Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Windows Operating Systems Security IT

Israeli Security Company Builds "Unhackable" Version of Windows 253

New submitter Neavey writes: Sounds too good to be true, but Morphisec, an Israeli startup, claims to have built an unhackable version of Windows. Its not yet publicly available, a red flag if ever I saw one, but internal testing has had a 100% success rate: "In a statement for BI, Dudu Mimran, the co-founder of the company, describes this new OS version as the Windows that 'Microsoft should be doing,' explaining that, while the platform was initially designed for government use, it can be actually installed by any enterprise that wants to make sure that no hack is possible. Basically, this operating can block any zero-day attack, the founder says, thanks to the operating system randomizing all memory, which means that the hacker cannot target the computer memory and compromise the data stored on the drives." What things memory randomization does not fix, left as an exercise for the reader.
This discussion has been archived. No new comments can be posted.

Israeli Security Company Builds "Unhackable" Version of Windows

Comments Filter:
  • Oh boy (Score:5, Funny)

    by NotDrWho ( 3543773 ) on Thursday August 06, 2015 @02:21PM (#50264727)

    I hope everyone at that company is prepared for a long week.

    • Re:Oh boy (Score:5, Funny)

      by Anonymous Coward on Thursday August 06, 2015 @02:31PM (#50264819)

      I hope everyone at that company is prepared for a long week.

      I wouldn't presume they last that long. An unhackable version of Windows... Is it April 1st on the Hebrew calendar?

      • It's possible to make an unhackable OS, but not very likely if they expect it to be usable. Take OpenBSD, write the libraries to implement the entire Windows API, sandbox every single program and application (one sandbox each), run everything but the memory manager and task swapper in userland ring. With a good budget you could manage it in a year.
        • write the libraries to implement the entire Windows API

          What a joke!!!?!?!? How to do it with no memory leaks? Dream on?!? What even IS the Windows API? Is it even documented anywhere?

          With a good budget you could manage it in a year.

          Microsoft has been working on Windows for decades, what are you smoking???

    • Re:Oh boy (Score:5, Funny)

      by Wrexs0ul ( 515885 ) <mmeier AT racknine DOT com> on Thursday August 06, 2015 @02:36PM (#50264851) Homepage

      Might not take a week. I hear one of their techs just met a rather pleasant prince from Nigeria...

    • Comment removed (Score:5, Insightful)

      by account_deleted ( 4530225 ) on Thursday August 06, 2015 @02:42PM (#50264897)
      Comment removed based on user account deletion
      • by ttucker ( 2884057 ) on Thursday August 06, 2015 @02:54PM (#50264965)

        Memory randomization has been around a very very very long time. It's not going to help with logical programming errors.

        It is literally already implemented in every version of Windows since Vista. Windows also uses the NX/XD features in modern CPUs.

        • by Anonymous Coward on Thursday August 06, 2015 @03:10PM (#50265099)

          It's not going to help with logical programming errors.

          It is literally already implemented in every version of Windows since Vista.

          Windows has had logical programming errors before Vista.

        • by arth1 ( 260657 )

          It is literally already implemented in every version of Windows since Vista.

          Well, yes and no.
          It allows you to change the address for DLLs, but leaves it at a predetermined address by default. You can check this by installing cygwin, and do "rebase -i nameofsome.dll"

          This is unlike the "prelink" command for Linux which requires an explicit option, -m, to not randomize.

          • by ttucker ( 2884057 ) on Thursday August 06, 2015 @10:11PM (#50267031)

            It allows you to change the address for DLLs, but leaves it at a predetermined address by default.

            Windows has a setting to enable ASLR for all applications. Microsoft even provides a handy tool to enable it; the, "Enhanced Mitigation Experience Toolkit". No special compile time gesticulations are required.

        • It is literally already implemented in every version of Windows since Vista.

          how do you "literally" implement a feature? does this work in virtual machines?

    • by mwvdlee ( 775178 )

      Why do you think they're not releasing it?

      • Re: (Score:3, Funny)

        by Anonymous Coward

        Because the code is on the unhackable Windows PC. They only get back some random binary files when they try to copy it.

