Many Popular Windows Apps Ignore Security Options
eldavojohn writes "The latest versions of Microsoft Windows have some good security options available — now if only they could get their most popular third-party applications to use them. A report from Secunia takes a look at two such options — DEP and ASLR — and Brian Krebs breaks down who is using them and who is not. A security specialist noted, 'If both DEP and ASLR are correctly deployed, the ease of exploit development decreases significantly. While most Microsoft applications take full advantage of DEP and ASLR, third-party applications have yet to fully adapt to the requirements of the two mechanisms (PDF). If we also consider the increasing number of vulnerabilities discovered in third-party applications, an attacker's choice for targeting a popular third-party application rather than a Microsoft product becomes very understandable.' Among those with neither DEP or ASLR: Apple Quicktime, Foxit Reader, Google Picasa, Java, OpenOffice.org, RealPlayer, and AOL's Winamp. While Flash player can't implement DEP, it does have ASLR. Google Chrome is the only popular third-party application listed with stars across the board."
It's worth noting that several apps highlighted in the Secunia research paper have added support for those security options in recent patches, or are in the process of doing so. Examples include Firefox, VLC, and Foxit Reader.
The real trolls are the ones that mark the OP as a troll...you guys think MS should get a bye on this? You're just as bad as that fucking brain-dead corporation. Suck my ass!
MS just doesn't care beyond kissing up to investors. Never have, never will.
cry more about it, fatty
It strikes me that quite a few of these third party programs listed are crossplatform in some form or another. I'm not at all surprised that they don't see the point in implementing a dubious security feature that would only work on recent versions of windows, when they could focus on more important matters.