Dudu Mimran, co-founder of the Israeli security startup named Morphisec that is building the digital version of the Titanic and taunting the iceberg that will sink it. He claims that his company is creating a completely secure version of Microsoft Windows that is un-hackable. Business Insider did an article on the matter that extols the virtues of the project and cites the credentials of the people involved. What they wrote lacks any solid technical information to support the claims that this Morphisec’s version of Windows will be any more secure than what is already available. The security professionals responsible for this project are clearly over confident. This is always a recipe for disaster. Caution is the better part of a secure approach to anything and overconfidence is anything but caution. I shouldn’t be surprised though considering how many “Security Experts” don’t feel the need to use anti-virus despite preaching the need to everyone else that uses a computer system with Microsoft Windows.
The only actual information made available on this miracle version of Windows is that it “randomizes the memory”. We already have that. It’s called ASLR. How is this any different, or even better than the Linux PaX patch set or Grsecurity? Since we already have ASLR who do they seriously think is going to buy this? Are they trying to prey on the potential ignorance of government agencies? My guess is that if this gains any traction it will be widely adopted by government agencies that will then have a big red target painted on them. Somebody or some group of people with an axe to grind or a point to make will exploit this ship and sink it. It’s already designed for a highly visible and sought after target. Morphisec hung a big sign up that says “Please Hack Me!” by calling their product un-hackable. Never underestimate the intelligence of your adversary. I really hope this turns out to be vaporware because if it isn’t this new supposedly more secure version of Windows will be a disaster in the making of epic proportions.
Morphisec doesn’t seem to understand the concept of a zero-day vulnerability. It is ridiculous to claim that this product is not vulnerable to zero-day attacks. Undiscovered zero-day attacks are the very definition of an” unknown unknown”. You cannot defend against an attack that you don’t even conceptually know of as vulnerability yet. You simply cannot design a networked operating system that has any functionality that is completely secure. There is no way to know and anticipate the unknown vulnerabilities. At best you can mitigate damage with a broader set of known possibilities that might apply to a “known unknown”. You can’t design a defense against something you are not aware of yet. Especially when the only way you become aware of it is by the attack being executed against you as you fail to defend against it.
I doubt this company has full access to the Windows source code for the build they are using. Some people claim that governments have been given access to Windows source code, but even then Israel would need to be one of those governments and they would have had to give the code over to Morphisec. I cannot verify or dismiss these claims so I’m not going to focus on them here. Even with access I seriously doubt they have performed a full source code audit of Windows. They couldn’t have found all the vulnerabilities let alone fixed them. How can one memory-based mitigation be effective against every possible vulnerability in the Windows codebase? This is what we call snake oil.
As for claims that it hasn’t been exploitable in internal testing, so what? It could be perfectly secure according to automated tests, scripted testing, manual testing, or random usage testing. You could have 100 teenage boys in a room, tell them the porn filter is off and to have at. No malware infection so it’s airtight right? Not even. When it goes to production somebody somewhere will exploit it because you simply cannot account for every “unknown unknown”. Even with “known unknowns” you can only mitigate a threat, not completely contain it.
If this product really is 100% secure it will be 100% unusable. You have to balance functionality with safety, you simply can’t get a 100% secure mix and have a functional product. They might have gotten closer to 100%, but if they did it is going to detract from the usability of the product. It could run slower, take up large amounts of storage space, have ridiculous advanced procedures to authorize a user that reset with inactivity, or all sorts of other hindrances.
I’m not saying that these are the specific methods deployed here, I was just illustrating a point. You simply cannot have an un-hackable copy of Windows that leaves the computer usable. There is always a compromise to freedom and usability when security is increased. You get diminishing returns proportionate to the security increase.
There will always be somebody out there claiming to have done the impossible or exaggerating the results from trying to do the improbable. Whether this is a real product or vaporware remains to be seen. If it is a real product it certainly won’t be able to deliver on its promises. Even if it does prove to be un-hackable at first it will only be that way for so long. Somebody will surely hack into it eventually.