Israeli Security Company Builds "Unhackable" Version of Windows 253
New submitter Neavey writes: Sounds too good to be true, but Morphisec, an Israeli startup, claims to have built an unhackable version of Windows. Its not yet publicly available, a red flag if ever I saw one, but internal testing has had a 100% success rate: "In a statement for BI, Dudu Mimran, the co-founder of the company, describes this new OS version as the Windows that 'Microsoft should be doing,' explaining that, while the platform was initially designed for government use, it can be actually installed by any enterprise that wants to make sure that no hack is possible.
Basically, this operating can block any zero-day attack, the founder says, thanks to the operating system randomizing all memory, which means that the hacker cannot target the computer memory and compromise the data stored on the drives."
What things memory randomization does not fix, left as an exercise for the reader.
Oh boy (Score:5, Funny)
I hope everyone at that company is prepared for a long week.
Re:Oh boy (Score:5, Funny)
I hope everyone at that company is prepared for a long week.
I wouldn't presume they last that long. An unhackable version of Windows... Is it April 1st on the Hebrew calendar?
Re: (Score:2)
Re: (Score:3)
write the libraries to implement the entire Windows API
What a joke!!!?!?!? How to do it with no memory leaks? Dream on?!? What even IS the Windows API? Is it even documented anywhere?
With a good budget you could manage it in a year.
Microsoft has been working on Windows for decades, what are you smoking???
Re:Oh boy (Score:4, Insightful)
Re: (Score:2)
Windows 7+ is nearly unhackable with UAC provided you have a firewall in front and no access to change boot devices.
huh? so microsoft has finished working on windows 7 and all of the security bugs are fixed? does that mean we can turn off windows update? after all there are no security bugs
Re:Oh boy (Score:5, Funny)
Might not take a week. I hear one of their techs just met a rather pleasant prince from Nigeria...
Comment removed (Score:5, Insightful)
Re:This has been around forever (Score:5, Interesting)
Memory randomization has been around a very very very long time. It's not going to help with logical programming errors.
It is literally already implemented in every version of Windows since Vista. Windows also uses the NX/XD features in modern CPUs.
Re:This has been around forever (Score:5, Funny)
It's not going to help with logical programming errors.
It is literally already implemented in every version of Windows since Vista.
Windows has had logical programming errors before Vista.
Re: (Score:2)
It is literally already implemented in every version of Windows since Vista.
Well, yes and no.
It allows you to change the address for DLLs, but leaves it at a predetermined address by default. You can check this by installing cygwin, and do "rebase -i nameofsome.dll"
This is unlike the "prelink" command for Linux which requires an explicit option, -m, to not randomize.
Re:This has been around forever (Score:4, Informative)
It allows you to change the address for DLLs, but leaves it at a predetermined address by default.
Windows has a setting to enable ASLR for all applications. Microsoft even provides a handy tool to enable it; the, "Enhanced Mitigation Experience Toolkit". No special compile time gesticulations are required.
Re: (Score:2)
It is literally already implemented in every version of Windows since Vista.
how do you "literally" implement a feature? does this work in virtual machines?
Re: (Score:3)
Why do you think they're not releasing it?
Re: (Score:3, Funny)
Because the code is on the unhackable Windows PC. They only get back some random binary files when they try to copy it.
Re:Oh boy (Score:5, Funny)
I hope everyone at that company is prepared for a long week.
Why? All they did was rip out all the networking parts of that particular Windows box. Oh, and they also removed the USB drivers, the serial ports... then they sealed it in a welded metal box, then set that box in the middle of a concrete block 1m x 1m x 1m, with only the power cable and a couple of water cooling pipes sticking out. It's completely unhackable now.
Re:Oh boy (Score:5, Funny)
Re: (Score:2)
You've never heard of air gap attacks, have you? Scratch that, I mean, you've never heard of concrete gap attacks, have you?
that said, a version that can't be hackED is possi (Score:5, Informative)
The headline is crap, of course.
That said, it's not too hard to have a version such that you know it's unaltered when you boot each morning. You do basically a live CD, booting from a read-only lun.
Just as you separate a normal user USING the machine from an administrator account UPDATING the OS, you can have the OS basically read-only during use and set it to writeable only when you need to update the software. That change is done outside of the OS, either via the NAS or the hypervisor.
