, SecurityFocus 2007-01-29
Story continued from Page 1
Other security technologies included in Microsoft's Windows Vista are not as controversial.
Address Space Layout Randomization, or ASLR, which makes it harder for an attacker to reliably run code that exploits remote memory flaws, has garnered the approval of many security researchers. Microsoft's implementation of the technique has some weaknesses but overall, the company has added a good foil to attacks that have plagued Microsoft's software in the past, said Positive Network's Johnson.
"Vista's ASLR is, on a whole, still a significant 'speed bump' that makes exploiting many vulnerabilities on Windows much more difficult to do reliably, especially in a 'fire and forget' fashion as typically used by worms," he said.
However, at least one other researcher has said that the speed bump will not slow down the pace of exploits, because it can be circumvented.
"The ASLR implementation in Vista is not very resilient--it only randomizes the bases of certain system DLLs (dynamic link libraries) and not the rest of the loaded modules," Matthew Murphy, an application security engineer at Hypermedia Systems, stated in comments to a previous SecurityFocus article. "This means that today's attackers will still succeed tomorrow, because all they'll have to do is slightly tweak the jump points in their exploits."
Data Execution Prevention (DEP), a technology included in Windows XP Service Pack 2, monitors for attacks--or software bugs--that attempt to run code from a non-executable part of memory. While included in Windows XP SP2, the service is only activated by default on systems with 64-bit processors. With Windows Vista, Microsoft has set the technology to automatically monitor all essential Windows services.
Microsoft's Toulouse emphasized that Windows Vista is not the end of the software giant's fight to protect its customer from online threats.
"There are certain classes of attacks that we might see, after widespread deployment of Windows Vista, starting to go away, but none of this is to say that we can be complacent," Toulouse said. "We will still try to provide our users with tools that help them know what's going on their PC. And, we still urge customers that criminals are still out there, and you need to be cautious."
Windows Vista goes on sale on Tuesday.