Slashdot Mirror

← Back to Stories (view on slashdot.org)

ALSR in Vista Gets OEM Push

Posted by Zonk on from the at-leas-they're-trying dept.

gr00ve writes "Eweek is reporting that all the major OEMs will enable DEP/NX in their BIOSes by default to allow Address Space Layout Randomization (ASLR), a new security feature in Windows Vista, to work as advertised. ASLR, which is used to randomly arrange the positions of key data areas to block hackers from predicting target addresses, is meant to make Windows Vista more resilient to virus and worm attacks." From the article: "Because most CPUs that ship today support DEP/NX, Howard explained that Vista users on older hardware can use the control panel to manually verify that PCs have DEP enabled. With full support from OEMs, Microsoft is effectively using ASLR to create software diversity within a single operating system, a move that is widely seen as Redmond's attempt to address the monoculture risk. The memory-space randomization technique will block the majority of buffer overflow tricks used in about two-thirds of all worm and virus attacks."

3 of 170 comments (clear)

  1. Not quite! by Anonymous Coward · · Score: 5, Insightful

    This is a legitimate technique already used by some other high-security OSes (e.g. Open BSD). So it's a legitimately good security measure.

    That said, I don't doubt that wanting to better secure their DRM is high on their list of reasons to improve security. That is, they probably want more to secure the machine *from* you than *for* you... While I've certainly had users that the system needed protection from, I still don't like what they're doing with DRM.

    Soon, at this rate, you'll either have an unencumbered OS, or what you have won't be fit to call a computer. It'll probably look something more like a high definition TV with popup ads.

  2. Re:band-aid by Aadain2001 · · Score: 4, Insightful
    If there are buffer overflows, isn't the solution to fix the buffer overflows?

    Well sure it is! But MS doesn't control all the source code of the software the OS runs (but they're working on that ;)). Even if the OS is free of buffer overruns (which is should be after 5+ years of development), if a poorly implemented yet popular program (such as an IM client) still has buffer overruns, there is only so much that the OS can do/not do.

    --
    Space for rent, inquire within
  3. Re:grsec by defile · · Score: 4, Insightful

    This probably isn't such a big deal for open source.

    With Windows, whole swaths of the user community are running nearly identical binaries so malware authors have a large attractive market for their worms.

    With Linux, you have virtually thousands of possible binary configurations due to the high prevalence of custom compiled from source and the sheer number of competing distributions with frequent releases. Reduces the attraction.

    DISCLAIMER: Yes, I know, there are players who target niches, this rationale isn't bullet proof.

    DISCLAIMER2: Yes, address space virtualization can't stop all buffer overflow exploits either.