Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Microsoft Finds (Random) Way to Secure Vista



 By: Ryan Naraine
2006-05-30
Article Rating:starstarstarstarstar / 1


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The software maker has quietly fitted a new technology called Address Space Layout Ramdomization into Windows Vista Beta 2 to help block buffer overrun exploits.

A security feature used in the open-source world is now helping to harden Windows Vista against buffer overrun exploits.

Microsoft has quietly fitted the feature, called ASLR (Address Space Layout Randomization) in Windows Vista Beta 2 as part of a larger plan to make it more difficult to automate attacks against the operating system.

"Not only is it in Beta 2, its on by default too," said Michael Howard, senior security program manager at Microsoft in a blog entry announcing the news.

"We added ASLR pretty late in the game, but we decided that adding it to beta 2 and enabling it by default was important so we can understand how well it performs in the field," Howard said.

Howard, who wrote the book on Microsofts highly-touted SDL (Security Development Lifecycle), stressed that ASLR is not a panacea or a replacement for insecure code but said it could serve as a "useful defense" against malware attacks when used in conjunction with other technologies.

Several open-source security systems —OpenBSD, PaX and Exec Shield – already implement ASLR, which is described as a security feature that randomly arranges the positions of key data areas to prevent malicious hackers from predicting target addresses.

Can Microsofts Bitlocker Save Us from Ourselves? Click here to find out.

Resource Library:

"[It] is a useful defense because it makes Windows systems look "different" to malware, making automated attacks harder," Howard said.

"In short, when you boot a Windows Vista Beta 2 computer, we load system code into different locations in memory. This helps defeat a well-understood attack called return-to-libc, where exploit code attempts to call a system function," Howard explained.

He said the job of ASLR is to move these function entry points around in memory so they are in unpredictable locations.

In the case of Windows Vista Beta 2, a DLL or EXE could be loaded into any of 256 locations, which means an attacker has a one-in-256 chance of getting the address right.

"In short, this makes it harder for exploits to work correctly," Howard added.

In PaX, which implements least privilege protections for memory pages in Linux, ASLR is used to shuffle the stack base and heap base around in virtual memory when enabled.

This makes it difficult to launch attacks that require the known location of these areas.

Read more here about the first security patch issued for Windows Vista.

Microsoft believes that the addition of ASLR in tandem with other major security enhancements in Windows Vista will raise the bar in the fight to thwart malicious hacking attacks.

Beyond ASLR, Howard pointed to /GS, a compile-time option in Visual C++ that adds stack-based buffer overrun detection. On by default, he said /GS juggles around some of the function arguments and the function stack variable to make some classes of attack harder to pull off.

In Windows Vista, Howard also mentioned /SafeSEH, Data Execution Protection and Function Pointer Obfuscation as technologies that help to lock down Windows Vista.

The software giant also released a white paper (available here as a Word doc) to highlight the array of security advancements in Vista.

They include the use of the SDL process, Windows Service Hardening, mitigating buffer overruns with hardware protection, and kernel patch protection and mandatory driver signing.

Windows Vista will also feature User Account Control, a new log-on architecture, network access protection, easier smart card deployments, and various technologies to protect against malware and hacker intrusions.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.





  Reader Comments: Microsoft Finds (Random) Way to Secure Vista
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


