OS of the Future: Built for Security

 
 
Posted 2010-04-08 Email Print this article Print
 
 
 
 
 
 
 

Software vendors have been making their products more secure and have been providing tools and best-practice guidelines for application developers to improve security.

By: Larry Seltzer

As far as security goes, the operating system of the future is, in many ways, here today. Led, somewhat ironically, by Microsoft Windows, operating system vendors and some other software vendors have been making their products more secure by default. They also have been providing tools and best-practice guidelines for application developers to improve security.

If everyone adopted the most current versions of software and followed state-of-the-art practices in software development, the future would be here today. Alas, things are never that easy.

The Internet caused the escalating software security problem, and the protection of Web browsers and other Internet-facing software has been the greatest imperative of security developers. The techniques designed to protect these programs will find their way into other applications and the core of the operating system itself.

Recent security research has found limited cracks in the walls put up with DEP (data execution prevention), ASLR (address space layout randomization) and other systemic protection technologies. But the developers of these protections understand that they're not impenetrable barriers; they are obstacles put in the way of exploits, making it harder and harder to accomplish them. The more such obstacles that are put in place, the harder it is to carry out a real-world exploit-as opposed to a laboratory one-and the less serious the implications of the exploit will be. This is called defense in depth.

The good news about these techniques is that they should not change the way applications operate-except for certain egregious cases-and you get the security for free. They make some programming techniques, self-modifying code in particular, the inherent problems they should be. The real problem, which we have been experiencing for the many years that DEP and ASLR have been implemented in Windows, is that many applications we use don't opt-in to them.



 
 
 
 
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel