Microsoft is planning a series of security improvements to
Windows, yet each layer of software protection it adds increases
the security risk, an analyst firm has warned.
A report by Burton Group said that although Windows 2003 could be
deployed as a flexible and inexpensive application server, its
security has a chequered past. According to Dan Blum, senior
vice-president and research director at Burton Group, attacks such
as Nimda, Code Red and Slammer have slowed Windows server adoption
in large enterprise extranet and service provider environments,
where Linux/Unix servers are generally preferred.
The problem lies with Win32, the programming interface used by most
applications, he said.
Because there is no code access control in Win32 subsystems, Com,
or ActiveX, Blum warned that any software component running on the
Windows system could invoke any other component and attempt to do
anything it wants.
Malicious programs have many opportunities to attempt buffer
overflow or other attacks to subvert discretionary access controls
and other system protections. In other words, a rogue Win32 program
would be able to undo any steps Microsoft may take to lock down
Windows security.
The report recommended that users avoid ActiveX and the Win32
application programming interfaces and instead develop code in
.net, an architecture based on managed code, which reduces the
effect of programming errors.
Blum said, "Like Java, managed code based on .net runs in a
sandbox." Such a sandbox is designed to prevent the code from
crashing the operating system. The code runs on a virtual machine
rather than computer hardware. As a result, it is much harder to
compromise, he added.
Security problems are exacerbated by the fact that Windows 2003 is
designed to be an integrated platform and as a result is based on
complex dependencies between various operating system components.
To tighten security on a Linux or Unix platform users can remove
functionality by configuring the kernel or recompiling it, but this
is not as easy on Windows. "All Linux and Unix operating systems
are much simpler than Windows," said Blum.
Bradley Tipp, national system engineer responsible for security at
Microsoft, defended Windows 2003's security. "With an integrated
approach it is much easier to apply patches, since the user does
not have to go to multiple supplies to secure the operating
system," he said.