Monad shell pulled from Vista OS from Microsoft
PCWorld.com - Microsoft Cuts Windows Vista Feature
This is security through feature set. Also known as can't trust the operator in admin context!
Just days after the first public reports of viruses being written for an upcoming feature of Microsoft's Windows operating system, Microsoft confirmed that it will not include the feature in the first generally available release of Microsoft Vista, expected in the second half of 2006.
Update:
Microsoft quells Vista virus concerns
Microsoft has confirmed that a new scripting tool will not ship as part of the next version of its operating system, Windows Vista. The disclosure dispels concerns that a virus writer had created the first "Vista viruses" by targeting a new interactive shell codenamed Monad (or MSH).
Update:
Microsoft slams Vista virus report
Proof-of-concept code described by security company F-Secure as the "first Vista virus" does not affect the operating system at all, Microsoft has insisted.
also see MSH:1337 >"hello world" | out-web
0 TrackBacks
Listed below are links to blogs that reference this entry: Monad shell pulled from Vista OS from Microsoft.
TrackBack URL for this entry: http://kennethhunt.com/mt/mt-tb.cgi/1497
4 Comments
Search
Safari Online
Mike Erdely
The Open Prosthetics Project
Andrew W. Moore
Talking Out Loud with ASB
ducea
Andrew Baker
*scottstuff*
Ask Bjorn Hansen
Joe Topjian
John Sequeira's Weblog
Team Murder
defective yeti
postneo
Ben Hammersley
Chez Chrissie
The Frosty Mug Revolution
Jeremy Zawodny's blog
Lucas Gonze
Eric Norlin
slashdot
John Vu
Net Observer
Books Observer
Sterling
Bill Buxton
Melanie Rieback
Well I originally read about Monad in October 2003...
http://weblogs.asp.net/jnadal/archive/2003/10/29/34413.aspx
In one of the most overlooked cool things at the PDC (in my opinion, anyway), the new Command Shell that will be in Longhorn blew me away when I saw it. I walked up to the booth asking if unix-like file aliases would be in the new shell, and was given a demo by the team that had my mind racing.
Again: Monad was *not* pulled from Longhorn 'because it is too powerful'. PC World jumped on the fact that some MS person *again* noted Monad wasn't going to be in the Vista release, and drew a causal link where there was none.
As far as I know, from the moment we started hearing about *any* release schedule for Monad (and I'm one of the people playing with the beta), we were told that the first real realease would be with the next Exchange release - not Longhorn. I may be wrong, I can't recall anyone ever saying Monad was going to be in LH. So as far as I can tell, Monad's schedule has not slipped.
The full Monad vision is that it will reach deeply into core MS apps and OS's (so not just LH, but also Exchange, SQL Server, IIS, and so on), and will therefore need to be 'baked into' them.
I agree that MS have fumbled some security balls in the past. But Monad isn't/wasn't one of them. Full disclosure: I'm not connected with MS, but I *am* one of the many beta users of Monad, and I admit I'm pretty taken with it.
The thing that I find difficult to understand about Longhorn / Vista is how the release schedule has slipped so far. What I was saying was that fundamentally, microsoft does not do security well. I think they are planning a user context in the next release of the home OS, but in any case, it seems sort of knee-jerk to pull a feature because it is supposedly too powerful. But it seemed like the sort of thing they would do.
I agree PCWorld usually is sensational. But I only wanted to point out that thinking of security in the context of 'this is too powerful pull it' is misguided.
I'm pretty sure I've mentioned the reduced permissions for users in the next home OS before... In anycase your comments are much appreciated, and if at the end of the day someone thinks twice about which context they are running under all the better for security.
Kenneth -
I like your blog but I think you picked the wrong horse with this story.
1) Monad was publicly cut from Longhorn long before F-Secure released their silly tract about Monad viruses. Actually the full details of Monad's release schedule are a little more complex than that because it's really going to be a sort of staged release where Monad gorows more and more capabilities over a 10-year period.
2) F-Secure's concept Monad viruses are possible in any shell. Shells are supposed to be powerful! As always, the possibilities are limited by the permissions under which the script is run - and the permissions attached to the files which that 'script virus' is attacking. Also don't forget that a planned feature of Monad is easy script signing and validation.
Bottom line is that this whole 'Vista Monad virus' story is not only silly when the underlying facts are examined, but also has the timeline of causes and effects completely bass-ackwards.