Windows Vista – The Pros and ConsMicrosoft continues to beaver away on the next version of Windows, known as Vista, and amongst the advertised improvements are much-vaunted security enhancements. The release date of the new OS has now been pushed into 2007, with Microsoft advising that the delay is a result of the company's need for additional time to improve quality assurance, which sounds like a very good reason. Although Vista is not yet available to the general public, hackers everywhere are no doubt licking their lips in anticipation of its many new ‘features’. It will certainly be interesting to see what they come up with, although many are already voicing their opinions on what they’re expecting. Here is a summary of some of the security improvements that have been announced to date:
Security to Benefit Criminals?If the hard drive encryption on Vista (known as BitLocker) is as effective as it is purported, law enforcement may be unable to investigate suspect’s hard drives. It’s a shame that there is a downside to it, but it could prove to be a real boost to criminals and a step back for computer forensic investigators including the police. With many people using their computers for communications and record-keeping, forensic investigators often receive a suspect’s computer, PDA and/or mobile phone as potential evidence to search for valuable data in relation to a crime. Computer-based evidence has been crucial in many cases involving murder, fraud and child pornography. Microsoft claims that BitLocker offers a way to safely dispose of unwanted hard drives without anyone being able to access the data that may still be present on it. Suggestions that there will be a ‘back door’ which can bypass BitLocker encryption have already been refuted by Microsoft cryptographers working on Vista. Interestingly, according to some recent media reports Microsoft may consider training the police in ways to break the encryption in Vista. This news was revealed in a parliamentary committee session. On the other hand, encryption is certainly not new and there is nothing to prevent its use by criminals in these pre-Vista times. In fact, it is commonplace to protect various files, which can be done by installing encryption software like PGP. However, many malicious users don’t encrypt the entire hard disk, so law enforcement investigators can gather evidence from other areas such as unallocated disk space (where deleted data lives). If strong encryption such as that utilised by BitLocker is used, the only realistic ways of obtaining the data on a drive is to grant powers to law enforcement to have suspects give up their encryption key passwords (given that torture is not permitted in most countries!) or to attempt to crack the encryption key which will require an awful lot of resource and even more time. Watch Out For RansomwareWhilst on the subject of computer crime and encryption, just hope that you don’t fall victim to ‘ransomware’. This term can be used to describe an extortion technique in which malware encrypts a number of files on the victim’s computer, with a ransom note being left behind explaining that the files can only be decrypted with the decryption key held by the ransomware author. April 2006 saw a new variation on this theme, with a program known as TROJ_RANSOM.A that freezes the victim’s PC and demands money to release it. According to the Sophos Antivirus description, the program displays the message boxes when run: “Deleted files are going to be saved into a hidden directory and replaced during uninstallation.” “(1) files are being deleted every 30 minutes.” Pornographic images are also displayed on the infected computer, as well as the following messages: “is this computer valuable. it better not be. It goes on to explain that files have been “tucked away in invisible hidden folders”. It gets worse – if the user tries to kill the process, the following messages are shown: "Yeah, We don't die, We multiply! Ctrl+Alt+Del isn't quite working today, is it? I'm not the sharpest tool in the shed but Crtl+Alt+Del is everyone's S.O.S." The victim is asked to send exactly $10.99 via Western Union to ‘unlock’ the computer, and the malware author even offers to help users with uninstall problems (once they’ve paid up) by asking that users send problems to unlock3713@yahoo.com. Update your antivirus because blackmail is alive and well in cyberspace. Alan Phillips MBCS |