xr80VӮc*d[.kڲ<<ձ $)RCRUω}}.Kurw&D"H@goOD.\ݴ1ܦd轿O$}L9UQ#C3W)9bPg34mzΠN@\}@^cfwD%x_'Щ=ѩ€wɄZIPQߗ>}^~l .hrL⎲IlG tuG`azNvn3gGd #B=x:a/M˟ m׸ڮUX'[vkx!BP#"F\ςݻHbRvn8Gd`jI:D*"4C6S!p 5\`p)jHZ6tG,> H>P7sIzV@daS/*! lpa+j)y'C,f uȭC ¿{׳߂Cݸ{1ܳL`E-"'l,R ?q7uBaH&5\O, "9ˡ,ft0eȆ}{RM*QR,הby/^[,YpozzJY4Euz ? n0uh;@Ry] Z >g}rԺx'7;Aڼ7@o&3W`JLTRBhd" Pc@GNj,{/BrM7JQ߹ZVH+(.##-byOa`%pfQUrnOgsKߺnZ:9?nΐ}3fP+M~(#3hؕgxg_:nNo9nڗݛ9^֧Iٝ{N4ps Z_Zzn`Kk']MXCyC0-ߕRMRs~:?_$>_OHN‰,Oɿ `HBm۲ܺ̑\R yka(7f`X@7? eR2\ML9X@/@ש#4j5t-Mn #dLi&ϭzh-Aho*KLru&@Sk~$M ]sb.L2o<|)mR—U/(AK/- 5|*(If(;΀/3A.r)i  6=aL+^,4l.k\כUsNVVt];7eя0-*<7Z)]u/{]iz-xX18,]evr`\\Է7JG_)Ab/*5U9=|Qnl :2X jX1nґ>σutSOgG|JMk>uI< EC#ɠ:ڴ{\V4!>F&MЀ/Qp{4ڭm= K!pI}xXS9&ztH۠h&r=kIׇ.[?? ; G`p]&; xk =`Dt#` V< 2/?>axs݀ܧP}-{`sDoweC97(3JdN˵K }*@FH hI#r Bг1,`@o%``P􎄰R1iJlRi wRTD;7 KŔ=*%nqR%a 934YIjL=?n1!UG,D`v9J,L.[ ϴ6je[+R,4T(9 +ZIQ Q#U^?uw<-vF΍`?Y^0~)iBI ?,xpoFaB?9fѦ)C&==-f ӛmSZԛ01M,dk6q/}j0&{b6g{A3uOP#'Կ ;77u9\v,_zt?GcNEikJ/ι7M)j`>J7n2gNP/h|WY 3EDVhdF!zC2{١[[3R;= Mrʳ&#@7X>ť`N)mtй+>q^uiԚv ei6[KͦE[1(Ŀ+úZjp Hoh koռe_xum8Hi+-m"rB`}.e6GQ4ӫlJ Ւd6\{8`OEMĽ~G*+i#SOoZrirX,y|-lD0(2n( _L)mT.mT^͇gΧމ;i6E7{Lӧ=<fM\?&)'V KxZU5S=#kQb恊7_E30kŠ%lDo1c*ttf²익Vה])/߬(g׭y+U}>8`CLmRGM}Bu߲gWKHZS@ٰ\R ~j"yd\s˰e0ئ\Q݂+ RN0})Xk±&>,<<+ځh0A  ~HLb6Р B@U.(L19r2b*X[PTB$ᦼ6t߂ĒbtXQ =j={e|h3ʫ22 yӅZ JLqrheU-UjR9_V2:EƟQp{VN0aE>yL F<|˰"U` }JZYPIb+ģCYV WMUpn`wy~t=t@hCxZ &`i@%p LM{jNwg `Z~mʀkG2gdQhVz\ 4ex.N3 ac>/i)TGEXqkX #=O f+(U|dy5&QrMuE l&ŏh(UrmVՏC~=բ,A%MP*jIIz, :{Zbke`WPF4`W&{\x&\_{sƋ(bo)Q^rSW".wD<7Ϩ;}Nb 4PG }f q iv< Xd;ɲ#X׵I7$#ְS#nƭj`.