Microsofts use of code-scrambling diversity to secure Windows Vista is getting crucial support from major OEM partners.
The Redmond, Wash., software maker has persuaded major U.S. computer makers—including Dell, Gateway and Hewlett-Packard—to make default changes at the BIOS level to allow a new Vista security feature called ASLR (Address Space Layout Randomization) to work properly.
ASLR, which is used to randomly arrange the positions of key data areas to block hackers from predicting target addresses, was added late in the Vista beta process to make the new operating system more resilient to virus and worm attacks. However, for randomization to be effective, hardware-based DEP/NX (Data Execution Prevention/No Execute) must be enabled by default.
At a conference of technical staffers from Microsofts OEM partners in November, Michael Howard, Microsofts security program manager, said he pleaded with the OEMs to enable DEP/NX in the BIOS by default on all their shipping PCs in time for Vista. Howard, a key evangelist for Microsofts SDL (Security Development Lifecycle) process, used his personal blog to announce that all the major OEMs “have agreed to not disable DEP/NX in their BIOSes by default.”
Because most CPUs that ship today support DEP/NX, Howard said Vista users on older hardware can use the control panel to manually verify that PCs have DEP enabled. With full support from OEMs, Microsoft is effectively using ASLR to create software diversity within a single operating system, a move that is widely seen as the companys attempt to address the risk of monoculture, where the pervasiveness of a single operating system presents a major threat to global computer security.
The memory-space randomization technique will block most buffer overflow tricks, which are used in about two-thirds of all worm and virus attacks. When used with other technologies, ASLR provides a good defense against malware attacks, Microsoft officials say.