In that way, you can come in eqch morning knowing your Windows system hasn't been hacked (past tense). As soon as you open IE, though, you could get a new exploit. That exploit disappears when you shut the machine down, though.
I think you just described (Score:4, Funny)
Re: (Score:3)
My Commodore 64.
Dream on, idiot, Commodore 64 is the poster child for bad security:
"It is commonly reported that the first known full stealth file-infecting virus was Frodo, in 1989. In fact, that is true only for the IBM PC world. The Commodore 64 world had been infected three years earlier by what was perhaps truly the first full stealth file-infecting virus: C64/BHP.A (not to be confused with the boot-sector virus for the Atari, also known as BHP)."
http://pferrie.tripod.com/papers/bhp.pdf
Re: (Score:3)
The headline is crap, of course.
That said, it's not too hard to have a version such that you know it's unaltered when you boot each morning. You do basically a live CD, booting from a read-only lun.
Just as you separate a normal user USING the machine from an administrator account UPDATING the OS, you can have the OS basically read-only during use and set it to writeable only when you need to update the software. That change is done outside of the OS, either via the NAS or the hypervisor.
In that way, you can come in eqch morning knowing your Windows system hasn't been hacked (past tense). As soon as you open IE, though, you could get a new exploit. That exploit disappears when you shut the machine down, though.
Or you can put Deep Freeze on it and have the same thing every time you reboot, morning, noon, or night. MEOW!
no more BIOS, UEFI (secure boot) (Score:3)
BIOS is dead. With EFI, most of the boot code is in the efi partition, on the "disk" which is read-only courtesy of your san, hypervisor, or the fact that it's a cd-rom.
There is a limited firmware on the motherboard which loads the initial efi file. That could, in theory, be compromised, except that if you virtualize, you could also set that read-only in the hypervisor. So your virtual machine pretty darn safe. The host machine needs to be secured , but it doesn't need an operating system, just a hyper
Re: (Score:2)
So your virtual machine pretty darn safe.
google "virtual machine vulnerabilities" and you will realize that virtual machine drivers are excellent attack vectors.
Re: (Score:2)
100% unhackable? That's a pretty bold claim to say the least. I'm sure it's probably a hell of a lot harder than a stock version of Windows (duh) but making the claim that it's "100% unhackable" seems a wee bit ambitious.
I believe (Score:5, Funny)
It is being offered to the mullahs on a flashkey.
Fraudulent? (Score:5, Insightful)
Didn't have time. (Score:2)
Other products (Score:5, Funny)
Re:Other products (Score:4, Funny)
well in reality the invisibility powder is really just ground up lye, and when thrown into the eyes of someone else, it blinds them, thus rendering you invisible to that person.
But it does work.
Re: (Score:2)
It makes you invisible. Unfortunately, the powder itself is visible.
Re: (Score:2)
It makes you invisible. Unfortunately, the powder itself is visible.
It makes you dead, then you are buried, then you can no longer be seen. QED
It's easy to make it unhackable (Score:5, Funny)
Just remove all input and output capabilities, and the power supply. Most secure computer in the world.
Re: (Score:2)
Re: (Score:2)
and the power supply.
I actually laughed, thanks!
Re:It's easy to make it unhackable (Score:5, Funny)
I think people are missing this company's solution.
The machine boots to Windows, and then this company's product randomizes everything in RAM. Even Windows has no idea where anything is in memory anymore. Every single bit is in a completely random location, with no relation to the bits it was next to previously.
Granted, the machine crashes at this point, but it has successfully booted and been rendered unhackable.
For long-term security, their follow-up product will randomize all data on a hard drive. It is completely un-hackable, even with physical access. Of course the data is also irretrievable, but there are prices to security.
Re: (Score:3, Funny)
There is a non-zero chance that those random bits result in having Windows 1.0 or DR-DOS.
Re: (Score:2)
Don't forget to put that in a faraday cage, lest some hacker try to induce current in the circuitry.
Re: (Score:2)
"Well, I figure out how to hack this unhackable system. We just need to start building EMP bombs that fit in a backpack."
