Go Back   Windows Vista Forum | Vista Babble > Windows Vista > Vista Security
Reload this Page ASLR Security Changes
Vista Security Discuss ASLR Security Changes in the Windows Vista forums; It seems like they have added some more security in the backend of Vista to help deal with things like over-runs. Among the new security features in the beta ...

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 06-02-2006, 05:41 PM
Senior Member
  
Join Date: May 2006
Posts: 118
triumph is on a distinguished road
ASLR Security Changes
permalink

It seems like they have added some more security in the backend of Vista to help deal with things like over-runs.

Quote:
Among the new security features in the beta 2 version of Microsoft Vista is a new backend defense against buffer overrun exploits, according to one Microsoft security expert.

Common in the world of open-source operating systems, address space layout randomization (ASLR) was an 11th-hour addition to the recently-released beta, according to Michael Howard, program manager for Microsoft’s security team. He wrote last week in his security blog that this new feature will make the Windows operating system less susceptible to attacks.

"It is not a panacea, it is not a replacement for insecure code," he said. "But when used in conjunction with other technologies, which I will explain shortly, it is a useful defense because it makes Windows systems look ‘different’ to malware, making automated attacks harder," he said.

Microsoft released the beta 2 version of Vista last month along with beta 2 versions of Office 2007 and the next version of Windows Server - now codenamed "Longhorn."

As the security world further tests the recently-released beta, he is anxious to hear reviews of how well ASLR works within the operating system.

"We added ASLR pretty late in the game, but we decided that adding it to beta 2 and enabling it by default was important so we can understand how well it performs in the field," he said.

The new security feature works by randomly changing the location of key system function data within the system. The idea is to put system code in unpredictable places so that automated malware has a more difficult time finding the files it needs to function.

"In the case of Windows Vista beta 2, a dynamic link library or executable file could be loaded into any of 256 locations, which means an attacker has a 1/256 chance of getting the address right," he said. "This makes it harder for exploits to work correctly. Think Where’s Waldo?"

According to media reports, Microsoft CEO Steve Ballmer said last month that feedback from the latest beta could push back Vista's release, now scheduled for January of next year.
http://www.scmagazine.com/uk/news/ar...uards+backend/

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Reply With Quote
Sponsored Links
Reply

« Interesting Vista security features announced | BitLocker™ Drive Encryption »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 08:55 AM.



Contact Us Windows Vista Forum Archive

a vBSkinworks Design
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.1.0


© 2006 - 2008 Vista Babble Forums | About Vista Babble Forums | Legal | A member of the Crowdgather Forum Community


Page generated in 0.12342 seconds with 9 queries

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23