Correct - the problem at the moment is that on every machine, things like the C runtime always load in exactly the same place in the per-process address space. This makes writing exploits that say, buffer-overrun into running a C runtime command, really easy.

ASLR makes this much harder because no two machines will have the same layout. There's nothing whatsoever to be gained by rebooting your machine every so often with regard to this.

A 2004 paper (http://www.stanford.edu/~blp/papers/asrandom.pdf) showed that the effectiveness of the technique does not improve as you increase the number of changes (e.g. every process, or just rebooting). It also showed that it is most effective on 64-bit architectures.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/222/1068#1068