Analyst claims additional security layers in Windows add to risk

Microsoft is planning a series of security improvements to Windows, yet each layer of software protection it adds increases the...

Microsoft is planning a series of security improvements to Windows, yet each layer of software protection it adds increases the security risk, an analyst firm has warned.

A report by Burton Group said that although Windows 2003 could be deployed as a flexible and inexpensive application server, its security has a chequered past. According to Dan Blum, senior vice-president and research director at Burton Group, attacks such as Nimda, Code Red and Slammer have slowed Windows server adoption in large enterprise extranet and service provider environments, where Linux/Unix servers are generally preferred.

The problem lies with Win32, the programming interface used by most applications, he said.

Because there is no code access control in Win32 subsystems, Com, or ActiveX, Blum warned that any software component running on the Windows system could invoke any other component and attempt to do anything it wants.

Malicious programs have many opportunities to attempt buffer overflow or other attacks to subvert discretionary access controls and other system protections. In other words, a rogue Win32 program would be able to undo any steps Microsoft may take to lock down Windows security.

The report recommended that users avoid ActiveX and the Win32 application programming interfaces and instead develop code in .net, an architecture based on managed code, which reduces the effect of programming errors.

Blum said, "Like Java, managed code based on .net runs in a sandbox." Such a sandbox is designed to prevent the code from crashing the operating system. The code runs on a virtual machine rather than computer hardware. As a result, it is much harder to compromise, he added.

Security problems are exacerbated by the fact that Windows 2003 is designed to be an integrated platform and as a result is based on complex dependencies between various operating system components.

To tighten security on a Linux or Unix platform users can remove functionality by configuring the kernel or recompiling it, but this is not as easy on Windows. "All Linux and Unix operating systems are much simpler than Windows," said Blum.

Bradley Tipp, national system engineer responsible for security at Microsoft, defended Windows 2003's security. "With an integrated approach it is much easier to apply patches, since the user does not have to go to multiple supplies to secure the operating system," he said.

Read more on IT risk management