Re: (Score:2)
"We need a pinch"
Re: (Score:2)
Just remove all input and output capabilities, and the power supply. Most secure computer in the world.
I have one of those, too. I believe it's called a "brick".
show me (Score:2)
My code is 100% working (Score:3, Funny)
According to my own internal testing, of which i've done none.
Re: (Score:2)
It just means they have zero known defects and who knows how many unknown defects.
Anybody that claims "unhackable" knows too little about computer security to make reliable claims about security.
If they were to say "with no known attack surface", I would trust the claim a lot more.
Re: (Score:2)
I like your black & white world; mine has fifty shades of gray.
You're welcome.
Not finished (Score:4, Interesting)
Per the article, they've raised money and it's under development. Sounds more like they're at the generate some buzz for some more money stage of development.
But I concede that randomizing memory (contents) does make a system pretty secure.
Re: (Score:3)
Especially if the system doesn't let the programs running know where there variables have been moved to, or where they have been moved to, or, well, where anything is. I expect the system only needs to have it's memory randomized once per boot.
Re: (Score:2)
Sounds like a good way to get some more funding, "find out" that it doesn't work, and then fold up shop.
Re: (Score:3)
But I concede that randomizing memory (contents) does make a system pretty secure.
And, unusable. Much like a machine with no power.
Does it also... (Score:2)
...suck your dick? [theonion.com]
Failure to understand definition of zero-day (Score:5, Insightful)
This company (or whoever wrote TFS/TFA about them) seems not to understand the concept of a zero-day vulnerability.
It is ridiculous to say that one is not vulnerable to zero-day attacks. They are, in security parlance, the "unknown unknowns" - the things you don't even conceptually know of as vulnerabilities right now. One cannot design a networked computer system with any functionality whatsoever in which they can somehow know and anticipate the "unknown unknowns" (as opposed to the known unknowns, some of which can be mitigated if you're lucky).
The unknown unknowns are, by definition, *not yet known*, so you can't design a mitigation against them until *after* you are aware of them. If awareness comes in the form of a zero-day hack, then you will fail to defend against the attack at the time it hit due to your lack of information about the attack vector.
Also, unless this company has full access to all Windows source code for the build they have, it is very likely that one singular memory-based mitigation will not be effective against every possible attack vector that exists in the Windows codebase. So unless they have performed full formal methods verification of the entire Windows codebase to guarantee that there are no "unknown unknowns", and then fixed every security vulnerability that exists in the product in the original state in which they received it from Microsoft, this is basically snakeoil.
Also, don't we already have ASLR? The mind boggles at the stupidity of these people. Who do they seriously think is going to buy this?
Actually, forget I asked. They said their target was governments. I have no doubt they will sell thousands of licenses.
Re: (Score:2)
Re: (Score:2)
You might want to view a list of what governments bought the HackingTeam software....
Re: (Score:2)
They got the idea from the Hacking Team
Re: (Score:2)
I strongly object 'do not even conceptually know'. ...
Zero days are hardly ever fundamentally novel attacks.
Inadequate input sanitisation, buffer overflows,
http://www.zerodayinitiative.c... [zerodayinitiative.com] - for example
None of the first several I looked at looked particularly novel, even compared with attacks of a decade or two ago.
Linux... (Score:2, Interesting)
has had address space randomization for how many years? Hardly unexploitable still...
As a former QA lead... (Score:5, Insightful)
Oh yeah, I've seen builds that were 100% solid on internal testing. Not a thing wrong with it according to automated tests, scripted manual testing, smoke testing, and random usage testing. Not a thing! A million monkeys could bang on keyboards all day long and nothing would break. Much simpler programs than an entire OS, mind you. But still, they were bullet-proof, air-tight, divine works of software engineering.
Then we pushed them to production. Murphy's law is a moooootherfucker.
Captcha: enraging
Re: (Score:3)
You mean like when they released windows 10 and the start menu lagged froze and crashed?
But you you have to admit it lagged and crashed really really fast due to all the Windows 10 improvements.
And in other news, DefCon and BlackHat paused... (Score:5, Funny)
...for approximately 15 minutes to hack the unhackable today and then resumed normal business with smirking faces all around...
Okay from a tech aspect... (Score:2)
Re: (Score:2)
It is very easy to build a system... (Score:2)
I suspect this is the approach this startup took.