    • Re:Oh boy (Score:5, Funny)

      by Penguinisto ( 415985 ) on Thursday August 06, 2015 @02:52PM (#50264953) Journal

      I hope everyone at that company is prepared for a long week.

      Why? All they did was rip out all the networking parts of that particular Windows box. Oh, and they also removed the USB drivers, the serial ports... then they sealed it in a welded metal box, then set that box in the middle of a concrete block 1m x 1m x 1m, with only the power cable and a couple of water cooling pipes sticking out. It's completely unhackable now.

    • by raymorris ( 2726007 ) on Thursday August 06, 2015 @03:49PM (#50265349) Journal

      The headline is crap, of course.

      That said, it's not too hard to have a version such that you know it's unaltered when you boot each morning. You do basically a live CD, booting from a read-only lun.

      Just as you separate a normal user USING the machine from an administrator account UPDATING the OS, you can have the OS basically read-only during use and set it to writeable only when you need to update the software. That change is done outside of the OS, either via the NAS or the hypervisor.

      In that way, you can come in eqch morning knowing your Windows system hasn't been hacked (past tense). As soon as you open IE, though, you could get a new exploit. That exploit disappears when you shut the machine down, though.

      • by rsilvergun ( 571051 ) on Thursday August 06, 2015 @04:32PM (#50265575)
        My Commodore 64.
        • My Commodore 64.

          Dream on, idiot, Commodore 64 is the poster child for bad security:

          "It is commonly reported that the first known full stealth file-infecting virus was Frodo, in 1989. In fact, that is true only for the IBM PC world. The Commodore 64 world had been infected three years earlier by what was perhaps truly the first full stealth file-infecting virus: C64/BHP.A (not to be confused with the boot-sector virus for the Atari, also known as BHP)."

          http://pferrie.tripod.com/papers/bhp.pdf

      • The headline is crap, of course.

        That said, it's not too hard to have a version such that you know it's unaltered when you boot each morning. You do basically a live CD, booting from a read-only lun.

        Just as you separate a normal user USING the machine from an administrator account UPDATING the OS, you can have the OS basically read-only during use and set it to writeable only when you need to update the software. That change is done outside of the OS, either via the NAS or the hypervisor.

        In that way, you can come in eqch morning knowing your Windows system hasn't been hacked (past tense). As soon as you open IE, though, you could get a new exploit. That exploit disappears when you shut the machine down, though.

        Or you can put Deep Freeze on it and have the same thing every time you reboot, morning, noon, or night. MEOW!

    • Gentlemen, start your keyboards.....

      100% unhackable? That's a pretty bold claim to say the least. I'm sure it's probably a hell of a lot harder than a stock version of Windows (duh) but making the claim that it's "100% unhackable" seems a wee bit ambitious.
  • I believe (Score:5, Funny)

    by Anonymous Coward on Thursday August 06, 2015 @02:22PM (#50264735)

    It is being offered to the mullahs on a flashkey.

  • by puddingebola ( 2036796 ) on Thursday August 06, 2015 @02:22PM (#50264741) Journal
    You may want to take a look at some of this company's other products, including flying serum and invisibility powder.
  • by taustin ( 171655 ) on Thursday August 06, 2015 @02:26PM (#50264779) Homepage Journal

    Just remove all input and output capabilities, and the power supply. Most secure computer in the world.

    • This. As soon as you open the computer up for the user to do anything, it can be misused. Though maybe just an output only computer would be safe :)
    • and the power supply.

      I actually laughed, thanks!

    • I think people are missing this company's solution.

      The machine boots to Windows, and then this company's product randomizes everything in RAM. Even Windows has no idea where anything is in memory anymore. Every single bit is in a completely random location, with no relation to the bits it was next to previously.

      Granted, the machine crashes at this point, but it has successfully booted and been rendered unhackable.

      For long-term security, their follow-up product will randomize all data on a hard drive. It is completely un-hackable, even with physical access. Of course the data is also irretrievable, but there are prices to security.

