Latest news
Joanna Rutkowska is primarily known for her contributions to Windows Vista backdoor installation and hiding techniques.She is very interested in stealth technology as used by malware and attackers to hide their malicious actions after a successful break-in. This includes various types of rootkits, network backdoors and covert channels.
How did you get interested in Windows security?
When I started to play with Windows internals, I already had a background with Linux usermode exploitation and kernel programming. Move to Windows was a natural evolution and was mostly dictated by my curiosity.
What's your general take on the security aspects of Windows Vista? Is it much more secure than Windows XP as Microsoft is telling us?
Indeed, Vista introduced lots of security improvements comparing to XP. The most important one is probably the User Account Control feature which will hopefully force people to work from restricted accounts. UAC is still far from perfect - e.g. it's pretty annoying that every single application installer (even if it is Tetris) asks for administrative credentials and the user has no real choice to continue the installation *without* agreeing on that. However, I see UAC as an important step towards implementing the least-privilege principle in Windows.
Also, Microsoft introduced some anti-exploitation technologies, like e.g. ASLR and invested a lot of money and time into improving the quality of the code behind the operating system and the applications.
The introduction of BitLocker technology which makes use of the Trusted Platform Module (TPM) to assure the integrity of the booting processes seems like an important improvement. Of course, this should not be though of as a silver bullet solution against rootkits and all other malware.
In the 64-bit version of Vista, Microsoft also introduced the requirement that all kernel drivers must be digitally signed, but I don't believe this mechanism to be effective in stopping kernel malware. Also, the much discussed Kernel Patch Protection (AKA Patch Guard), should not be though of as an effective protection against kernel compromises, as it's relatively easy to bypass by the malware authors. Still, I see those two mechanism as useful when it comes to system compromise *detection* (in contrast to prevention) - at least when it comes to type I malware.
In your opinion, what is the biggest mistake Microsoft has made when it comes to security in 2006?
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
