zlacker

[return to "Qubes OS 3.1 has been released"]
1. krylon+wj[view] [source] 2016-03-10 20:34:19
>>jfreax+(OP)
I remember reading a discussion a couple of years back where somebody wondered why Microsoft did not go a similar route for Windows. The original context was backwards compatibility with applications written for older releases of Windows.

But given the general security situation on Windows, it would be really nice to have, for example, the browser strongly isolated from the rest of the system.

The idea of using virtualization to enforce stronger isolation between different parts of the system seem like a good one, and it does not appear to be that non-obvious (of course, in hindsight so many things do).

◧◩
2. nickps+621[view] [source] 2016-03-11 05:33:19
>>krylon+wj
Microsoft is doing all sorts of things for security. They added ways to remove privileges from apps, rolled out SDL reducing vulnerabilities tremendously, implemented Windows Integrity Controls with IE at lowest level, added EMET, added whitelisting, pushed managed code, started designing sandboxing schemes like Xax architecture, added a hypervisor (Hyper-V), did mathematical verification on it, and so on. I can easily say Microsoft is putting more work into security in their various layers than Linux/BSD, even OpenBSD in some ways.

Thing is, there's been third party solutions to handle virtualization-based security for Windows for anyone willing to buy them. People mostly don't. So, Microsoft rightly doesn't give a shit. It's why I tell people to use third-party enhancements if they rely on Windows or switch to Linux/BSD due to greater options for security not to mention what CompSci is cranking out for them.

◧◩◪
3. krylon+713[view] [source] 2016-03-12 11:46:04
>>nickps+621
> Microsoft is doing all sorts of things for security.

Indeed they are. Compared to Windows XP (pre-SP2), Windows has come an incredibly long way.

I just cannot help thinking that if they used virtualization the way Qubes OS does, they could both incrase isolation of applications and maintain backwards compatibility without having to jump through the countless hoops I imagine Windows developers must meet on a regular basis.

Hyper-V could be a very nice foundation for such an approach, at least in my fertile imagination. ;-)

◧◩◪◨
4. nickps+Vi3[view] [source] 2016-03-12 17:13:09
>>krylon+713
Oh, I agree with that. It could be a benefit on top of what they have. A Dom0/hypervisor solution from them could actually be safer given they have tools for mathematically verifying both driver interactions and low-level system code. SLAM has been applied to drivers for years now. HyperV was verified with their VCC toolkit. So, they'd be a stronger than average foundation.

The best route for isolation, though, is to apply one of the industry separation kernels or virtualization schemes from CompSci that leave more untrusted. Good news is that I found a great document that describes MILS in detail plus some prior work and terms:

http://www.euromils.eu/downloads/2014-EURO-MILS-MILS-Archite...

GenodeOS is OSS built similar to MILS from European CompSci:

http://genode.org/documentation/general-overview/index

[go to top]