Microsoft to duplicate third-party security apps in Longhorn |
 |
By Edmund X. DeJesus, Contributing Writer
18 Mar 2004 | Security Wire Perspectives |
|
|
Microsoft's next operating system -- code-named Longhorn -- will contain some security features that third-party software vendors currently provide. These built-in features will make it tough for administrators to decide whether to buy the extra software or simply rely on Windows alone.
Longhorn, the successor to Windows XP, is expected to ship in 2006, about two years behind schedule. Alpha versions of the operating system were distributed to developers in October 2003, and that special build is available to subscribers of the Microsoft development network.
One aspect of Longhorn security is the Next-Generation Secure Computing Base (NGSCB) initiative, formerly known as Palladium.
"NGSCB will employ a unique hardware and software design to give people new kinds of security protections," explains Mario Juarez, product manager with the security business and technology unit at Microsoft.
The idea is to move some of the security burden from software to a Trusted Platform Model (TPM) chip, which will perform cryptographic functions that include storing digital keys and hashes to verify the authenticity of data. A new software component called a nexus will support two separate operating modes for Windows. In standard mode, Windows will function as usual and users would run applications without any special handling. In nexus mode, application processes will run in separate memory areas that the nexus would reserve, presumably keeping them out of harm's way.
However, it's the other new security initiatives that may be bad news for security software vendors. At the February RSA Conference, Microsoft chairman and chief software architect Bill Gates revealed several new features intended to automatically monitor system and network behavior and respond to possible threats. Similar to several existing security products, Windows would attempt to identify irregular behavior in system calls, memory usage and network traffic.
Part of this initiative -- called active protection technologies -- acts as behavior-based antivirus software products do. The approach tries to protect the system from malicious software by detecting known behaviors, then halting and containing the offending software.
"Microsoft is developing security technology that will proactively adjust computer defenses based on state changes, contain the impact and spread of worms and viruses, and prevent known attacks from compromising the system," said Jon Murchinson, product manager at Microsoft's security business and technology unit.
Dynamic system protection, another initiative component, essentially will be an intrusion detection and protection feature. It will keep track of the security patches applied to the system for known problems, and make appropriate changes to the Windows firewall to protect the system from attacks that might take advantage of any missing patches. This feature would also change security settings based on the type of network connection used, reacting to the difference between a corporate network and a dial-up connection.
"Dynamic system protection proactively adjusts defenses on each computer based on changes in state, reducing the likelihood of a successful attack," said Murchinson.
This isn't the first time that Microsoft has incorporated features from third-party software into its operating systems. Disk defragmentation, file undelete, compression and antivirus all started out as third-party products before Microsoft duplicated them. Security products appear to be next.
|