ӪV$,: <d=^UJ&2%SS5  qΟݚr`>xIn6J墦Ak R;qO;a#ұLp ( rA-ã,z(d2rYjdP\xO}+tSZ‚'T'.n\'7ƒ"'!Z+53,qvë eVqc^?3Z cS7=J _BQ`nо(&wmOI@ NEw%]7!)hl{ٗΚCeax!wl0q%՝b"f0BٺCO,,mSsS)y# m$jRSfj# $_2 I,v+6htlAzW jÚ]e /.iw>6D20@u\e0 `qo4/‰@P V QגZ4ҫoeW!9 \lj9l0`&0!9ϫ|1{~U*۞N #H1?g'q?Kȸt2Ti 'sXsw{ѺB ?݁C5=ICw5FO.Ս A/h9GQb0&x&4Ndywy#KxEıTrcc䰎*hu5nWe gNuA?K.}Ҽ跮Is09nJs t#k5yׅO>4wX\/f8#- LwzF]YFg 'okI}i^w7Uzy J}~Nl/t:D(jy[a{wCWȪ̅S.{ۋNgS^q,<ctH_:`@L6COځ{W-3(#{F-޸2{K7+x=*~'Lw.z@z@pw{Zg%QJ=,qM@jjiIr\"~^YZ䑽DHڃ}AuU6m>=-3'K-h<^79wBf#EVާA3  <.upEWRSIXb %kcxhgP;#Tx^Sk^&1lhEUR.M&M.nb;k,s= ~`҇v-`byjW *|Irol7 &[,&,cʰ d]﮶YMh4ܷ Tk gKikNSuL$gC1aQT(r[3"6 * /LUP,VbgLd>J^I?xD ^\V{)ܒrI|[ *U j)N4IҤ1"$wZy4CJV%rLybdr}\ ])y9/hd9(.`0nS/X3Jk . eъ =xpb/?/:\gGd&+@Yfd'PBbQ)A<ݩWkUiIlxF@]DC<+NZ+K)%Pn#'З>24\3@$H !8&Dvù[2R)Cthv0OtAǺbV?Bx?7x !b'%H_܉*IZu[+8%f+07^sYDB4 X0c}|BCO3P@ -o՞BsOxiWˮ,imM|u`eKgKӧSotVB`X["pllWo'Jj2HLnw$]Yc\e:G9`WAd!夎6,WLQ$vcAWV.ʹ/ `[9ӆGGvA;DJv6kKۋ/rr/kK>}q?o"}&,ʠjY|7=`ZBSxn}jnRc걛3$ [{Hƕk[D*jJmxSn`l-ؚK,"KPkitNg`}مLvtOjE4]v3TQrMyT)LKb$*ghU7LݒJYtltw,Lb~u{իx$^旈<7'J6ƫdcz[y})};9HeH]>BGwrJgn`o~I+C"]EH¹C" 7 /DhB4Җb^Dl6`Gmwaa Ff&6\Pnc"5@GBr09,"`X$Elt bc8IxkSg36dfph6_fؐ)l%I"q0M? +┉fnmOd%sH4pEXWȓ z`]g4ε7 5Otx_ڋK۪_h{T_߷846̫ 꿓$yQi1n9M,C"&Hm~0 CǤ˜oOuX6NK^IfFʼn߳yx](Z@lng+hV9T7F_@gf`d[?qCb$J5 !^tEw'y{Dd|?/Y?`CP}fw1!s]2QQ Q?E7Хw^xH)LE|+A$㷈mD#ঀE~xg Uܘ;@[5=eׂ'"baw9Ƕ-ҦVG1cpXDWH e _M Ba[D0‡.-c61ʵm <~܋."(C^PB^Y’KM=1Ior9ꚚrM2l @~LZC O]c)I5ˋpAE!Lj<桠e3)Mu{0`2ΩTh,ZNx%Tȥc.ZE%>%KZk^YR+Ȉz~btτƌWFSj9椷 GgTG`J'RM`o}Ũ&@ mNhCy?Vz^3Zk]7X;Xifyb+n'-浻sx"(ͪND`hݐȓPc2,:bp'찔?15l,.J1]Эat{G )(5 /U@8AnIݲY9K·(17դ`(8N9@}x+VzK"?