Views on Vista
I’ve been reading opinions and reviews on Microsoft’s upcoming OS, Vista. The one that is generating a lot of discussion is Peter Gutmann’s from New Zealand. Particularly ominous for control systems is:
Denial-of-Service via Driver/Device Revocation
Once a weakness is found in a particular driver or device, that driver will have its signature revoked by Microsoft, which means that it will cease to function. Details on exactly what happens are a bit vague here, the specs contain sentences like “the related driver would have to be revoked and a new driver would have to be deployed”, however presumably some minimum functionality like generic 640×480 VGA support will still be available in order for the system to boot.What this means is that a report of a compromise of a particular driver or device will cause all support for that device worldwide to be turned off until a fix can be found [Note J]. Again, details are sketchy, but if it’s a device problem then presumably the device turns into a paperweight once it’s revoked. If it’s an older device for which the vendor isn’t interested in rewriting their drivers (and in the fast-moving hardware market most devices enter “legacy” status within a year or two of their replacement models becoming available), all devices of that type worldwide become permanently unusable.
I added the emphasis in bold. I guess availability is not part of the C-I-A triangle any more.
Jim C provides some thoughts on the impact to control systems at his dcssec blog.
Vista has some ugly features which will get in the way of any DCS or SCADA deployment. Not just now, but perhaps for many Service Packs to come (If Microsoft stays in business for that long). Microsoft would do well to heed the advice of Gutman and many others to temper their efforts at “managing content.” I can smell what’s coming next. Microsoft would probably like to deny their OS to most Open Source Software.
This is similar to the problems many control system applications had with XP Service Pack 2, and it is reasonable to expect some delay while SCADA vendors test their systems and make changes to be compatible with Vista.
Perhaps I’ve been in the SCADA security world too long, but I rarely get excited about new security products or operating systems because I know there will be a delay before it is deployed in any significant portion of the SCADA and DCS deployments. There is time to analyze the situation after the early adopters have dealt with some of the pain. There is some hope, and a Thomas Ptacek prediction, that Microsoft’s emphasis and rigor on security during the development lifecycle will result in significantly fewer vulnerabilities and reduce the patching burden.
The biggest impact of the release of Vista to the SCADA community is it starts the two-year clock ticking for an end of mainstream support for Windows XP and may have an affect on the extended support timeframe for Windows 2000.
Author: Dale Peterson
Posted: January 11th, 2007 under Microsoft.
Comments: 7
Comments
Comment from Casey
Time: January 11, 2007, 2:06 pm
I have a hard time believing this. Perhaps it is a setting you can use, but I do not believe that this would be forced. If its forced, then I’ll just block all traffic from Microsoft.
For one, it would completely remove the ability to make custom drivers. Do we now have to submit drivers to Microsoft to be authenticated just to run our own applications? Of course not. Which means that it would be for a -particular- device.
Anyhow, no SCADA systems should be getting automatic updates from Microsoft. That would be poor management. This is a non issue.
Comment from Landon Lewis
Time: January 11, 2007, 3:19 pm
All 64 bit versions of Vista will ‘require’ signing. However 32 bit versions will not.
Microsoft maintains the document here http://www.microsoft.com/whdc/system/platform/64bit/kmsigning.mspx
Steve Gibson and Leo Laporte talked also talked about this on a podcast and the show notes are here
http://www.grc.com/sn/SN-066.htm
It will be interesting to see what happens as folks start encountering problems.
Comment from Ron Southworth
Time: January 11, 2007, 7:16 pm
Hi Dale,
I had very little time to effectively check out the upgrade from server 2000 to server 2003 and the changes were quite minor in comparison to what I have seen are the proposals for VISTA. We were caught by a vendor that was ill prepaired to upgrade their product to be compliant to the extent that they have gone out of the marketplace and are now resting in the Bahamas!
A few weeks ago we had a discussion on the Gospel list re takeup of Vista and I indicated a preference from our organisation to take up windows releases early. As a result of the concerns raised from the public info that is starting to surface I have already sought agreement here from our IT people to delay until further notice any Vista deployment until some more qualitive information comes to light.
Microsoft presented at a few years ago their roadmap for a Control Systems Version of Vista. It appears that Vista is going to be released in a number of flavours. My hope is that the control systems flavour is going to be truely customised for this environment. I wonder if you have been able to find someone from within Microsoft that can provide some update on Our flavour, Dale. The chap I know here in Aust. I have not been able to reach. I know that we are not a large target audience but given the importance to these systems perhaps some form of a release or progress update of info to the community would be good. It would also be interesting to find who is performing Beta testing of this illusive version and see what their impressions of the product are.
Many thanks Dale, Jim and everyone for raising this issue as it is worthy of some further understanding
Comment from Jake Brodsky
Time: January 12, 2007, 3:06 pm
Dale, your last comment about starting the clock ticking for Windows 2k is already happening. Ask yourself where Win2k fits when you read this http://www.microsoft.com/windows/timezone/dst2007.mspx weblink on Daylight Savings Time updates.
Hint: It isn’t there. Microsoft is going to let all you Win2k people figure it out for yourself. By the way, if you really do want to do it by yourself see http://support.microsoft.com/kb/914387 for more details.
Therin lies the problem: Microsoft is churning through OS releases faster than ever. Most SCADA engineers know that they have to keep up or it will be difficult to patch. Yet they also know that many patches will cause more problems.
We’d be remiss if we didn’t look at Vista for at least a few fixes. The content management efforts throw a monkey wrench in the works, however…
Comment from Dale Peterson
Time: January 13, 2007, 11:47 am
Jake – that is a good example of the difference between mainstream and extended support. Since XP has been out for more than two years, Win2K is not on extended support which is limited, some options cost $, and those options can only be purchased for a limited time window.
I think you hit the point dead on with the OS churn.
Comment from Dale Peterson
Time: January 13, 2007, 11:49 am
Ron – there is a Microsoft Manufacturing Users Group (MSMUG) summit coming up this month in Redmond. I expect any announcements of a Control Systems Version of Vista would come out at that event.
The issue I still don’t have a handle on is the security patch situation for controllers build on embedded XP.
Comment from Ron Southworth
Time: January 13, 2007, 5:01 pm
Dale, It will be interesting to see what turns up. I see SANS has picked up on the debate as well. Involving the wealth of test bed’s and organisations like yourselves would be a good thing to hear is occurring. Perhaps this is still a little ways off. Eventually I think we will see some sort of response from Microsoft regarding Control Systems It is just a question of when and if we will like what they have to say. Many thanks and good luck for this week.
Write a comment