Linked by Thom Holwerda on Thu 25th Mar 2010 22:20 UTC
Privacy, Security, Encryption It's that time of the year again; that time of the year where news outlets get to indulge in sensationalist headlines about how Mac OS X got hacked in twenty seconds. Yes, CanSecWest just held its Pwn2Own contest again, and they fell like drunk 16-year-olds this time (don't read too much into that one, please).
Permalink for comment 415368
To read all comments associated with this story, please click here.
RE: Windows 7 secure? Ha!
by sakeniwefu on Fri 26th Mar 2010 14:37 UTC in reply to "Windows 7 secure? Ha!"
sakeniwefu
Member since:
2008-02-26

DEP is 100% unbreakable if permissions are set correctly. And that's not really difficult. The problem is that lately everybody and his hamster is playing with JIT which forces you to have code to set and unset permissions.

Even then, full ASLR should protect you from that. In this case the problem is that you can know where a function will be, at some point the OS or the program itself is giving out too much information. In any case, Windows ASLR is more complete than Linux's; and MacOS X's is even worse and only available in the latest version.

More importantly, the jail was broken, and each new exploit for IE8 finds a way of breaking it, so the people that rely mainly on jails instead of trying to prevent the code to run in the first place are the ones that should be getting really worried. Windows is on the right track by doing it all. Windows 7 is not your grandpa's Windows 98.

Reply Parent Score: 2