Published: 2007-02-28
The research papers cover a range of Vista security mechanisms in-depth, from its Address Space Layout Randomization (ASLR) technology designed to thwart heap overflows and certain malware attack methods, to buffer overflow protection in Vista's Visual Studio C++ compiler and an evaluation of how well legacy malware works on Vista's OS.
In a corresponding Symantec Security Response blog entry, Oliver Frederichs states that the company will release a total of six research papers over the coming week, the intention being, "to provide a balanced, unbiased, and objective viewpoint on Windows Vista security, based on the many decades of our team’s combined security experience."
The Vista research papers are being released just as the popular Black Hat DC computer conference gets underway in Virginia. Symantec researcher Ollie Whitehouse is scheduled to present at Black Hat on weaknesses found in Vista's ASLR implmentation. In recent weeks, Whitehouse has also written about implementation weaknesses in Microsoft's User Account Control (UAC) component that may give typical users a false sense of security.
The new research papers and Black Hat presentation follow the recent consumer release of Windows Vista, which is now being scrutinized by security researchers looking to expose new vulnerabilities.
Disclosure: SecurityFocus is a division of Symantec Corp, but has editorial independence to cover all aspects of the security industry.
Posted by: Kelly Martin
