News

Microsoft To Release Open Source Security App

To help developers identify mechanisms that lead to system crashes or have other security implications, Microsoft will unveil its !exploitable (pronounced "bang exploitable") Crash Analyzer on Friday at the CanSecWest conference in Vancouver. The open source tool will be available as a free download at the Microsoft Security Engineering Center's Web site.

The tool is designed to help developers classify, assess and ultimately prevent program crashes, especially as they relate to exploits running loose in enterprise processing environments.

!exploitable is a plug-in for the Windows debugger that classifies different crash scenarios, grouping them into what it calls "hashes." Based on information discovered on "major" and "minor" hashes, the tool isolates crashes and correlates them with bugs to determine the frequency of bug-related crashes or shutdowns caused by the same exploit.

The tool is also diagnostic in the sense that it can estimate the exploitability of any given vulnerability with a rating system that ranges from "Exploitable," "Probably Exploitable," "Possibly Exploitable" and "Unknown."

Observers tout the tool's release as useful because it helps reduce the attack surface of the whole enterprise stack, not just Microsoft's own software.

"As a tool, it can save developers time and effort," said Roger Kay, president of Endpoint Technologies Associates Inc. "A number of apparently different crashes can actually be caused by the same code. The analyzer isolates the offending block and essentially says, 'Here, all these different crashes are actually the same failure, and it's an important one that you ought to fix right away because it presents an open attack surface,' or 'This other one isn't harmful, so then you can fix it when you have time.'"

!exploitable is the latest bell-and-whistle technology designed to drive home the concept of a security development lifecycle (SDL) to Microsoft technology partners and Windows enterprise professionals. Under SDL, security would be both an integral and integrated part of application development in non-Windows and Windows processing stacks alike. The goal is to put the onus on development managers and IT policy makers to create benchmarks and criteria for reducing IT risk.

"You can measure functionality, dependability and viability in any environment, but security is a bit more difficult to track over time," said Dan Kaminsky, director of penetration testing at security firm IOActive Inc. "What Bang Exploitable does is create a scenario that is asymmetrically better for the good guys. It answers the question of how you release tools without actually helping the attackers."

Furthermore, Kaminsky said, the tool's ease of use will be a boon for non-security personnel and junior developers and testers, giving them the leeway to paint various scenarios of what could happen so that it doesn't.

"We know for sure that at one point or another, a system is going to crash," Kaminsky said. "But I think having the weight of a Microsoft behind you and being able to say, hey, we know this was an operational thing and not a security thing or the other way around is a positive step for the whole IT ecosystem."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Ransomware: What It Means for Your Database Servers

    Ransomware affects databases in very specific ways. Joey describes the mechanics of a SQL Server ransomware attack, what DBAs can do to protect their systems, and what security measures they should be advocating for.

  • Windows Admin Center vs. Hyper-V Manager: What's Better for Managing VMs?

    Microsoft's preferred interface for Windows Server is Windows Admin Center, but can it really replace Hyper-V Manager for managing virtual machines? Brien compares the two management tools.

  • Microsoft Offers More Help on Windows Server 2008 Upgrades

    Microsoft this week published additional help resources for organizations stuck on Windows Server 2008, which fell out of support on Jan. 14.

  • Microsoft Ups Its Carbon Reduction Goals

    Microsoft on Thursday announced a corporatewide carbon reduction effort that aims to make the company "carbon negative" by 2030.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.