Windows 11 is showing its first signs of Rust
Christopher Boyd
Christopher Boyd
Some important changes are heading to Windows which should make the operating system quite a bit more secure than it is now. At the end of April, Microsoftâs VP of OS Security and Enterprise referenced upcoming changes to Windows involving the programming language Rust.
Rust matches the performance of languages like C and C++ while being easier to debug and maintain, andâmost importantlyâmemory safe. It is highly desired by some programmersâyou can see his excitement in the below talk from Blue Hat IL 2023:
At the time, he cautioned that ârewriting Windows in Rust isnât going to happen anytime soonâ. However, he also mentioned that Rust would be making an appearance in the operating systemâs Kernel âin the next several weeks or monthsâ.
That moment has now arrived for folks on the Windows 11 Insider program:
Why is this such good news? Well, the kernel is the core component of a computer operating system and is crucial to how it functions. Itâs one of the first things to fire up when a computer is switched on, and then it sits in memory permanently, mediating between the computerâs applications and hardware.
If an attacker successfully compromises a kernel, they can expect to have full control over the device itâs running on, which is of course very bad indeed. These issues arenât just Windows specificâyou can end up with a kernel disaster on a Mac, or over in Linux land, too.
A big part of kernel exploitation is focused on memory management. Traditionally, the most popular coding languages for kernels have been C and C++, which provide excellent performance and lots of flexibility, and a lot of rope to hang yourself with when it comes to security. When people with bad intentions stroll into town, one of the key places they prod around is in the realm of memory. Bugs and errors in this area can lead to exploitation, and making the memory unstable can cause malfunctions or allow for malicious code.
A huge part of this is the dreaded buffer overflow attack, which has been around since the 1970s. This is when data written to a buffer spills out and overwrites nearby memory. When the systemâs memory is tampered with in this way it can lead to all manner of exploitation.
Despite endless attempts to get programmers to write more secure code, improvements to the underlying languages, and mitigations like Windows Address Space Layout Randomization (ASLR), buffer overflows continue to be a huge problem. The only way to root them out completely is to switch away from C and C++ to a memory safe language like Rust that can manage memory automatically.
This approach has already proven to be more reliable than hoping programmers will do the right thing: The adoption of memory safe languages in Android, which predates Windows by several years, has lead to signficiant decline in memory safety vulnerabilities on that platform.
According to Google, in situations where Rust has been used on low-level Android components instead of C++, there have been âzero memory safety vulnerabilities discovered.â
The work of switching out C++ for Rust in Windows 11 has already begun. As per The Register, the Microsoft Windows graphics interface device is currently being ported to Rust to the tune of 36,000 lines of Rust code, and thereâs a system call (SysCall) in the Windows kernel right now which is implemented in Rust.
While the âwouldnât it be niceâ dream of replacing all pieces of C and C++ in Windows with safer, better alternatives is likely impossible, big and important strides in memory safety are finally being made. What we have here is yet another good reason to finally make the leap from Windows 10 to 11.