      • Re: (Score:3, Funny)

        by Anonymous Coward

        There is a non-zero chance that those random bits result in having Windows 1.0 or DR-DOS.

    • Don't forget to put that in a faraday cage, lest some hacker try to induce current in the circuitry.

    • Just remove all input and output capabilities, and the power supply. Most secure computer in the world.

      I have one of those, too. I believe it's called a "brick".

  • Show me! I'm not from Missouri (although I've visited a number of times).
  • by Anonymous Coward on Thursday August 06, 2015 @02:28PM (#50264791)

    According to my own internal testing, of which i've done none.

    • by mwvdlee ( 775178 )

      It just means they have zero known defects and who knows how many unknown defects.

      Anybody that claims "unhackable" knows too little about computer security to make reliable claims about security.
      If they were to say "with no known attack surface", I would trust the claim a lot more.

  • Not finished (Score:4, Interesting)

    by edjs ( 1043612 ) on Thursday August 06, 2015 @02:29PM (#50264803)

    Per the article, they've raised money and it's under development. Sounds more like they're at the generate some buzz for some more money stage of development.

    But I concede that randomizing memory (contents) does make a system pretty secure.

    • by frnic ( 98517 )

      Especially if the system doesn't let the programs running know where there variables have been moved to, or where they have been moved to, or, well, where anything is. I expect the system only needs to have it's memory randomized once per boot.

    • Sounds like a good way to get some more funding, "find out" that it doesn't work, and then fold up shop.

    • But I concede that randomizing memory (contents) does make a system pretty secure.

      And, unusable. Much like a machine with no power.

  • ...suck your dick? [theonion.com]

  • by allquixotic ( 1659805 ) on Thursday August 06, 2015 @02:38PM (#50264869)

    This company (or whoever wrote TFS/TFA about them) seems not to understand the concept of a zero-day vulnerability.

    It is ridiculous to say that one is not vulnerable to zero-day attacks. They are, in security parlance, the "unknown unknowns" - the things you don't even conceptually know of as vulnerabilities right now. One cannot design a networked computer system with any functionality whatsoever in which they can somehow know and anticipate the "unknown unknowns" (as opposed to the known unknowns, some of which can be mitigated if you're lucky).

    The unknown unknowns are, by definition, *not yet known*, so you can't design a mitigation against them until *after* you are aware of them. If awareness comes in the form of a zero-day hack, then you will fail to defend against the attack at the time it hit due to your lack of information about the attack vector.

    Also, unless this company has full access to all Windows source code for the build they have, it is very likely that one singular memory-based mitigation will not be effective against every possible attack vector that exists in the Windows codebase. So unless they have performed full formal methods verification of the entire Windows codebase to guarantee that there are no "unknown unknowns", and then fixed every security vulnerability that exists in the product in the original state in which they received it from Microsoft, this is basically snakeoil.

    Also, don't we already have ASLR? The mind boggles at the stupidity of these people. Who do they seriously think is going to buy this?

    Actually, forget I asked. They said their target was governments. I have no doubt they will sell thousands of licenses.

    • by sinij ( 911942 )
      Thankfully, they won't sell thousands of licenses since government requires certification. No lab, no matter how much they are paid, would certify something like that.
    • They got the idea from the Hacking Team

    • I strongly object 'do not even conceptually know'.
      Zero days are hardly ever fundamentally novel attacks.
      Inadequate input sanitisation, buffer overflows, ...
      http://www.zerodayinitiative.c... [zerodayinitiative.com] - for example

      None of the first several I looked at looked particularly novel, even compared with attacks of a decade or two ago.

  • Linux... (Score:2, Interesting)

    by Anonymous Coward

    has had address space randomization for how many years? Hardly unexploitable still...

  • by Anonymous Coward on Thursday August 06, 2015 @02:39PM (#50264875)

    Oh yeah, I've seen builds that were 100% solid on internal testing. Not a thing wrong with it according to automated tests, scripted manual testing, smoke testing, and random usage testing. Not a thing! A million monkeys could bang on keyboards all day long and nothing would break. Much simpler programs than an entire OS, mind you. But still, they were bullet-proof, air-tight, divine works of software engineering.

