OEMs do their part to support ASLR in Vista

**Anilrgowda** · 19-Dec-2006, 08:54 PM

Earlier this week, Ars discussed a few of the new security features found in Windows Vista. One feature mentioned, Address Space Layout Randomization (ASLR), has been getting some extra press this week due to announcements by some large OEMs stating that they would do their part to help support the feature.
Many have pegged ASLR as the insecure code killer, but that's only partially true. As the name suggests, the technology randomly moves function entry points (e.g., DLLs) around in memory so that their locations cannot be easily predicted by hackers. So yes, dangerous code can be run, but automated attacks should still be much more difficult to perform. If you're interested in seeing ASLR in action on your Vista PC, you can use a tool such as Process Explorer to verify that DLLs have different load addresses upon reboot.
One caveat to using ASLR is that a PC must have Data Execution Prevention/No eXecute (DEP/NX) enabled within its BIOS for the security layer to work correctly. Until now, major OEMs have refrained from explicitly stating that they would not disable DEP/NX in their Vista-ready PCs. According to Michael Howard, a security expert at Microsoft, the OEMs have agreed to grant Microsoft's wish. "I found out yesterday that all the major OEMs have agreed to not disable DEP/NX in their BIOSs by default," he said on his blog. Some of those OEMs include Dell, Gateway, and Hewlett-Packard.
Howard also noted steps to verify whether your PC has DEP enabled or not:

Open the Control Panel
Select System & Maintenance
Click System
Click Advanced System Settings
Click the Advanced tab
Click Performance Settings
Click the Data Execution Prevention tab

While enabling DEP is a great way to help protect your system from buffer overflow attacks, certain applications may fail when it is enabled. If you encounter an application that is failing due to DEP, Microsoft suggests that you disable DEP for that application only, not the entire system. Following the steps above, you can choose specific applications and services that should be ignored by DEP.

19-Dec-2006, 08:54 PM	#1 (permalink)
Anilrgowda Administrator Posts: 18,695 Join Date: Jan 2006 Rep Power: 10 IM:	OEMs do their part to support ASLR in Vista Earlier this week, Ars discussed a few of the new security features found in Windows Vista. One feature mentioned, Address Space Layout Randomization (ASLR), has been getting some extra press this week due to announcements by some large OEMs stating that they would do their part to help support the feature. Many have pegged ASLR as the insecure code killer, but that's only partially true. As the name suggests, the technology randomly moves function entry points (e.g., DLLs) around in memory so that their locations cannot be easily predicted by hackers. So yes, dangerous code can be run, but automated attacks should still be much more difficult to perform. If you're interested in seeing ASLR in action on your Vista PC, you can use a tool such as Process Explorer to verify that DLLs have different load addresses upon reboot. One caveat to using ASLR is that a PC must have Data Execution Prevention/No eXecute (DEP/NX) enabled within its BIOS for the security layer to work correctly. Until now, major OEMs have refrained from explicitly stating that they would not disable DEP/NX in their Vista-ready PCs. According to Michael Howard, a security expert at Microsoft, the OEMs have agreed to grant Microsoft's wish. "I found out yesterday that all the major OEMs have agreed to not disable DEP/NX in their BIOSs by default," he said on his blog. Some of those OEMs include Dell, Gateway, and Hewlett-Packard. Howard also noted steps to verify whether your PC has DEP enabled or not: Open the Control Panel Select System & Maintenance Click System Click Advanced System Settings Click the Advanced tab Click Performance Settings Click the Data Execution Prevention tab While enabling DEP is a great way to help protect your system from buffer overflow attacks, certain applications may fail when it is enabled. If you encounter an application that is failing due to DEP, Microsoft suggests that you disable DEP for that application only, not the entire system. Following the steps above, you can choose specific applications and services that should be ignored by DEP.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)