ALSR in Vista Gets OEM Push

gr00ve writes "Eweek is reporting that all the major OEMs will enable DEP/NX in their BIOSes by default to allow Address Space Layout Randomization (ASLR), a new security feature in Windows Vista, to work as advertised. ASLR, which is used to randomly arrange the positions of key data areas to block hackers from predicting target addresses, is meant to make Windows Vista more resilient to virus and worm attacks." From the article: "Because most CPUs that ship today support DEP/NX, Howard explained that Vista users on older hardware can use the control panel to manually verify that PCs have DEP enabled. With full support from OEMs, Microsoft is effectively using ASLR to create software diversity within a single operating system, a move that is widely seen as Redmond's attempt to address the monoculture risk. The memory-space randomization technique will block the majority of buffer overflow tricks used in about two-thirds of all worm and virus attacks."

grsec

[Jon+Howard]

Didn't grsec implement something like this ages ago?

Linux virtual address randomization

Isn't this the same as Linux virtual address randomization that works without BIOS?

It depends entirely on how you probe

[postbigbang]

You do memory reads and code string matches to determine where modules are loaded, the poke your favorite malware where it needs to go. The signature only is corrupted when the module loads, so you need to write out the corrupted module and change its signature. So, it's not as tough as you're implying at all. Try it sometime. It's great for party jokes.

so how will this affect installing Linux?

[advocate_one]

if this thing is done in the BIOS? will it make it extra hard to do duel boot?

Re:what about the other 1/3rd?

[DrSkwid]

You do know that the people in Microsoft work in parallel not serial.

They don't work on one thing at a time, so quit yer bitching.