Friday, March 17, 2006

Security IS Simple

At the recent RSA conference, Bill Gates said, "Today, we're using password systems, but they simply won't cut it." This was after he presented Windows Vista and its new supposedly-secure architecture.

Uh huh. I don't buy it. For one simple thing was overlooked at the conference: Vista's core graphics engine is based on DirectX (specifically Direct3D). Game developers and programmers have been using DirectX since it practically came out and it STILL is not stable. For example, some of the best minds designed, wrote, and released the Half-Life game engine (a.k.a. "Source") - and it took them all of five years to make ONE game...and it crashes randomly (can even freeze up the PC so that a hard reboot is required)! Microsoft is making claims that it can shift a fairly stable graphics architecture (GDI) over to DirectX in under two years. I don't care how many people Microsoft throw at Vista. The core of DirectX isn't being fundamentally re-written from the ground up even with the latest SDK, so Vista will be unstable. And Microsoft is off spouting nonesense about passwords at a security conference.

Note that I'm not bashing Microsoft for the sake of bashing them, but if Microsoft REALLY wants to honestly secure the OS, they are going to have to do a 180 and get every developer on the same page on how to write secure software. Yesterday I flagged MSHTML.DLL as being a level 5 instability inside the VerifyMyPC system due to a newly discovered security vulnerability. The issue is the same old story of buffer overflows, but this one is pretty serious - specially-formulated JavaScript on webpages can execute arbitrary code on the system (which, in turn, could be a way for someone to steal your source code, personal information, and then install a rootkit).

Application security is actually quite simple. There is a new e-book I wrote called "Safe C++ Design Principles" that teaches all the 'no-no's of writing unsafe code (among other things). I know that if every Microsoft developer had a copy of this book and read it (it is quite an entertaining read) and Microsoft simply dropped everything for one month, 99% of their buffer overflow problems could be eliminated. One measly month and Windows could effectively eliminate buffer overflows forever. I've heard it takes $1 mil. (US) and an average of 2 months to fix a single Windows flaw, but there are intangible damages that range from upset customers to IT headaches to actual financial losses. Any reasonable business person worth his/her salt will realize that this has long-term consequences ranging in the multi-billions of dollars.

As an example, I utilize all the principles addressed in the e-book in my own C++ code. The code isn't always the fastest, but I have yet to receive word that my applications written in C++ crash on someone's PC. Or receive notice of a security vulnerability using these techniques.

This brings me back to DirectX. DirectX is the most unstable piece of junk on the planet. It is only suitable for video games - and barely at that. I've seen people with perfectly stable systems (application-wise) blue screen completely randomly in the middle of a DirectX-based video game. So, think how that translates: Vista is going to move the graphics engine to DirectX. This means that as you are typing a report into Word, Bam! Blue screen of death (BSOD). Or you hit reply to an e-mail, Bam! Another BSOD. Just about anything you do will have a pretty good chance of causing a BSOD.

The reason for the switch to DirectX is purely for threat reduction. (I speculate that this is why a number of developers bailed out and went to Google - they saw this as a fundamentally stupid move). Microsoft views Adobe Flash (formerly Macromedia Flash - Adobe unfortunately bought out Macromedia prematurely and became Microsoft's new primary target) as a threat to the business. The move to DirectX is an attempt to undermine the Flash franchise before it gets much bigger. The idea was to do a vector-based GUI environment. Since DirectX did the whole vector-based thing, Microsoft chose to reuse that technology for the basis of accomplishing the goal of eliminating Macromedia. Normally, code reuse is a good thing. DirectX needs an overhaul, however, before reusing it is a good idea.

That said, Vista will be the first OS to have a vector-based graphics renderer based on 3D technology. Some people say Mac already has that, but it doesn't. It just uses large bitmaps to accomplish the illusion and it isn't true 3D. Vista's 3D capabilities is legitimate, cutting-edge stuff, but is incredibly unstable. I've seen applications crash under Vista that work just fine under XP. Well, they don't crash per se, they froze and simply stopped functioning, but you get the idea - some apps will freeze and others will crash the OS.

And now that DirectX is going to be core to Vista instead of "just for games", think about all the undiscovered security vulnerabilities... And to think that Microsoft is more concerned that passwords are becoming the weak link in security. I would probably laugh if I didn't have to download updates to Windows components every month.

The only thing Vista has going for it, IMO, is the whole "see-through" transparency thing (Aero glass). While I don't care for the color choices (green and black), the fancy new 256x256 icons are very pretty.

I see shiny things. They blind me to the evils that lurk underneath.
But then, ignorance is bliss.
{ Stares at icons }
Preeeettty. Soooo preeeettty.

No comments:

Post a Comment