Interview with Patchguard Architect Forrest Foltz (Windows Vista x64 Security – Patchguard follow up)

Here I am doing my thing, looking at some of the security improvements in Windows Vista x64 (see pt1 and pt2), when all of a sudden, Patchguard seems to be hot news.   [NOTE:  Readers, if you need more details on Patchguard, start with my previous post Windows Vista x64 Security – Pt 2 – Patchguard.]   So, leveraging my coveted super power of “walking down the hall”, I tracked … Read more »

Windows Vista x64 Security – Pt 2 – Patchguard

  NOTE:  I know this is a long post.  If you don’t want to read all the details I discuss here, I still encourage you to go read What Were They Thinking? Anti-Virus Software Gone Wrong, by Skywing, to give you a perspective on “known good” extensions to kernels.  Also, as always, this blog post represents my own personal analysis and opinion (based upon my own experience) and not that … Read more »

Windows Vista x64 Security – Pt 1

I recently took home a build of Windows Vista for my home machine, which happens to be a dual processor 64-bit Dell machine, and it made me curious about the differences between the x86 and x64 version of Vista – specifically security differences.    After doing a brief bit of research, I found three unique security benefits in Vista x64: ·  Hardware NX protection on globally by default. ·  Kernel … Read more »

Further Perspectives on Symantec Vista "Research"

Since my original post on last week’s Symantec paper, they’ve released another one as noted by Joris Evers in Symantec continues Vista bug hunt. Now that I’ve read both of the first two papers, I note two perspectives from Symantec on this: 1) the perspective of the researchers in their paper, and 2) the uses that the Symantec marketing team may be attempting with the content. On the first perspective, the … Read more »

New Windows Vista Security Blog

Ben Fathi, the Corporate VP of the Security Technology Unit has kicked off a new blog focused on Windows Vista Security.  I’ve added a link on the side and you can read it here: http://blogs.msdn.com/windowsvistasecurity/. Also, while I’m on the topic of Ben, let me remind you that he also hosts a Technet Chat that allows you to connect and ask him and his extended team any question you want … Read more »

Symantec Stirs the Pot

UPDATE:  Several readers sent me a link to the paper, so I have it now.  Thanks!   I didn’t use “FUD” in my title, because it frankly gets used so often, and sometimes even applied to me.  FUD (or Fear, uncertainty, and doubt) is a sales or marketing strategy of disseminating negative (and vague) information on a competitor. Now, why I don’t think this applies to my recent vulnerability metrics posts is:   … Read more »

Apples, Oranges and Vulnerability Metrics

NOTE:  I am not asserting that my vulnerability analysis demonstrates that Windows is more secure.  Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows.  The “unsupported” part of that bothers me, so I check for myself.  What I keep finding is that Linux distributions have more vulnerabilities, more serious vulnerabilities and the data does not support the … Read more »

Windows vs Linux (Red Hat) – Workstation – 1st Half 2006

NOTE:  I am not asserting that my vulnerability analysis demonstrates that Windows is more secure.  Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows.  The “unsupported” part of that bothers me, so I check for myself.  What I keep finding is that Linux distributions have more vulnerabilities, more serious vulnerabilities and the data does not support the … Read more »

Debian Site Hacked Again

Debian developers learned this morning that someone had hacked into one of the project servers (gluck), so the debian team took all of the servers offline to investigate, flatten and rebuild.  Here’s the message: http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html Please note that you should not confuse this hack of the Open Source debian project with the one from November, 2004, Hackers Attack Debian Linux.  That was a completely different incident.

FAQ (frequently asked questions) about Think Security Vulnerability Comparisons

This document will be updated as time goes on.  It is a repository for questions and answers related to analyses posted on my blog comparing vulnerability counts, days-of-risk and workload vulnerability indices for Windows and Linux distributions.  If you have more questions, post them as comments and I’ll update with an answer as appropriate. Best Regards ~ Jeff Q1.  Why is there a difference in “vulnerability fix events” and “unique … Read more »