And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill.
"Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated," a representative for the software maker said. "In addition, we are working with our hardware partners to investigate ways to help prevent the virtualization attack used by the Blue Pill."
Read the rest here
Obviously this is a good thing, with a fresh set of more expert eyes seeing the code, this will only help Microsoft release a better, more secure and reliable product in the end. The openess of Microsoft at this conference has really shown the Company’s comittment to security. One thing must be noted that sometimes, what might seem like a vulnerability that has not be found or fixed in Windows Vista might actually been discovered, just that fix is not implemented yet, as noted in the following excerpt:
The audience appeared very interested in the presentation, and at times people broke out in laughter, for example when Lambert talked about the public disclosure of a serious flaw right after the release of the Beta 2 of Internet Explorer 7. How did Microsoft react to that? Lambert showed an animation of a man banging his head on a keyboard.
But after the initial embarrassment, Microsoft realized that it had actually found the IE 7 flaw a couple of months earlier, it just had not been addressed in that beta release, Lambert said. Before final release, bugs like that will be fixed, he said.
Read more from that report here