Pretty easy, actually: (Score:3)
Re: (Score:2)
100% remote unhackable.... (Score:2)
Just remove the TCP stack.
If you have physical access to the machine however, that's a different story.
Re: (Score:2)
Just remove the TCP stack. If you have physical access to the machine however, that's a different story.
Unplug the Monitor and remove the keyboard too?
Oh heck, just totally disassemble the computer and disconnect all the cables, store it in a EM and physically sealed container which is buried under a few feet of reinforced concrete....
No computer is unhackable, especially one that is turned on and connected to ANYTHING else.
Race condition attacks? (Score:2)
How does that defend against race condition attacks?
Re: (Score:2)
Re: (Score:2)
All of their code is written perfectly with no errors whatsoever. All race conditions are handled with flawless locking mechanisms. After this, you apply some unneeded buffer overflow protection in the form of memory layout randomization. I can't believe someone didn't think of it sooner.
face-palm
Thanks, I can see it now.
Just use that one simple trick and I can protect my OS!
It worked for the Titanic... (Score:2)
Right? That never sank did it?
Re: (Score:2, Funny)
You are correct, nobody ever hacked the Titanic.
ASLR? (Score:3, Informative)
I hope they succeed... (Score:3)
... but what are the chances of that?
Security relies on certain assumptions.
If I have a military base, I assume that whomever comes to attack my base has fewer guys with guns than I do... and I generally it will be a cold day in hell before they'll get very far into the base.
And you assume other things... you assume that your security people can tell the difference between someone with security clearance and a birthday clown.
We assume that the people with clearance obtained it legitimately.
We assume that the people that were given security didn't subsequently decide to sell us out for hookers and blow.
Assumptions.
And there are good assumptions... assumptions that really will hold under most circumstances and bad assumptions.
And good security is basically a process of separating out good assumptions from dumb ones. Then recognizing that your dumb assumptions were a convenient fig leaf you put over serious vulnerabilities that you actually don't have a good solution for...
And then you need to actually come up with a GOOD assumption that covers for what were previously laughable assumptions.
If your security is based on interlocking layers of good assumptions... are you unhackable? I don't know... its a question of perfection and perfection is hard in this universe. BUT... really fucking good security? Near perfect? Sure. I mean... you can do "excellent"... excellent is possible.
But that's not to say that even good security should be discounted as crap. Good is often the best security possible because excellent requires time and money and competent management and users that don't have their heads wedged up their asses.
Now will good security keep ze germans out or whatever? Typically yeah. Even good security is a bitch to get through even for a state sponsored hacking team.
What keeps embarressing people is SHIT security or NO security.
That is what keeps failing. Not "good security"... not "excellent security"... not "perfect security"...
F'ing none at all keeps failing.
So... lets not geek out on the "perfect" or "unhackable" claim. And instead lets focus on whether or not the change to the OS makes Windows have "good security". If it accomplishes so much as that then we're doing well. If they pushed it up a notch and it's EXCELLENT... Then we're doing very very well indeed.
Re: (Score:3)
You're assuming your policies and procedures are meaningful.
I frequently find polices in place that are little more than security theater. Cargo cult security.
https://www.youtube.com/watch?... [youtube.com]
It gives the seeming of security without actually doing anything.
Bullshit (Score:2)
I believe that I can speak for a few fellow network engineers here.
Bullshit.
There is only ONE way to do this.... (Score:2)
Install windows, disassemble the machine and store it in a totally EM and physically sealed box.
or.....
(Sarc on) Install your new Linux distribution you called "Windows" (Sarc off)
Almost Made It (Score:2)
Everything was going very well, until Shlomo installed Flash player.
I know you're all joking, but how I envisioned it (Score:3)
It doesn't help much for legacy software, but a special memory section could be used for shared memory, and a special disk location could be used for shared files.
A system prompt would be needed before installing driver files or changing things on startup.
This doesn't stop a keylogger from getting you though. There are ways of stopping keyloggers, but no need to get to complex stuff when people will want to shoot holes through my theory "Windows as a filesystem sandbox mode". I think about this a lot since it doesn't seem like several OSes are designed to operate in the Internet environment without getting hosed by running the wrong file. If Windows could be secure from running an occasional malware
Difference to PaX & grsec? (Score:3, Insightful)
Which then poses the question... just how is this any different, let alone superior to Linux's PaX patchset - which offers ASLR since 2000 - or even grsecurity?
