Windows 7 has been around for almost a year and a half, and it has emerged as a popular, successful OS. It has more than doubled the market share of its predecessor, Windows Vista, yet is still less than half the market share of the nearly decade-old Windows XP, according to NetMarketShare.com.
Windows XP is just a phenomenal operating system; and in terms of features and functionality, many businesses can’t justify the expense or hassle of making the switch.
But as capable as Windows XP is, it is inherently less secure than Windows 7. XP was designed before many of the attack techniques used today even existed. A review of the Microsoft Security Bulletins from 2010 reveals that Windows XP and Windows 7 may have many of the same vulnerabilities, but that a vulnerability that is rated only Moderate or Important on Windows 7 is often a Critical flaw for Windows XP because Windows 7 is more secure by design and can contain a successful exploit with less impact.
What is different about Windows 7 that makes it more secure? Windows XP was created before Microsoft began its Trustworthy Computing initiative and developed the Security Development Life Cycle to manage the process of designing more secure software. As a result, Windows 7 has a variety of features — ASLR, PatchGuard, UAC, PMIE — that don't exist in Windows XP and that help prevent successful attacks against the OS.
Address Space Layout Randomization (ASLR): Microsoft did not pioneer the concept of ASLR. The PaX project incorporated this technique into a Linux patch in 2001. Since Windows Vista, though, Microsoft has included the technique to protect Windows as well.
Malicious exploits often rely on the ability to accurately determine where specific processes or core system functions reside in memory. In order to exploit or leverage a given function, the exploit must first be able to identify where to find it. With versions of Windows prior to Vista, these memory locations were known or easily discovered by malicious exploit developers, but with ASLR, the memory location of these processes is randomized.
Finding a given function in memory is a game of hide and seek with the desired process hiding in one of 256 possible locations each time the exploit needs to find it. In addition, there is a probability that a failed exploit launched against one of the 255 memory locations where the function isn't located will result in a system crash. A system crash is bad news as well, but it is a more desirable outcome than a successful remote exploit leading to the complete compromise of a PC.
PatchGuard: Formally known as Kernel Patch Protection, PatchGuard prevents unauthorized programs from modifying the operating system kernel, which is a common technique used by malicious exploits. Patching the system kernel gives software — whether legitimate or malicious — access to the core functionality of the OS, and an ability to operate without Windows being aware of its presence.
Kernel patching is a technique that has been commonly used by antimalware software in order to intercept system calls at the core level and prevent malicious exploits from starting processes on the system, or from patching the kernel. While that protection is admirable, tinkering with the system kernel can lead to reliability and performance problems.
Leaving the Windows kernel open to modification in this way also means that malicious exploits can take advantage of it. Kernel patching can be used to implement rootkits that are hidden from the operating system itself and enable exploits to bypass other Windows security controls.
User Account Control (UAC): UAC is arguably the most misunderstood and maligned feature of Windows. The confusion and backlash over UAC contributed significantly to the demise of Windows Vista. The goal of UAC is to limit software to running with standard user privileges, while offering a simpler means of elevating privileges when necessary.
Picture the Windows operating system as a 10,000-foot-high plateau. Most of the plateau is flat and safe, and available for any standard user to operate. However, one mistake too close to the edge, and it’s a 10,000-foot plummet to doom. Administrators are trained to understand the risks and safely navigate the perimeter of the plateau without falling. UAC is like a fence that keeps most people safely away from the edge, while providing a gate where experts can pass through if there is work to be done near the perimeter.
Malware exploits are typically restricted to operating within the context of permissions and privileges of the logged-in user. Malware preys on the fact that so many users log in to Windows as administrators, giving the exploit virtually omnipotent access to the Windows PC. UAC ensures that users run with standard privileges most of the time, and that elevating privileges requires a conscious action, preventing malware from successfully exploiting the system.
Protected Mode Internet Explorer (PMIE): The premise of PMIE is very similar to the goal of UAC. The web is a common attack vector for malicious exploits, and PMIE restricts the privileges of Internet Explorer to reduce the ability of an attack to modify the Windows system, alter or destroy data, or install malicious code on the PC. In fact, PMIE relies on UAC to provide its underlying functionality, which is why it is not sufficient to simply use Internet Explorer 7 or later on Windows XP to achieve the same protection.
Admittedly, none of these security controls is infallible. Windows security authority Mark Minasi cautions that ASLR and PatchGuard are present only in 64-bit versions of Windows 7. Minasi also feels that PMIE offers little protection, and that UAC adds complexity for users and IT admins that outweighs its usefulness.
While those are all valid issues, the fact remains that Windows 7 is more secure. If both Windows XP and Windows 7 are affected by the same vulnerability, but the additional security controls contain the threat to a moderate level on Windows 7 while critical on Windows XP, it seems that Microsoft is headed in the right direction.
Windows XP is a very capable operating system. There is no denying that. However, Microsoft has added a variety of features and functions that let users work more efficiently and effectively, and the additional security features in Windows 7 make it much less likely that the OS will be crippled by an attack.