flaws has become unofficialy open source."

I'm presuming that they'll fix at least some of the flaws, so the code will have changed.

/smartarse

Score: 0

By Grazer

edited Aug 3, 2006 - 5:34 PM

The beta build should be feature complete. Any person or group fixing the last of the bugs / making optimizations should arrive at pretty close to the same end result.

Score: 0

By wincement

edited Aug 3, 2006 - 8:58 PM

Score: 0

By PC_Tool

posted Aug 4, 2006 - 8:56 AM

Cat got yer tounge?

Score: 0

By wincement

posted Aug 4, 2006 - 10:52 AM

Nah. Just a recalled rant.

Score: 0

By PC_Tool

posted Aug 4, 2006 - 11:10 AM

Heh...

The Intarnet. The only place where you can put those words you probably shouldn't have said *back* in your mouth.

*grin*

Score: 0

By wincement

posted Aug 4, 2006 - 7:15 PM

'zakly

Score: 0

By fewt

edited Aug 4, 2006 - 4:42 PM

EDITED (AGAIN) heh

Cat got yer tounge?

no,

Grazer got his tongue.

heh

Score: 0

By Grazer

edited Aug 7, 2006 - 12:35 PM

Now, what should I do with it?

Score: 0

By PC_Tool

posted Aug 3, 2006 - 5:22 PM

But the open souce community could do it *better*

/sarcasm...kinda...

Score: 0

By templar™

posted Aug 3, 2006 - 11:07 PM

lol. it's hard to expose your source code to so many people if you are public enemy number one...

Score: 0

By wincement

posted Aug 3, 2006 - 4:41 PM

Giving out Vista code? Ummm... can anyone say "leak waiting to happen"?

That is a darn risky move IMHO.

Score: 0

By Paul Skinner

posted Aug 3, 2006 - 4:52 PM

Not if they fix what the hackers find...

...which they probably won't...

Score: 0

By PC_Tool

posted Aug 3, 2006 - 4:47 PM

Was it the actual code? Or did they just hand 'em the latest *compiled* code. ;)

Score: 0

By wincement

edited Aug 3, 2006 - 5:21 PM

Hmmm.... don't know. They changed the story.

It used to say "Vista beta code handed out to about 3,000 experts..."

Now it's "A Vista beta build handed out to about 3,000 experts..."

So probably not the actual code. Good. That would be a nightmare. All it would take is for one of those 3,000 experts to get greedy, but that would never happen, right?

Score: 0

By Ramhound

posted Aug 3, 2006 - 7:23 PM

Windows is closed source, its a billion dollar product, Microsoft would never make it open source. So I think when they said "code" they meant the "current" code in the sense, installed product to experts in the industry. Who knows they could have given them the code, of course means they would have to sign something to get it, might explain the small amount of experts.

Anyways to be honest, I see Microsoft at some point helping the open source community in some way, but only when the industry won't support a paid product.

Score: 0

By 4421

posted Aug 3, 2006 - 8:25 PM

It is a strategic trap to ignore open source methods. Apple did it right.

Score: 0

By Mark Gillespie

posted Aug 4, 2006 - 4:42 AM

Don't fool yourself into thinking, because you own a mac, you are secure...

Hijacking a Macbook in 60 Seconds or Less

http://blog.washingtonpo...cbook_in_60_seco_1.html

Score: 0

By PC_Tool

edited Aug 4, 2006 - 12:24 PM

FYI:

...hacking the low-level computer code that powers many internal and external wireless cards on the market today...

...targeting a specific security flaw in the Macbook's wireless "device driver," the software that allows the internal wireless card to communicate with the underlying OS X operating system.

Some could argue (and likely will) that this is a driver issue, and not a OS flaw... But letting badly coded driver hijak tohe OS is probably a "Bad Thing™".

Score: 0

By xyzcb1

posted Aug 4, 2006 - 7:41 AM

you going to get flame by mac lemmings so bad.

for your own safety, next time keep them to yourself ;)

Score: 0

By fewt

posted Aug 3, 2006 - 7:34 PM

I wouldn't say never, you don't know what can happen to the world in 10 years.

I'm not saying it *WILL* happen, but I wouldn't rule it out completely just based on the success of the OSS world as well as Microsoft's recent initiatives with shared source.

Score: 0

By catfish182

posted Aug 4, 2006 - 7:50 AM

Stay on topic. damn
The "great" hackers that stay in the shadows and not go to the convention arnt really there. Dont get me wrong the black hat thing in vegas has some decent smart people. A lot of former hackers that know the code. Thats the key. There isnt many actual hackers in the scene anymore. There are a TON of script kiddies that use kits and scripts to do the work, while not knowing a damn thing about true rooting. As for M$ going there to say "hey break our s***" I think its great. M$ has allways felt they were above people and thier OS's were so great. Years of M$ being embarrssed have finally made them realize its time to admit they cant make a secure system. I think thats why Vista is taking so long. They have to have show somethin on this one or they risk a blacker eye. Linux is starting to make a move and apple is allways in the back slowly growing (mind you its a total of maybe 10%).

Score: 0

By fewt

posted Aug 4, 2006 - 7:55 AM

Kiss my ***. damn

heh

Score: 0

By Ramhound

posted Aug 6, 2006 - 2:38 AM

fewt, Microsoft is not going to release the source to Windows till there isn't a market for a paid OS.

Since they want to make money, and every system needs an OS in order to function, they have a chance for a customer for every system that exist ( that is able to use one of their products ).

I still believe, in several years there might not be a market for an OS, this will come with the adoption of software that communicates with nano tech.

I suspect in the not to distance future, you will go to a computer, and you will be able to access your data anywhere.

Score: 0

By PC_Tool

posted Aug 7, 2006 - 9:10 AM

Dude....

All he's saying is that there are no guarantees.

MS could do it tomorrow.

Highly unlikely, but...

Hey, I could win the lottery tomorrow. ;)

Score: 0

Nov 21 - 9:29 PM ET Hurd's the word in Ballmer's e-mail nightmares

Nov 21 - 6:51 PM ET Coalition urges better laws for e-mail and cell phone privacy

Nov 21 - 6:42 PM ET How is Internet advertising faring in this bad economy?

Nov 21 - 6:15 PM ET From out of the Amazon Cloud, an AWS winner emerges

Nov 21 - 5:20 PM ET Mufin music finder enters public beta, adds widgets

Nov 21 - 5:01 PM ET Google launches its SearchWiki semantics plug-in

Nov 21 - 4:57 PM ET Asus previews a slimmer, less costly Eee PC

Nov 21 - 4:32 PM ET New Adobe Media Player ushers in AIR 1.5

Nov 21 - 2:11 PM ET AT&T to add Pantech's low-cost C630 phone to 3G lineup

Nov 21 - 1:11 PM ET iPhone gets firmware 2.2 update