*** Welcome to piglix ***

Criticism of Windows Vista


Windows Vista, an operating system released by Microsoft for consumers on January 30, 2007, has been criticised by reviewers and users. Due to issues with privacy, security, performance, driver support and product activation, Windows Vista has been the subject of a number of negative assessments by various groups.

For security reasons, 64-bit versions of Windows Vista (and of Windows 7 as well) allow only signed drivers to be installed in kernel mode. Because code executing in kernel mode enjoys wide privileges on the system, the signing requirement aims to ensure that only code with known origin execute at this level. In order for a driver to be signed, a developer/software vendor will have to obtain an Authenticode certificate with which to sign the driver. Authenticode certificates can be obtained from certificate authorities trusted by Microsoft. Microsoft trusts the certificate authority to verify the applicant's identity before issuing a certificate. If a driver is not signed using a valid certificate, or if the driver was signed using a certificate which has been revoked by Microsoft or the certificate authority, Windows will refuse to load the driver.

The following criticisms/claims have been made regarding this requirement:

Microsoft allows developers to temporarily or locally disable the signing requirement on systems they control (by hitting F8 during boot) or by signing the drivers with self-issued certificates or by running a kernel debugger.

At one time, a third-party tool called Atsiv existed that would allow any driver, unsigned or signed to be loaded. Atsiv worked by installing a signed "surrogate" driver which could be directed to load any other driver, thus circumventing the driver signing requirement. Since this was in violation of the driver signing requirement, Microsoft closed this workaround with hotfix KB932596, by revoking the certificate with which the surrogate driver was signed.

Security researchers Alexander Sotirov and Mark Dowd have developed a technique that bypasses many of the new memory-protection safeguards in Windows Vista, such as address space layout randomization (ASLR). The result of this is that any already existing buffer overflow bugs that, in Vista, were previously not exploitable due to such features, may now be exploitable. This is not in itself a vulnerability: as Sotirov notes, "What we presented is weaknesses in the protection mechanism. It still requires the system under attack to have a vulnerability. Without the presence of a vulnerability these techniques don’t really [accomplish] anything." The vulnerability Sotirov and Dowd used in their paper as an example was the 2007 animated cursor bug, CVE-2007-0038.


...
Wikipedia

...