News

Microsoft To Release Open Source Security App

To help developers identify mechanisms that lead to system crashes or have other security implications, Microsoft will unveil its !exploitable (pronounced "bang exploitable") Crash Analyzer on Friday at the CanSecWest conference in Vancouver. The open source tool will be available as a free download at the Microsoft Security Engineering Center's Web site.

The tool is designed to help developers classify, assess and ultimately prevent program crashes, especially as they relate to exploits running loose in enterprise processing environments.

!exploitable is a plug-in for the Windows debugger that classifies different crash scenarios, grouping them into what it calls "hashes." Based on information discovered on "major" and "minor" hashes, the tool isolates crashes and correlates them with bugs to determine the frequency of bug-related crashes or shutdowns caused by the same exploit.

The tool is also diagnostic in the sense that it can estimate the exploitability of any given vulnerability with a rating system that ranges from "Exploitable," "Probably Exploitable," "Possibly Exploitable" and "Unknown."

Observers tout the tool's release as useful because it helps reduce the attack surface of the whole enterprise stack, not just Microsoft's own software.

"As a tool, it can save developers time and effort," said Roger Kay, president of Endpoint Technologies Associates Inc. "A number of apparently different crashes can actually be caused by the same code. The analyzer isolates the offending block and essentially says, 'Here, all these different crashes are actually the same failure, and it's an important one that you ought to fix right away because it presents an open attack surface,' or 'This other one isn't harmful, so then you can fix it when you have time.'"

!exploitable is the latest bell-and-whistle technology designed to drive home the concept of a security development lifecycle (SDL) to Microsoft technology partners and Windows enterprise professionals. Under SDL, security would be both an integral and integrated part of application development in non-Windows and Windows processing stacks alike. The goal is to put the onus on development managers and IT policy makers to create benchmarks and criteria for reducing IT risk.

"You can measure functionality, dependability and viability in any environment, but security is a bit more difficult to track over time," said Dan Kaminsky, director of penetration testing at security firm IOActive Inc. "What Bang Exploitable does is create a scenario that is asymmetrically better for the good guys. It answers the question of how you release tools without actually helping the attackers."

Furthermore, Kaminsky said, the tool's ease of use will be a boon for non-security personnel and junior developers and testers, giving them the leeway to paint various scenarios of what could happen so that it doesn't.

"We know for sure that at one point or another, a system is going to crash," Kaminsky said. "But I think having the weight of a Microsoft behind you and being able to say, hey, we know this was an operational thing and not a security thing or the other way around is a positive step for the whole IT ecosystem."

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

comments powered by Disqus

Featured

  • Xamarin.Forms 5 Preview Ships Ahead of .NET 6 Transition to MAUI

    Microsoft shipped a pre-release version of Xamarin.Forms 5 ahead of a planned transition to MAUI, which will take over beginning with the release of .NET 6 in November 2021.

  • ML.NET Improves Object Detection

    Microsoft improved the object detection capabilities of its ML.NET machine learning framework for .NET developers, adding the ability to train custom models with Model Builder in Visual Studio.

  • More Improvements for VS Code's New Python Language Server

    Microsoft announced more improvements for the new Python language server for Visual Studio Code, Pylance, specializing in rich type information.

  • Death of the Dev Machine?

    Here's a takeaway from this week's Ignite 2020 event: An advanced Azure cloud portends the death of the traditional, high-powered dev machine packed with computing, memory and storage components.

  • COVID-19 Is Ignite 2020's Elephant in the Room: 'Frankly, It Sucks'

    As in all things of our new reality, there was no escaping the drastic changes in routine caused by the COVID-19 pandemic during Microsoft's big Ignite 2020 developer/IT pro conference, this week shifted to an online-only event after drawing tens of thousands of in-person attendees in years past.

Upcoming Events