    Then we pushed them to production. Murphy's law is a moooootherfucker.

    Captcha: enraging

  • by Assmasher ( 456699 ) on Thursday August 06, 2015 @02:40PM (#50264881) Journal

    ...for approximately 15 minutes to hack the unhackable today and then resumed normal business with smirking faces all around...

  • I mean, if it's invincible to tech-based hacks, kudos to them... but the other side of that is the wall of gullible idiots that will be manning the "unhackable" systems. Some quick social engineering and their impenetrable fortress will have more holes in it than Swiss cheese.
    • If you lock down the computer so the user can't install or change anything important then social engineering is much harder. For corporate/government use that is viable.
  • It is very easy to build a system that the system's designer could not hack, or code a crypto library that the library's programmer could not break. Then if you could successfully keep the product away from other people you could have an unhackable system.

    I suspect this is the approach this startup took.
  • by aaron4801 ( 3007881 ) on Thursday August 06, 2015 @02:43PM (#50264909)
    1) Disable all network access. 2) Disable all external storage access (USB, DVD, etc). 3) Most importantly, disable all user logins.
  • Just remove the TCP stack.
    If you have physical access to the machine however, that's a different story.

    • Just remove the TCP stack. If you have physical access to the machine however, that's a different story.

      Unplug the Monitor and remove the keyboard too?

      Oh heck, just totally disassemble the computer and disconnect all the cables, store it in a EM and physically sealed container which is buried under a few feet of reinforced concrete....

      No computer is unhackable, especially one that is turned on and connected to ANYTHING else.

  • How does that defend against race condition attacks?

    • Comment removed based on user account deletion
      • by clovis ( 4684 )

        All of their code is written perfectly with no errors whatsoever. All race conditions are handled with flawless locking mechanisms. After this, you apply some unneeded buffer overflow protection in the form of memory layout randomization. I can't believe someone didn't think of it sooner.

        face-palm
        Thanks, I can see it now.
        Just use that one simple trick and I can protect my OS!

  • Right? That never sank did it?

    • Re: (Score:2, Funny)

      by Anonymous Coward

      You are correct, nobody ever hacked the Titanic.

  • ASLR? (Score:3, Informative)

    by Anonymous Coward on Thursday August 06, 2015 @03:26PM (#50265181)
    Are they just talking about Address Space Layout Randomization? Let's see - Wikipedia says [https://en.wikipedia.org/wiki/Address_space_layout_randomization] for Windows - to turn it on edit a registry key. Is that what this company did, "create" a version of windows with a registry key set?
  • by Karmashock ( 2415832 ) on Thursday August 06, 2015 @03:32PM (#50265235)

    ... but what are the chances of that?

    Security relies on certain assumptions.

    If I have a military base, I assume that whomever comes to attack my base has fewer guys with guns than I do... and I generally it will be a cold day in hell before they'll get very far into the base.

    And you assume other things... you assume that your security people can tell the difference between someone with security clearance and a birthday clown.

    We assume that the people with clearance obtained it legitimately.

    We assume that the people that were given security didn't subsequently decide to sell us out for hookers and blow.

    Assumptions.

    And there are good assumptions... assumptions that really will hold under most circumstances and bad assumptions.

    And good security is basically a process of separating out good assumptions from dumb ones. Then recognizing that your dumb assumptions were a convenient fig leaf you put over serious vulnerabilities that you actually don't have a good solution for...

    And then you need to actually come up with a GOOD assumption that covers for what were previously laughable assumptions.

    If your security is based on interlocking layers of good assumptions... are you unhackable? I don't know... its a question of perfection and perfection is hard in this universe. BUT... really fucking good security? Near perfect? Sure. I mean... you can do "excellent"... excellent is possible.

    But that's not to say that even good security should be discounted as crap. Good is often the best security possible because excellent requires time and money and competent management and users that don't have their heads wedged up their asses.

    Now will good security keep ze germans out or whatever? Typically yeah. Even good security is a bitch to get through even for a state sponsored hacking team.