{|5 ̋XL t4*$:em;A=~yDLRO\ND_K_!߰VIm{7R[ $y?ZED$ q?4uӻhzxX2Lp@VXț6\@S_q}țņc 'lI<R+Mw7t'le1qٵs uǤZ 45aBXRA~#ϝ@<`"1a9=g3b2_lPL A۾bbWoP$P`+wdcF||9OߟD:Ũdt]\UP*@J>S|??'~?UKL)awSa/xƔSL\fF"O-c8tv'+ˬNCA|8Lmk;Λ}-AG,G71=` ?ET&nK qb$P!%h$`x=9`1I@2߰LPbJU(IhRW|:P |+R0cU-%+_coSwV7X z+i+K9Iˑ;^h`u0 }a3brOtv ͫ{M"ǽUݽ$ǭ l¶-r5uwO?t>/[W~qfy0calB_d_T 3',C rv촘28SΘksYx9% E*w8l,x#UzUzu7M&6IBuӲrϏПxu3K߬9q Χ65A^^Z$I 'M& OH8SD^u'Vn"W(57(-ʯ74S](f#7 N['P~ sA?n.?o\}Qkg3ˌr;r_{埡 fF'c|:'dv2t2;w?;d'eSF9gQށNF9e^\f%eu݌wAt3OK7C\\e5uN0fF9_?}OP)'ߧ @MV9M@7d_ryʛrּ…)qFy)8RErXB]eנ{'sg+I4^a芪g-5n ǸJuv ^_A5KHe^ۛTCGPYpKxEó##htoĶ.p&}:=Wvl+Jy.)ܲ}:QOXE)9K8G#i@Aק3/{ "X ½p'<1 }^f1.? vt{r.v,/:v#y _^'[_u}MoMg:S?|YV&@Y8'}Q?Ѱs3@z:}K=sqocus`In6J墦 V˕R;qO;F"ðʩITMVYI2ZYrF(RB4|O۴W)]7tSsc<{+4аY-}?"z5~L@-1"1/cA6of)3^86սD<gM~ o2P e Sbb{ˈTbT|Jx^nZpoKH2hؐ,sv[F0 |wF4 gjy }dy0\9+hw]V=ȾwF=C_,x u0{ T zB΄[6пCfs%(M 9@:՞/{n:aKƈ DMKIn_!m/IgOɱ-yCo`b)HC$axap&t}9AwI{mX?ap[NҙmzwzIcYq9Q3IHxL´kDW Lm&Ĵ`Տ7㣭A{=0&FӴFo"9݌ţ:aс(Yc{XnD82sz 2&6u;ݹnK\ؓJq}l8=;t؆"4 ]ݸ3EK~xR Hn2* -170ƚ 9KPO"cv#%0u݁cOit>x*8" 2H 2s{B|%؄Z{JfB2,'KY݇Є2t\~57, {+2‡_i 궯MgA۾"=מ X?(ނ!نIf;W1^{#E3dưz< RƠ^,_/uY{N6 )4M뚈βR$.t(W*aʹD.v =c"1b9?v"ㅰx!Z^y|XT ,sD?>K:[S1U)֒_6/gwǁ;ysԷeEQ&PL¶c)JqiХŤO[=$sDs݅ ߠ(b/<% *m.X&">m?'.}Nu;H' "@2drtPŗ;ױ) Mm'#84B>ԼlQ޺qml.; +C&:bz:SA\W (9|x@NlM5\c :۳|?Oe Lt8/o90kn>7Q$L{ izQZˬ`+슧p ?dtE#b[p!@>pM֧*QTD KQ)Ybd㜙o-rxgsg_(LWvm:yDt ] D hC'k_2ue>vį-ǬvJ^St 7tlmb @J\ D73D*| X^c 0У,:09G5-E6Z.^sƠ{e75wSF f#gy= `5>gvC%=\s.&tĵa=Jz`g^VXvQJeǐy6xL 2V*wN㛼VtƦI:1qzRSVs0v&b(1lS24K_jj*JlxTʉi07Nw6̈́ В^&Ůvbec7Ss )