Microsoft adopts Rust to boost Windows security and performance

[Alfonso Maruccia]

Recap: Historically, the vast majority of security issues encountered on the Windows platform have been memory-related bugs. Rust can provide a highly effective solution to this long-standing problem, and Windows programmers are well aware of its potential.

Although Rust is still a relatively recent programming language, Microsoft has already embraced the technology as one of the most promising upgrades for Windows core programming. Redmond's software engineers have been diligently rewriting crucial parts of the operating system in Rust, bringing significant improvements in both performance and security to the underlying code.

Rust is a fast, memory-efficient programming language created by Graydon Hoare while working at Mozilla, the first company to officially sponsor and adopt it for their experimental browser engine, Servo. As a typical compiled language, Rust offers native performance for various types of applications, including computer software, low-resource devices, and embedded appliances.

Also read: How a broken elevator led to one of the most loved programming languages available today

Aside from its performance, one of Rust's main attractions is the fact that the language was designed to provide memory safety from the outset, thereby eliminating many categories of bugs and potential vulnerabilities at compile time. Notably, memory safety bugs account for 70% of the CVE-listed security vulnerabilities fixed in Windows since 2006.

According to David "Dwizzle" Weston, VP of OS Security and Enterprise at Microsoft, some Rust code has been implemented in the Windows kernel already. Speaking at BlueHat IL 2023 in Tel Aviv, Israel, last month, Weston mentioned that Windows 11 could boot in Rust, even though the code's port is currently disabled and concealed behind a feature flag.

Microsoft began rewriting portions of Windows in Rust in 2020, starting with the DirectWrite API (a part of the DirectX framework) which is responsible for managing high-quality text rendering, resolution-independent outline fonts, full Unicode text and layout support, and more. DWriteCore, the Windows App SDK implementation of the DirectWrite API, now comprises approximately 152,000 lines of Rust code and about 96,000 lines of C++ code. In addition to enhancing security, this new code blend has reportedly brought significant performance improvements (5-15%) to font operations.

Windows 10 and 11 are written in C, C++, C#, and Assembly language, with millions of lines of code that will likely never undergo a complete, Rust-based overhaul. However, Windows' main graphics device interface (Win32 GDI) is being ported to Rust, with 36,000 lines of code already converted. "There's actually a SysCall in the Windows kernel now that is implemented in Rust," Weston revealed.

Microsoft is not the only major tech company interested in adopting Rust for its primary software products. The memory-safe programming language is already being used by Amazon, Facebook, Google, and others. Rust has also become part of the Linux kernel. Open-source developers emphasize that Microsoft's commitment to Rust would be excellent news for the language's future.

Permalink to story.

https://www.techspot.com/news/98492-microsoft-rewriting-windows-rust-sort.html

 

[Hodor]

I hope it won't backfire. Since Mozilla rewrote Firefox in Rust, it has became very slow. It's now basically a CPU hog that spins up the laptop fans to the max. Even for something as stupid as watching YouTube videos. How do you know you're running the latest Firefox? Your laptop sounds like a vacuum cleaner.

At the same time MS Edge is totally silent while opening the same sites and playing the same videos. Google Chrome used to be inferior to Firefox memory-wise, but now Firefox uses more RAM than Chrome or its cousin Edge. Rust has eaten Firefox. Now Microsoft want to make Windows even rustier than it already is.

 

[dangh]

I hope it won't backfire. Since Mozilla rewrote Firefox in Rust, it has became very slow. It's now basically a CPU hog that spins up the laptop fans to the max. Even for something as stupid as watching YouTube videos. How do you know you're running the latest Firefox? Your laptop sounds like a vacuum cleaner.

At the same time MS Edge is totally silent while opening the same sites and playing the same videos. Google Chrome used to be inferior to Firefox memory-wise, but now Firefox uses more RAM than Chrome or its cousin Edge. Rust has eaten Firefox. Now Microsoft want to make Windows even rustier than it already is.

It won't. Rust is as performing (if not better) as C++. Issues you have with FF most probably are not related to the language, or even to the compilator, but some other design choices.

 

[hwertz]

Yeah, agreed with dangh; Firefox is bloated because it's bloated. (Or in my experience, because web pages are getting more bloated with Javascript, as opposed to the browser itself). Rust is about as low-level as C just with safety rules enforced at compile-time (you can mark a piece of code "unsafe" and break some of those safety rules, in those cases where it's required to interface with hardware or existing C code.) I suspect the added rules let the Rust optimizer perform some optimizations that are not safe to do in the equivalent C code.

I prefer Python myself (although obviously not for use in a kernel!); but Rust is an excellent replacement for many tasks that currently use C or C++.

Linux got Rust support last year; a few drivers are being written in Rust (Apple M1 GPU driver is first I'm aware of), and I think the plan is to try rewriting a few network drivers in Rust first (possibly wifi drivers, after all about the nastiest of all security flaws were those "wifi magic packet pwns a computer that's not even connected to a wifi network" type flaws that turned up in a few drivers in Linux, Mac, and Windows; written in Rust, this kind of flaw would basically be impossible.

 

[EndRessentiment]

Interesting to see Rust picking up pace. I didn't expect that a relatively new language could still improve so much over languages like C and C++.

@ the others: I'm not having issues with Firefox at all when it comes to being 'heavy'. The only problem I encounter is the occasional time that Firefox is stuck at launching with 0% CPU .
I'm pretty sure all Firefox problems have to do with bugs, not with Rust. I think bugs are not that surprising, given that Mozilla isn't in a great place financially, but still has to innovate to stay relevant.

It still baffles me people, because almost all of them stick to Chrome, are fine with handing over the future of the web to Google! I wish more people appreciate what Mozilla/Firefox can mean/do [not saying they're great or anything. Just that they offer some good things]. Certainly Rust is good, and Mozilla played an important role in it.

 

[RaXelliX]

I hope it won't backfire. Since Mozilla rewrote Firefox in Rust, it has became very slow. It's now basically a CPU hog that spins up the laptop fans to the max. Even for something as stupid as watching YouTube videos. How do you know you're running the latest Firefox? Your laptop sounds like a vacuum cleaner.

At the same time MS Edge is totally silent while opening the same sites and playing the same videos. Google Chrome used to be inferior to Firefox memory-wise, but now Firefox uses more RAM than Chrome or its cousin Edge. Rust has eaten Firefox. Now Microsoft want to make Windows even rustier than it already is.

Not sure what OS you are using it on but on Windows, Firefox has become faster and more stable for me over the years.
The other day I had about 120 tabs open (mix of YouTube and text) and Firefox was consuming only about 3GB on RAM with both CPU and GPU being under 10% utilization (5800X3D and 2080Ti).
At the time of writing this I have 40 tabs open with most being YouTube and memory usage is less than 1GB.

The only bugs I have noticed are when some tab crashes or when some sub process starts using too much CPU time.