    What keeps embarressing people is SHIT security or NO security.

    That is what keeps failing. Not "good security"... not "excellent security"... not "perfect security"...

    F'ing none at all keeps failing.

    So... lets not geek out on the "perfect" or "unhackable" claim. And instead lets focus on whether or not the change to the OS makes Windows have "good security". If it accomplishes so much as that then we're doing well. If they pushed it up a notch and it's EXCELLENT... Then we're doing very very well indeed.

  • I believe that I can speak for a few fellow network engineers here.

    Bullshit.

  • Install windows, disassemble the machine and store it in a totally EM and physically sealed box.

    or.....

    (Sarc on) Install your new Linux distribution you called "Windows" (Sarc off)

  • Everything was going very well, until Shlomo installed Flash player.

  • I think if Windows ran everything in something like a sandbox, where programs couldn't communicate with programs outside itself, and saw its own version of a disk system which only had itself on it, things wouldn't be bad for starters. A virus then couldn't then spread to other files on your filesystems because each program couldn't access programs outside itself.

    It doesn't help much for legacy software, but a special memory section could be used for shared memory, and a special disk location could be used for shared files.

    A system prompt would be needed before installing driver files or changing things on startup.

    This doesn't stop a keylogger from getting you though. There are ways of stopping keyloggers, but no need to get to complex stuff when people will want to shoot holes through my theory "Windows as a filesystem sandbox mode". I think about this a lot since it doesn't seem like several OSes are designed to operate in the Internet environment without getting hosed by running the wrong file. If Windows could be secure from running an occasional malware .exe, I would try out a lot more software.
  • by niceworkthere ( 2708753 ) on Thursday August 06, 2015 @04:28PM (#50265553)
    So, the only actual detail on this Wonder Windows is that it "randomizes all the memory", in other words ASLR.

    Which then poses the question... just how is this any different, let alone superior to Linux's PaX patchset - which offers ASLR since 2000 - or even grsecurity?

    • by gweihir ( 88907 )

      It differs by use of extreme marketing lies. It is well-known that ASLR makes some attacks on a system or application harder, but not impossible. It does nothing at all for other attacks.

  • These people are lying to their customers. Even hardened systems need to be operated with security in mind. And, of course, OS hardening does not a lot to harden applications.

  • by meerling ( 1487879 ) on Thursday August 06, 2015 @04:41PM (#50265625)
    100% Secure = 100% Unusable
    Security is a balancing act between usability, functionality, and safety.
    You'll never get 100% in any of those without having less than that in the other two categories.
    Sure, they may get closer to 100%, but at what cost? Is the machine running slower? Does it eat up huge amounts of HD? Does it take a 5 minutes to verify an authorized users biometrics before allowing them to do anything and if they leave it's immediate 'secure' area it totally resets?
    Not that those are what this one is or isn't doing, I was just illustrating the point that you can't have perfect security, and have a usable machine because there are always trade- offs. Especially since it's under the rule of diminishing returns. Although one great way to easily improve security is to remove humans from the loop. Of course, then you are just talking about some kind of backend or infrastructure type thing since it's only 'users' would be other machines, and even that can be compromised by compromising the machines that are allowed to be users.
    That's why I say that a machine that is totally secure, is also totally unusable. It's the only way to prevent the machine being compromised, but that's not really any good to anyone either.
  • The secret is to never connect it to the internet. or let anyone access it manually to try and hack into it....LOL!
  • In order to log in you first have to eat a jar of gefilte fish. Not only that but you have to drink the juice as well. Foolproof.

  • Is it an unpowered computer that is missing the power cord and Ethernet cable?

    Now, that's an unhackable Windows computer!

  • Let me guess: they disabled networking and all drives, memory card readers and USB ports?
  • So, I hope they aren't trying to patent too much of this idea. It's been prior art for 10 years. Here is a link to an archived version of my post: http://www.derkeiler.com/Newsg... [derkeiler.com]. It is all I could find from my phone.

    I don't mind them using the idea. I posted it publicly hoping someone would. But they can't claim to own the idea or prevent others from using it.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...