Re: (Score:3)
It differs by use of extreme marketing lies. It is well-known that ASLR makes some attacks on a system or application harder, but not impossible. It does nothing at all for other attacks.
Hardened is not "unhackable" (Score:2)
These people are lying to their customers. Even hardened systems need to be operated with security in mind. And, of course, OS hardening does not a lot to harden applications.
"internal testing has had a 100% success rate" (Score:2)
BAAAAHAHAHAHAHAHAAHAH!
100% Secure = (Score:3)
Security is a balancing act between usability, functionality, and safety.
You'll never get 100% in any of those without having less than that in the other two categories.
Sure, they may get closer to 100%, but at what cost? Is the machine running slower? Does it eat up huge amounts of HD? Does it take a 5 minutes to verify an authorized users biometrics before allowing them to do anything and if they leave it's immediate 'secure' area it totally resets?
Not that those are what this one is or isn't doing, I was just illustrating the point that you can't have perfect security, and have a usable machine because there are always trade- offs. Especially since it's under the rule of diminishing returns. Although one great way to easily improve security is to remove humans from the loop. Of course, then you are just talking about some kind of backend or infrastructure type thing since it's only 'users' would be other machines, and even that can be compromised by compromising the machines that are allowed to be users.
That's why I say that a machine that is totally secure, is also totally unusable. It's the only way to prevent the machine being compromised, but that's not really any good to anyone either.
I made an unhackable computer once (Score:2)
I think I know what they've done. (Score:2)
In order to log in you first have to eat a jar of gefilte fish. Not only that but you have to drink the juice as well. Foolproof.
So . . . (Score:2)
Is it an unpowered computer that is missing the power cord and Ethernet cable?
Now, that's an unhackable Windows computer!
Let me guess (Score:2)
I posted this idea to microsoft.public.security in (Score:3)
So, I hope they aren't trying to patent too much of this idea. It's been prior art for 10 years. Here is a link to an archived version of my post: http://www.derkeiler.com/Newsg... [derkeiler.com]. It is all I could find from my phone.
I don't mind them using the idea. I posted it publicly hoping someone would. But they can't claim to own the idea or prevent others from using it.
Re: (Score:2)
...not that either would protect you from trojaned network card or bios though...
Re: (Score:2)
They only promised you a secure OS. Its on you to provide a secure hardware platform to run it on.
Re: (Score:2)
They only promised you a secure OS. Its on you to provide a secure hardware platform to run it on.
in other words, they got nuthin, because you can't actually provide a "secure hardware platform"
Re: (Score:2)
Duh. Idiot.
Re: (Score:2)
Sweet, my laptop is unhackable!
Re: So they unplugged it. BFD (Score:2)
Evil Maid attacks may require that the device be powered off.
Re: (Score:2)
Any computer that's unplugged is unhackable.
Nice try, better remove the batteries and all persistent storage devices too.. Oh, and you are going to prevent any physical access too...
Re:Stupid for two reasons: (Score:5, Insightful)
Why do people still claim these things, and why to techies (not marketing people) consent to attaching their names to such nonsense?
Stupid because:
1) No, it is not unhackable. Throw a contest with a bounty to easily prove this.
2) 99% of "hacks" work through social engineering nowadays, and these work regardless of how secure your software is.
3) Selling your own modified version of Windows will get you sued by Microsoft very quickly.
Re: (Score:2)
1) No, it is not unhackable.
It is so long as they never release it.
Re: (Score:2)
1) No, it is not unhackable.
It is so long as they never release it.
So we're back to leaving it in a Faraday cage inside a concrete block with no connections, parts, power, or display. Sounds like an optimal Windows implementation to me.
Re: (Score:2)
A bull isn't kosher until it's missing all its blood. At that point, it's not going to leave anything else behind.
Re: (Score:2)
No way! They wouldn't let someone else make profit from their work.
No they instead made it completely unhackable except for their back door which will open after a few million dollars are sent to their bank account.