By Dan Cornell
John Dickson picked up a copy of Writing Secure Code for Windows Vista when he was up at the Microsoft Worldwide Partner Conference. I was on the road this weekend and had the opportunity to read it.
Overall I found the book to be interesting, but I came away from reading it wondering who really needs to read this book and what they would actually use it for. The book jumps around through a number of different areas and technologies and gets a bit unfocused at times. The level of detail was somewhere above a simple feature list but not deep enough to be used as an actual reference. I came away with a couple of things I can actually put into action as well as a lot of good trivia and I kind of wondered if it wouldn't have been better released as a 50-60 page MSDN document rather than a full-fledged 196 page book.
In any case, here are some thoughts, chapter by chapter:
- Chapter 1 (Code Quality) has a great introduction to using the Security Annotation Language (SAL) as well as using the /analyze C/C++ compiler option.
- Chapter 2 (User Account Control, Tokens and Integrity Levels) has a great explanation of integrity levels and using virtualization to create parallel (or "virtual") filesystem and registry trees.
- Chapter 3 (Buffer Overrun Defenses) was probably my favorite chapter. It steps through a variety of technologies available in Windows Vista to help guard against those annoying buffer overrun vulnerabilities. This is one of the areas where Vista has really raised the bar, so the coverage of this material should be very helpful for folks working with C/C++ on Vista. Topics include Address Space Layout Randomization (ASLR), Stack Randomization, No Execute (NX) memory protection, the /GS compiler switch, and Safe Structured Exception Handlers (SafeSEH). The book did a good job of explaining each technology and showing the sorts of attacks it protects against as well as showing what attacks it does not protect against.
- Chapter 4 (Networking Defenses) had information about a couple of networking technologies and bounced around from IPv6 and Teredo to Windows Vista RSS support to code for creating firewall rules.
- Chapter 5 (Creating Secure and Resilient Services) had some interesting information about setting privilege levels for services as well as useful recommendations for inter-process communication between services and the GUI. It got bogged down a bit in the middle with an exhaustive list of various Windows Vista account privileges that should or should not be attached to running services. One important thing I found was that the discussion of selecting accounts under which to run services was very informative.
- Chapter 7 (Internet Explorer 7 Defenses) had some interesting trivia about new design decisions implemented for IE 7. The chapter was a bit out of place because there was comparatively little advice for people developing applications on Vista.
- Chapter 7 (Cryptographic Enhancements) had some interesting information, but got a little bogged down with lists of features and algorithms that would probably be better contained in an online reference.
- Chapter 8 (Authentication and Authorization) is basically a discussion of Microsoft's CardSpace technologies. There was also a mention that the Graphical Identification and Authorization (GINA) had changed but there were no real details provided.
- Chapter 9 (Miscellaneous Defenses and Security-Related Technologies) was just that - a grab bag of some other miscellaneous topics.
After reading this book I wouldn't expect someone to start doing hardcore Windows Vista Development, but it is pretty inexpensive and a quick read and provides a good breadth of information about new security technologies associated with Vista. If you are developing on Vista or interested in keeping tabs on new features in Vista this book is a good initial place to look.
--Dan
dan _at_ denimgroup.com
