The future of security - 64-bit platforms and beyond - some musings

View previous topic View next topic Go down

The future of security - 64-bit platforms and beyond - some musings

Post by ssj100 on 22/6/2010, 06:11

I'll start by saying that I'm still happily running a 32-bit system and enjoying the excellent protection Sandboxie provides. It's been generally recommended that you'd only significantly benefit from running a 64-bit system if you have 4Gb or more of RAM installed. It is highly likely that in the future, we will be seeing more and more programs and systems utilising 4Gb or more of RAM. Therefore, 64-bit (and beyond) platforms are indeed the future.

Unfortunately (or perhaps some would argue fortunately) Microsoft have implemented PatchGuard, which prevents kernel tampering. Why is this important for security programs? Simply because many security programs require kernel hooking/installation in order to provide the highest level of protection. For example, read this here in the context of Sandboxie:
http://www.sandboxie.com/index.php?NotesAbout64BitEdition
This shortcoming is the result of a new security feature introduced in 64-bit editions of Windows, called Kernel Patch Protection. This feature aims to protect the core of Windows (the kernel) by regularly performing self-checks to detect changes.

The problem is that a stock Windows kernel does not provide all the facilities necessary to implement a security solution such as Sandboxie. On 32-bit Windows, Sandboxie can dynamically enhance the Windows kernel to provide the missing functionality. This is not possible on 64-bit Windows, due to the Kernel Patch Protection feature.

I personally feel (for now) that Sandboxie (by itself) is a dying product in terms of providing solid security on 64-bit platforms and probably beyond, and I'm not alone:
http://www.sandboxie.com/phpbb/viewtopic.php?p=53857#53857
This is called security through obscurity, and it's no security at all.

Basically compared to 32-bit, Sandboxie 64-bit (and many other security programs) are only providing strong protection because "not many people are using Sandboxie and therefore malware writers won't program their malware to specifically bypass Sandboxie". On 32-bit, it is implied that even if malware writers wanted to program their malware to specifically bypass Sandboxie, they would have a very hard time doing so. This appears to not be the case for Sandboxie 64-bit.

Furthermore, developers of light virtualisation (Shadow Defender, Returnil) are also realising their product weaknesses intrinsically/conceptually, thus prompting the addition of other mechanisms of protection (note how Coldmoon mentions the anti-execution mechanism of protection):
http://www.wilderssecurity.com/showpost.php?p=1697352&postcount=10
This was the reason we added antimalware, antiexecute...

Pleasingly (for me at least), I have come to realise that the most powerful anti-execution mechanism of protection is already found in our OS's - SRP/AppLocker. Because AppLocker is yet to be bypassed (even by POCs), moving on to a 64-bit platform (Windows 7 Ultimate) will be tolerable with regards to the concept of having "100%" security (and not just security through obscurity). As I have mentioned, I will also most likely still choose Sandboxie for the "containment" mechanism of protection even on a 64-bit platform if just to keep the system "lean and clean" (from "benign" junk accumulation). Also, let's not forget that Sandboxie's start/run/internet restrictions would still play a significant role (eg. your anti-execution mechanism of protection is provided) and would still add a strong layer of protection in many scenarios even on 64-bit platforms.

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The future of security - 64-bit platforms and beyond - some musings

Post by Guest on 22/6/2010, 07:29

To be fair to tzuk, he had absolutely no intention of making Sandboxie 64 but under pressure he eventually relented but was very unhappy about it.
I'm happy to stay with a 32 bit system . My "main" pc is still my old Intel celeron 900, 512 megs o' ram and a 120 gig drive, I like it and I tend to stay with what I like whilst I still can. I don't like to be bullied by market forces.

Guest
Guest


Back to top Go down

Re: The future of security - 64-bit platforms and beyond - some musings

Post by ssj100 on 22/6/2010, 08:07

patrick wrote:To be fair to tzuk, he had absolutely no intention of making Sandboxie 64 but under pressure he eventually relented but was very unhappy about it.

Just to be clear on my pesonal standing - I am supporting Tzuk all the way here.

patrick wrote:I'm happy to stay with a 32 bit system . My "main" pc is still my old Intel celeron 900, 512 megs o' ram and a 120 gig drive, I like it and I tend to stay with what I like whilst I still can. I don't like to be bullied by market forces.

Completely agree. My 32-bit Windows XP system is doing all I need it to do and lightning fast. I plan to hold on to this exact system until 2014 (when Microsoft will cease supporting Windows XP, and when hopefully "Windows 8" will be out).

_________________
Sandboxie + LUA + SRP + DEP + SuRun
Windows Firewall + NAT Router + IPSec (on-demand)
VirtualBox (on-demand)
Drive SnapShot (on-demand)
avatar
ssj100
Administrator
Administrator

Posts : 1389
Join date : 2010-04-14

View user profile http://ssj100.fullsubject.com

Back to top Go down

Re: The future of security - 64-bit platforms and beyond - some musings

Post by Guest on 22/6/2010, 12:21

I know Smile It was just a general statement, not a comment on your personal stance.
ssj100 wrote:Just to be clear on my personal standing - I am supporting Tzuk all the way here.

Guest
Guest


Back to top Go down

Re: The future of security - 64-bit platforms and beyond - some musings

Post by Sponsored content


Sponsored content


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum