.Net Security Flaw Exposed | eWeek

.Net Security Flaw Exposed

Verfasst von
Dennis Fisher
Dennis Fisher
Feb 14, 2002
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

A security consulting company is warning that a security tool included in Microsoft Corp.s new Visual C++.Net compiler is flawed, but Microsoft officials say there is no flaw and that the tool works just as it was designed to.

The problem lies in the implementation of tool similar to StackGuard, a technology used in some versions of Linux that is designed to prevent buffer overflows. However, according to Gary McGraw, chief technology officer at Cigital Inc., a security consulting firm in Dulles, Va., the /GS security check tool doesnt protect native code written with the compiler as well as it should.

“If developers rely on this when they produce native code, theyll have a false sense of security in what theyre writing,” said McGraw. The problem should not affect managed code developed for .Net.

McGraw said Cigital notified Microsoft, based in Redmond, Wash., of the problem, and that the company acknowledged the issue.

The controversy comes at a critical time for Microsoft, which is in the process of rolling out its highly publicized .Net Web services initiative.

Bill Gates, chairman and chief software architect, recently declared security to be Microsofts highest prioritydeclared security to be Microsofts highest priority and has imposed a ban on new code-writing this month as developers comb through existing .Net and Windows programs searching for security problems.

The attack to which the compiler is vulnerable was outlined nearly two years ago in Phrack Magazine, the venerable hacker publication.

McGraw praised Microsoft for its recent effort to refocus its resources on developing secure code and said he believes the company is sincere in its desire to improve its security. However, he said some of the efforts may be misplaced.

“Microsoft seems to be doing the right thing,” he said. “This is a pretty sophisticated attack, but there are better things to do than stick [StackGuard] in there.”

StackGuard is the brainchild of Crispin Cowan, co-founder of WireX Communications Inc., which sells the Immunix secure distribution of RedHat Linux.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.