Re: Hola from G-Con

[jackkoziol () speakeasy net]

"I have a strong feeling that Microsoft will
“innovate” a grsecurity+PaX solution for their next OS. I hope they
don't of course."


Steve Ballmer announced this month the next service pack for windows 2k3 and XP available early next year will include 
some sort of page protection and non-executable stack, as well as some other lesser known registry configuration 
settings enabled by default. Sounds like grsecurity for windows to me. See press release from msft at end of message.

Thing I dont get, is why everyone so upset that every OS is borrowing concepts that the PaX team came up with? We all 
saw the thread on bugtraq about this a few weeks ago, and it is plainly obvious that the theo and the Openbsd people 
have borrowed ideas. Im sure microsoft will do the same thing, and they should. Isn't that the very point of open 
source gpl'ed software? If you want to be a communist and release your code gpl, why bitch when people steal your 
ideas? Isnt that your goal? Remember what your mom told you when you were a kid, Imitation is the best form of 
flattery. 

When ISS, Symantec and NAI start hawking patented "block-based fuzzer creation kits" for 25k, are you going to be 
pissed? I think it would be quite a compliment to have a whole industry built around your ideas. I think we are going 
to see the same thing with PaX...


----------------------------------------------------------------------

Updates to Windows XP and Windows Server 2003

Ballmer highlighted the need for security innovation, pointing out that patches and guidance are only part of the 
solution, and that as exploits become more sophisticated the technology must evolve to become more resilient. Ballmer 
announced Microsoft's new safety technologies designed to enable customers to more effectively protect their computers 
and systems from malicious attacks even if patches do not yet exist or have not yet been installed. These safety 
technologies will first ship in Service Pack 2 for Windows XP, planned for the first half of 2004, and subsequently in 
the Service Pack 1 for Windows Server 2003.

"Our goal is to enable increased protection and resiliency of systems and networks," Ballmer said. "Our highest 
priority is developing these safety technologies for our customers. This is a key area of focus for us."

These security advancements for Windows XP will focus on protections against the four types of attacks that constitute 
the largest percentage of threats: port-based attacks, e-mail attacks, malicious Web content and buffer overruns.

For Windows Server 2003, the safety technologies will enable remote-access-connection client inspection and intranet 
client inspection to help protect corporate networks from potential infections introduced by mobile systems. These 
technologies are expected to be available in the second half of 2004.




_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave