She is very interested in stealth technology as used by malware and attackers to hide their malicious actions after a successful break-in. This includes various types of rootkits, network backdoors and covert channels.
How did you get interested in Windows security?
When I started to play with Windows internals, I already had a background with Linux usermode exploitation and kernel programming. Move to Windows was a natural evolution and was mostly dictated by my curiosity.
What's your general take on the security aspects of Windows Vista? Is it much more secure than Windows XP as Microsoft is telling us?
Indeed, Vista introduced lots of security improvements comparing to XP. The most important one is probably the User Account Control feature which will hopefully force people to work from restricted accounts. UAC is still far from perfect - e.g. it's pretty annoying that every single application installer (even if it is Tetris) asks for administrative credentials and the user has no real choice to continue the installation *without* agreeing on that. However, I see UAC as an important step towards implementing the least-privilege principle in Windows.
Also, Microsoft introduced some anti-exploitation technologies, like e.g. ASLR and invested a lot of money and time into improving the quality of the code behind the operating system and the applications.
The introduction of BitLocker technology which makes use of the Trusted Platform Module (TPM) to assure the integrity of the booting processes seems like an important improvement. Of course, this should not be though of as a silver bullet solution against rootkits and all other malware.
In the 64-bit version of Vista, Microsoft also introduced the requirement that all kernel drivers must be digitally signed, but I don't believe this mechanism to be effective in stopping kernel malware. Also, the much discussed Kernel Patch Protection (AKA Patch Guard), should not be though of as an effective protection against kernel compromises, as it's relatively easy to bypass by the malware authors. Still, I see those two mechanism as useful when it comes to system compromise *detection* (in contrast to prevention) - at least when it comes to type I malware.
In your opinion, what is the biggest mistake Microsoft has made when it comes to security in 2006?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.