A security feature used in the open-source world is now helping to harden Windows Vista against buffer overrun exploits.
Microsoft has quietly fitted the feature, called ASLR (Address Space Layout Randomization) in Windows Vista Beta 2 as part of a larger plan to make it more difficult to automate attacks against the operating system.
“Not only is it in Beta 2, its on by default too,” said Michael Howard, senior security program manager at Microsoft in a blog entry announcing the news.
“We added ASLR pretty late in the game, but we decided that adding it to beta 2 and enabling it by default was important so we can understand how well it performs in the field,” Howard said.
Howard, who wrote the book on Microsofts highly-touted SDL (Security Development Lifecycle), stressed that ASLR is not a panacea or a replacement for insecure code but said it could serve as a “useful defense” against malware attacks when used in conjunction with other technologies.
Several open-source security systems —OpenBSD, PaX and Exec Shield – already implement ASLR, which is described as a security feature that randomly arranges the positions of key data areas to prevent malicious hackers from predicting target addresses.
“[It] is a useful defense because it makes Windows systems look “different” to malware, making automated attacks harder,” Howard said.
“In short, when you boot a Windows Vista Beta 2 computer, we load system code into different locations in memory. This helps defeat a well-understood attack called return-to-libc, where exploit code attempts to call a system function,” Howard explained.
He said the job of ASLR is to move these function entry points around in memory so they are in unpredictable locations.
In the case of Windows Vista Beta 2, a DLL or EXE could be loaded into any of 256 locations, which means an attacker has a one-in-256 chance of getting the address right.
“In short, this makes it harder for exploits to work correctly,” Howard added.
In PaX, which implements least privilege protections for memory pages in Linux, ASLR is used to shuffle the stack base and heap base around in virtual memory when enabled.
This makes it difficult to launch attacks that require the known location of these areas.
Microsoft believes that the addition of ASLR in tandem with other major security enhancements in Windows Vista will raise the bar in the fight to thwart malicious hacking attacks.
Beyond ASLR, Howard pointed to /GS, a compile-time option in Visual C++ that adds stack-based buffer overrun detection. On by default, he said /GS juggles around some of the function arguments and the function stack variable to make some classes of attack harder to pull off.
In Windows Vista, Howard also mentioned /SafeSEH, Data Execution Protection and Function Pointer Obfuscation as technologies that help to lock down Windows Vista.
The software giant also released a white paper (available here as a Word doc) to highlight the array of security advancements in Vista.
They include the use of the SDL process, Windows Service Hardening, mitigating buffer overruns with hardware protection, and kernel patch protection and mandatory driver signing.
Windows Vista will also feature User Account Control, a new log-on architecture, network access protection, easier smart card deployments, and various technologies to protect against malware and hacker intrusions.