With the release of Windows 7 only months away, it is worthwhile to begin considering its expected impact on security. Application vulnerabilities will be harder to weaponize into working exploits. While Windows memory protections (DEP, ASLR) have been around for several years, ubiquitous applications (IE8, Firefox 3) and their corresponding plug-ins (Flash, Acrobat Reader and QuickTime) are now using them. When combined with recent bypass fixes by Microsoft, the result is that successfully exploiting some vulnerabilities may not be possible. In the long term, the adoption of these technologies may cause the bad folks to shift their focus from attacks that are technical in nature to those that are social in nature.
Hardware-assisted rootkits, such as Blue Pill, will be difficult to deploy. Rootkits that use hardware virtualization operate outside of the host OS by first assuming a special privilege level called VMX root mode. Given that
Windows 7 implements Windows XP Mode (XPM) using hardware virtualization extensions, hardware-assisted rootkit installation becomes considerably more complex and would need to overcome significant technical hurdles to avoid crashing the OS or alerting the user.
Malware will face significant challenges in evading modern forms of dynamic analysis. Next-generation malware analysis approaches introspect the behavior of malicious software through the use of hardware virtualization extensions. Some criminals have responded by creating malware that refuses to run if it detects the presence of hardware-assisted virtualization. However, given that Windows 7 uses hardware-assisted virtualization in the implementation of XPM, malware that employs this crude form of detection will preclude itself from the very end-users it intended to target.
In summary, the release of Windows 7 looks to be an all-around win for security. Its adoption will benefit end-users and security professionals.