Microsoft to present at Black Hat
So, Microsoft will be doing a track at Black Hat this August.
I guess their goal is to show off the security enhancements in the Vista product line.
I suspect they are laying the groundwork with security researchers. Show off their wares. Placate and get buy-in.
I have no reason to believe that Vista will be any more secure than XP.
The size of the operating system coupled with the fact that the vast majority of Windows flaws are simple buffer overflow attacks point to an equally insecure operating system.
If Microsoft wants to build a secure OS, they need to build a small OS.
It’s much easier to secure 1 million lines of code than 140 million…
Microsoft loves to build functionality into the core. Integration of software is great, but it leads to complexity. Complexity leads to insecurity.
I honestly believe that if the courts had forced Microsoft to split into multiple companies, security would have vastly increased.
There is no guarantee that each company would create secure code, but if the OS developers were only responsible for writing a secure OS, then we might not see simple buffer overflows from Internet Explorer from leading to system level access to the box.
Disjoined (loosely coupled) software would be developed, allowing users to choose what they want to install. Smaller install = smaller attack surface = increased security.
I point to OpenBSD here. Highly secure kernel. But no guarantee on the security of installed application’s. Don’t see to many PWNED OpenBSD boxes because of a flawed browser install…
Bill