Windows Security Through Annoyances? 401
techmuse writes "According to News.com,
Microsoft's next version of Windows will let you know that you are looking
at (supposedly) secure data by putting personalized text, such as the names
of your dogs (a null list in my case), in window borders, and will also hide
the data unless the window has no others on top of it. That should make it very usable, and speed adoption of security features -- especially among
people who need to be able to see the data in two partially overlapping
windows at once."
Re:So...... (Score:5, Informative)
Re:One problem solved (Score:4, Informative)
Video cards therefore need to be modified to be secure and support access control on their memory, the way the CPU's privileged mode (and whatever hardware they're going to tack on to make palladium work 'better') allows the OS to control what can access certain parts of main memory.
USB: Handled by the OS. Easy to deal with. Monitors: would require hardware tapping, much harder to do (Especially remotely). Keyboards: Again, MOSTLY handled by the OS. (Windows passes most every key combination through hooks, except ctrl+alt+del. They'll probably change this so that if a secure window is on top, no hooks grab the data.)
Etc. etc. I don't argue that it's a bad idea (that there needs to be changes to the video card hardware to support this properly), it's just very poorly worded in the article.
I wonder if maybe the 3d support being used helps this? If you define everything as a texture, then you only need to secure certain textures (the secure ones), not the entire screen. Therefore things running unmanaged still work just fine. 2d accelerated blits might also do the trick, but probably not as well. (Do the 2d accel blits have a concept afterwards of what a window is, and therefore to hide a certain one? Probably not..)
Re:Prevent attacks? (Score:5, Informative)
I wonder how MS will handle cutting and pasting information between secure and insecure windows? Or even between secure windows, for that matter?
Re:CRT Monitors (Score:3, Informative)
Re:How will this help? (Score:4, Informative)
Under NGSCB, you won't necessarily have access to certain files on your system -- therein lies the security; it basically uses the data in that secure file as proof that "hey, if the OS lets me show you this, then I'm trustworthy!"
Re:So...... (Score:5, Informative)
Due to the special "features" of IE, it is possible to eliminate the status bar (not task bar) where the lock icon usually resides. By then creating a page using frames it would then be possible to replicate the look of the status bar without much trouble at all, even including the text of the page loading sequence using something so simple as an animated gif.
Re:Prevent attacks? (Score:2, Informative)
Got back from WinHEC...this article is bullshit!! (Score:3, Informative)
MS is trying to bolster the overall security for their OS (called NGSCB...rtfa for the acronym def). A noble cause, but one that will be very tough for them to completely achieve. The author is focusing only 1 small portion of NGSCB, which is securing the graphics subsystem. I'll do the author's job and list a few more relevant points:
1) NGSCB is an opt-in type of program. If the hardware doesn't support it, or the user doesn't want it, it will be disabled.
2) Only "trusted apps" will fall under the jurisdiction of the NGSCB. Things like Quicken or IE could fall into this category. They would then be protected by the OS so that other non-trusted apps can't get at the data generated by the trusted apps. So the majority of windows apps that you'd run on a day-to-day basis (games), would not be affected by this.
3) The "trusted graphics" portion of NGSCB really only applies *** IF EVERYTHING ELSE IN WINDOWS IS SECURED ***. The thought being that if everything in the Windows OS is secure, hackers will look for the next most vulnerable target outside of the OS...the graphics device. Two of the most obvious ways to exploit it would be by sniffing the graphical info stored in the framebuffer, or by mimmicing a "trusted" window and having the used just give the evil app the info it wants.
4) The "dogs names" window is just an example of something that MS is kicking around. What they want to do is add something unique that the user provides to the trusted windows. This way an end user will see an evil app trying to pretend it's a trusted app. The idea here is that it will be almost impossible for a hacker to generate a window that looks exactly like a trusted window (unless they hack the OS to find out the unique quality of the user's trusted window...for now assume that the new Windows NGSCB can't be hacked...**snicker**). In any case, I seriously doubt "dogs names" will be the unique identifier.
5) The "dissappearing data" is done for a reason. When another untrusted app takes control of the OS (by being the top window), it has access to the framebuffer. So it would be simple to start an app, position the window so it doesn't completely obscure the trusted app, then read the framebuffer. Whatever info you want is right there in a bitmap. It would be nice if there were a better way to protect the framebuffer when a trusted app is alive, but it may not be possible in Windows.
I may not agree with some of their logic/ideas in this area, but it's unfair to judge it on this article alone. If you want a little more info, try looking here [microsoft.com]. Then again, this is Slashdot...there doesn't need to be a real reason to bash MS...carry on...
Re:How will this help? (Score:3, Informative)
Re:Why redefine a working metaphore? (Score:5, Informative)
Wrong. Part of Palladium/NGSCB, as well as Trusted Computing, is having a special chip to hold encryption/decryption keys. The whole point of this idea is to have information on this secure window that is only available via the keys in the chip. Any static icon (like a lock) can be faked. Showing your choice of data (like pet names) that indicate a trusted window is proof that the program is connected to the trusted chip.
This is fake multilevel security (Score:3, Informative)
In systems like that, each window appears with a border that shows the security level, typically SECRET, UNCLASSIFIED, etc. Communication between programs and windows at different levels is prohibited, except in some very controlled ways. Appliations can't even detect that stuff at higher levels exists. NSA Secure Linux has the underlying security machinery for this, although nobody has written a secure window manager for it.
It sounds like Microsoft is adding the window decoration without the underlying machinery.
Sadly, the few systems with security like this are antiques.
Speaking of spoofing and different borders.... (Score:5, Informative)
So far, most of the comments are about a spoofed status bar or the boraders that look different on the secured windows versus the unsecured ones. Anybody whose done work as a bench tech for a company servicing the general public for any length of time has surely had the conversation about porn dialers that the customer never even knew they had installed. With Active X controls, JavaScript, Macros, CGI sripts, or whatever the
Re:Great Wall of China (Score:1, Informative)
seriously, the wall is long but not wide. why can't you see highways, wide buildings, roads, etc.? answer: you can't