I have read somewhere that quotation is safe way how to say something potentially dangerous or controversial without being legally exposed . So today I am going to quote an authority in computer security – Steve Gibson on some very interesting Vista related security information.
Steve is doing (together with Leo Laporte) excellent weekly podcast “Security Now!”. It is so great that I have decided to download as many back episodes as I could find on their site and started to listen to them in the chronological order, back from June 2006. It was worth of every minute. I am now somewhere in August 2006 and Steve Gibson (== SG) covered interesting tricks what to do with you hosts file, very nicely explained the usefulness of netstat program and started multi-episode sequence on virtualization and virtaul machines. Thanks to many years of experience, Steve always gives a historical perspective on every topic he covers.
What I want to mention (and quote) is the Vista security and Microsoft claims that
a) Vista is the most secure Windows system ever written and much more secure than previous versions of Windows
b) the Vista code was written from scratch which should be in support and a contribution to a)
As SG said, security is something that is earned, not claimed. No company can say that system XYZ is most secure – it can just release it and let the reality – how the system stands in hard battles of attacks – decide how secure or insecure the system is. For that reason, according to SG, saying anything about Vista security is at minimum premature – and nothing really new, because similar claims were made with release of Windows 2000 and Windows XP. The reality did not quite support that claim – and XP was at least unti SP2 a “land of worms”.
Microsoft claims to have fresh new TCP/IP stack in Vista, written from scratch. Unfortunately – according to SG – this time it seems to be so. The reason why “unfortunately” are implication of having new, untested “virgin stack” for security. SG offers nice historical perspectives on issues of Windows networking implementation – mentions famous problems like machine freeze on packet with spoofed source address being same as destination, SYNC flood attacks, the “ping of death” and how all these were found and eventually fixed. Now, with fresh new stack, at least one of these problems that was fixed long back in the times of Windows 95 re-appered again in Vista.
The episode also gives very interesting peek on history of network stack in Windows. As SG points out, Microsoft suddenly got in Windows 2000 very good, solid and mature networking implementation, a huge improvement in stability and performance against previous versions of Windows.
TCPIP stack is very complex piece of software and traditionally the most solid, most performant and certainly most secure implementation were found in open source Unix variants like FreeBSD and OpenBSD. Network experts use special tools to “fingerprint” the implementation – by sending specially crafted packets are analyzing the response, they can tell apart one implementation from the other, without actually having access to the stack’s source code. And strangely enough – according to SG – the greatly improved Win2000 stack showed amazing compatibility and similarity in responses, quirks and “fingerprint” to BSD implementation . Draw your own conclusion
I am pretty sure that decision to start from scratch and rewrite was carefully considered at Microsoft. There certainly were very many reasons for this: new features added, support for IPv6, and so on. Starting new often makes sense. What is wrong with it is presentation and marketing message that “it is much better because it is new”.
As this article in Joel On Software puts it
“All new source code! As if source code rusted.The idea that new code is better than old is patently absurd. Old code has been used. It has been tested. Lots of bugs have been found, and they’ve been fixed. There’s nothing wrong with it. It doesn’t acquire bugs just by sitting around on your hard drive. Au contraire, baby! Is software supposed to be like an old Dodge Dart, that rusts just sitting in the garage? Is software like a teddy bear that’s kind of gross if it’s not made out of all new material .. “
We will probably never know what was the real reason for TCP/IP stack rewrite, neither will know how to interpret “amazingly similar” behaviour of Windows 2000 stack and BSD implementation. The recent events of complicated deals related to intellectual property between Novell and Microsoft, and rumors of possible legal battles on IP with other Linux vendors, do not make it any clearer either.
What almost sure, that despite the claims, we can expect old new bugs appearing in Vista networking and it will take quite some time until security experts as SG can test Vista enough to be comfortable with degree of security it really offers. I am in no hurry to upgrade – running Vista in virtual machine sounds like best approach right now, at least until Service Pack 2 .