BlueHat IL 2023 - David Weston - Default Security

preview_player
Показать описание
The journey towards default security

This talk will take the audience through the evolution of Windows security and provide insight into the latest advances. This will include a technical overview of the some of the recent capabilities in the Windows 11 OS as well as hardware. Finally the audience will also get a view of future changes in Windows that will have a large impact in preventing attacks and the exploitation of vulnerabilities.
  1. Microsoft Israel R&D Center
Рекомендации по теме
BlueHat IL 2023 0:54:35

BlueHat IL 2023 - David Weston - Default Security

BlueHat IL 2023 0:40:40

BlueHat IL 2023 - David Chisnall - CherIoT

BlueHat 2023: David 0:28:06

BlueHat 2023: David Weston Keynote

BlueHat IL 2023 0:43:20

BlueHat IL 2023 - James Forshaw - Windows Authentication

BlueHat IL 2023 0:01:28

BlueHat IL 2023

BlueHat IL Nights 0:00:56

BlueHat IL Nights 2023 - Recap

BlueHat 2023: Houdini 0:44:07

BlueHat 2023: Houdini of the Terminal with David Leadbeater

BlueHat IL 2023 0:35:54

BlueHat IL 2023 - Diane Dubois & Julien Bachmann - Virtual machines on Kubernetes pods

BlueHat IL 2018 0:46:28

BlueHat IL 2018 David Weston Windows Hardening with Hardware

BlueHat IL 2020 0:45:16

BlueHat IL 2020 David Weston Keeping Windows Secure

BlueHat IL 2022 0:37:42

BlueHat IL 2022 - Gil Dabah - Smash The Ref - A Design Flaw in Windows Kernel

BlueHat IL 2020 0:26:46

BlueHat IL 2020 - Boris Larin - Retrospective on the Latest Zero-days Found in the Wild

BlueHat IL 2022 0:52:46

BlueHat IL 2022 - Andrew Morris - Staying Ahead of Internet Background Exploitation

The BlueHat Podcast 0:41:28

The BlueHat Podcast Episode 001: David Weston on the Importance of Security Research

BlueHat 2023: Why 0:32:56

BlueHat 2023: Why I Write My Own Security Tooling with James Forshaw

David Weston: 'Builders 0:01:39

David Weston: 'Builders and Breakers'

BlueHat 2023: Catch 0:43:19

BlueHat 2023: Catch Me If You Can in the Eyes of Authorization with Cameron Vincent & Sean Hinch...

BlueHat 2023 0:01:00

BlueHat 2023

BlueHat IL 2022 0:36:20

BlueHat IL 2022 - Samuel Groß & Ian Beer - A Brief History of iMessage Exploitation

BlueHat IL 2020 0:01:22

BlueHat IL 2020 - Recap

BlueHat IL 2019 0:00:58

BlueHat IL 2019 - Day 1 Recap

BlueHat 2023: High 0:36:18

BlueHat 2023: High Risk Users and Where to Find Them with Masha Sedova

BlueHat IL 2018 0:01:24

BlueHat IL 2018

BlueHat IL 2020 0:28:07

BlueHat IL 2020 - Kevin Bock & George Hughey - Geneva: An AI Approach to Evading Nation-State...

Комментарии
Автор

For App Signing, making code certificates easier to obtain would be nice (especially for open-source software). Requiring $250+ a year for code signing certificate makes it less likely for open source software developers to actually use code signing.

Also, if code signing takes off significantly, it could be combined with the Web's way of Certificate Transparency. This ensures we have transparency (in the sense no apps are secretly signed). It can also be combined with CRLite so Smart App Control could be done mostly offline.

ckingpro
Автор

It would be a great sign to get all these things, and not have ads in the start menu, file explorer, and system settings screens.

keyboard_g
Автор

I assume the James he was referring to at 2:08 is James Forshaw? :D

gsuberland
Автор

MSIX is good. But code signing is the problem for small project or Open Source one. Too expensive.

MrBrouilles
Автор

I honestly don't see the app isolation side of this taking off for general applications, and Notepad++ is a perfect example of why. The required file access for NP++ is unbounded - it should be able to open every single file on the system, wherever it is. If you set up the policy to say "by default it can access Documents, but you can grant it access to anything else on an individual basis", all you're doing is adding busywork for the user in exchange for no practical security benefit, because anyone who does use NP++ is going to grant that access, and if you install the app but don't use it then there's no security impact in the first place. This isn't even a technical user thing - people are going to want to open text files from USB drives and other non-C:\ fixed drives. If you don't allow additional resources to be granted access, you're basically asking the user to copy the file into the documents path, edit it, then copy it back. A more permissive policy that allows access to everything except system directories, program files, etc. might be alright, but that still adds friction and it's not the only problem with this approach.

The prospect of "oh just get your users to return ETLs" is pie-in-the-sky thinking. I laughed when it was mentioned. Nobody is going to do that! It's funny that selinux policies were mentioned earlier on, because it has exactly the same problem. On top of that, nobody wants to debug why their app crashes in an obscure code path where it accesses some random registry key that wasn't spotted by the capability profiler, and nobody wants to debug this when the app supports 3rd party plugins. Sandboxing off other resources like COM, object namespaces, etc. is cool, because that's much less of a chore to manage, but prescriptive registry and file access policies are just too much of a maintenance hassle. If this ends up being mandatory for MSIX deployment, 99% of apps are not going to use it, and it'll suffer the same fate as UWP.

There's some great stuff in here but the app isolation just seems like the same stuff Microsoft tried before but with a new name, new tooling, and the same practical usability problems. I'm willing to be proven wrong but I strongly suspect that this isn't going to meet the "don't annoy the user" and "make it easy for devs" goals that were espoused at the start of the talk.

gsuberland
Автор

About Win32 isolation, does it mean I can isolate any executable without any code change? Like restricting file access for a suspicious installer downloaded from web?
If so, then this is the Docker-like lightweight Windows app sandbox I've dreaming for years!

Tadokolov
Автор

Great to see Microsoft finally starting to innovate again after a 16 year snooze. Thank you, this is legitimately exciting. Now grow some dignity and remove those damned ads from the start menu, please.

BinarySplit
Автор

can pluton firmware updated from Linux too ?

BeyondImaginationzz
Автор

Great speaking skills David. Nice presentation.

Arak is my favorite ;)

xeb-
Автор

Well, better late than never I guess.

seltmitchell
Автор

ZorinOS is looking like a better option everyday that passes.

floweringmind
Автор

nice try, ms, but no. return 10's sane design

guai
Автор

Why are you pronouncing Latin phrases with English pronunciation?

wissenschaftler
Автор

damn.... time to switch back to linux then i guess :^)

Digidan
Автор

you will never stop the hackers ever Microsoft knows that.
MS add useless stuff and create more bugs on every new update. Did you even listen to customers? we are tired of your useless stuff / simple OS like windows 7 is more functional than windows 10 and 11.

yooanto