I have a recurring nightmare where the economy gets so bad I’m reduced to reporting the daily bugs found in Windows for a living. At least I’d be busy: Not one, but two of the worst kind - “buffer overflow vulnerability” in geekspeak - were announced in the past 24 hours. There are plenty more where they came from. One of these bugs could let a mid-level programmer in a bad mood take over thousands of computers again, as happened with Code Red and Slammer. All operating systems are vulnerable, but Windows’ success makes it the target of choice, with the most potential for damage from a single bug.
On Slate today, I suggest the obvious cure for Internet worms: Take the three-point memory protection system just announced by the OpenBSD team, and wrangle it (or something like it) into the Longhorn release of Windows for 2005. It won’t stop all worms and viruses, but it would have stopped Code Red, Nimda, and Slammer.
A Microsoft spokesman told me, “It is too early to talk about features in Longhorn.” It’s not too early to cross my fingers and hope, is it?
Response from a real computer scientist
Emery Berger, assistant professor in the computer science department at UMass Amherst, emailed me to disagree that the fix is here:
Stack smashing is hardly the only means of attack, and StackGuard-like technology is not impregnable. Buffer overflows can be leveraged for heap-based attacks, which the OpenBSD randomization of the base location for the heap will not fix. Preventing writable segments from being executable is not only cumbersome under the x86, it also precludes the use of Java just-in-time compilers.
This is all a very active area of research, and while I would be the first to agree that we should be adopting any and all reasonable security mechanisms, it is premature in the extreme to suggest that this is a solved problem.
Regards,
– emery
Good news from a Microsoft developer
Brandon Bray posted some timely news over at the Fray. To summarize for him: Many buffer overflows could be blocked just by recompiling applications with his team’s new C++ compiler.
Visual C++ .NET 2003 and Windows Server 2003 ship employing these techniques to detect and stop certain buffer overrun attacks. These products launched today!
Security checks were available in the previous version of Visual C++. They were significantly improved in the product released today. Since Windows Server 2003 was built with these technologies, and implements several more of its own, it by itself is a tremendous improvement in the reliability and security of the Windows operating system.
There is already some great information about security checks in the last version of the product. More information about the improvements and new technologies in Visual C++ .NET 2003 and Windows Server 2003 will be available as soon as I have the time to write it up.
Brandon Bray
Visual C++ Compiler Team
