Friday, October 20, 2006

Microsoft Vista Driver Authentication

In this article a Singapore security expert shows how Microsoft Vista correctly blocks a malicious driver attack, and yet how other vulnerabilities exist in the driver security process added to the operating system. Microsoft Vista driver authentication

At least I applaud Microsoft for making attempts to resolve this problem but it looks like they still have a ways to go.

My friend from Microsoft just warned me that Vista's new security model is not good, however he didn't say why. He was in the past working on something to control driver security and completely frustrated with Microsoft and his job. He used to work with really smart people and sounds like they left one by one and no one wants to solve the "really hard problems". Could it be that Microsoft is infiltrated with people who do not want to solve these problems? Or is it that they just don't want to take the risk of doing something extremely complicated and have it exploited and put their heads on the chopping block at Microsoft? Who knows.

Even if Vista's new security model is not good - could it be worse that what existed before? It seems that some level of authentication is better than none, doesn't it?