- Apr 26, 2011
- 2,779
The need for software security has been known for a long time, yet software exploits continue to be a problem. The root of the problem lies withing the software itself. Bluntly stated, most software is not secure. Companies like Microsoft are making huge strides in designing better security for the future, but current operating system code is written in C or C++, computer languages that by their very nature introduce severe security holes. These languages give rise to a problem known as buffer-overflow exploits. The buffer--overflow bug is the most significant weakness in software today. It has been the enabler for thousands of software exploits. And, it's a bug--an accident that can be fixed.
Buffer-overflow exploits will eventually go away, but not in the near future. Although a disciplined programmer can write code that does not have buffer-overflow bugs (this is regardless of language; even a program written by hand in Assembly can be secure), most programmers are not that diligent. The current trend is to enforce safe coding practices and follow this up with automate code-scanning tools to catch mistakes. Microsoft uses a set of internal tools for this purpose.
Automated code-scanning tools can catch some bugs, but not all of them. Most computer programs are very complex, and it can be difficult to test them thoroughly in an automated fashion. Some programs will have too many states to possibly evaluate. If fact, it is possible for a computer program to have more potential states than there are particles in the universe. Given this potential complexity, it can be very hard to make any determination about the security of a computer program.
The adoption of type-safe languages (such as Java and C#) would nearly eliminate the risk of buffer overflows. Although a type-safe language is not guaranteed to be secure, it significantly reduces the risks of buffer overflows, sign-conversion bugs, and integer overflows. Unfortunately, these languages cannot match the performance of C or C++, and most of Microsoft Windows---even the latest and greatest version--still runs old C and C++ code. Developers of embedded systems have begun to adopt type-safe languages, but even this uptake is slow--and the millions of legacy systems out there will not be replaced any time soon. What this means is that old-fashioned software exploits will be around for awhile.
FROM: "ROOTKITS, Subverting the Windows Kernel", by Greg Hoglund and James Butler.
Buffer-overflow exploits will eventually go away, but not in the near future. Although a disciplined programmer can write code that does not have buffer-overflow bugs (this is regardless of language; even a program written by hand in Assembly can be secure), most programmers are not that diligent. The current trend is to enforce safe coding practices and follow this up with automate code-scanning tools to catch mistakes. Microsoft uses a set of internal tools for this purpose.
Automated code-scanning tools can catch some bugs, but not all of them. Most computer programs are very complex, and it can be difficult to test them thoroughly in an automated fashion. Some programs will have too many states to possibly evaluate. If fact, it is possible for a computer program to have more potential states than there are particles in the universe. Given this potential complexity, it can be very hard to make any determination about the security of a computer program.
The adoption of type-safe languages (such as Java and C#) would nearly eliminate the risk of buffer overflows. Although a type-safe language is not guaranteed to be secure, it significantly reduces the risks of buffer overflows, sign-conversion bugs, and integer overflows. Unfortunately, these languages cannot match the performance of C or C++, and most of Microsoft Windows---even the latest and greatest version--still runs old C and C++ code. Developers of embedded systems have begun to adopt type-safe languages, but even this uptake is slow--and the millions of legacy systems out there will not be replaced any time soon. What this means is that old-fashioned software exploits will be around for awhile.
FROM: "ROOTKITS, Subverting the Windows Kernel", by Greg Hoglund and James Butler.
