Linked by Thom Holwerda on Thu 25th Mar 2010 22:20 UTC
Privacy, Security, Encryption It's that time of the year again; that time of the year where news outlets get to indulge in sensationalist headlines about how Mac OS X got hacked in twenty seconds. Yes, CanSecWest just held its Pwn2Own contest again, and they fell like drunk 16-year-olds this time (don't read too much into that one, please).
Permalink for comment 415424
To read all comments associated with this story, please click here.
RE[3]: Windows 7 secure? Ha!
by sakeniwefu on Sat 27th Mar 2010 03:08 UTC in reply to "RE[2]: Windows 7 secure? Ha!"
sakeniwefu
Member since:
2008-02-26

Well, of course DEP doesn't protect you from a buffer overflow in VM code overwriting your BASIC program, from the CIA, or from you doing sudo evil script. Its target is clear, it makes data execution impossible.

If ASLR is applied on everything on loading the only way the attacker could know the address of important functions is intentionally revealing it or it not being very random in the first place. It would of course be better if the programs didn't link-in the functions in the first place.

Buffer overflow exploits(even when the bug is present) are also a lot less likely if heap addresses are also randomized which Windows does at least to a degree if I can believe Wikipedia, but Linux, for example, doesn't and gives you(by default) the same blocks over and over. You can predict where things will be.

So Windows has implemented good techniques but has other problems which invalidate them. They also have all the other ACLs, jails, managed code, etc. features, that execution prevention naysayers defend as the ultimate solution and that seem to be bypassed easily all the time, without using CPU bugs or whatnot. You see that in the exploits the part they boast about is always breaking EP.

The sudo evil script problem is unfortunately unsolvable, ars(I think) had an article recently on how people would *forward* spam. However, that doesn't mean that exploit prevention is useless. Some people are less gullible than others; they deserve some protection even if it isn't perfect. Maybe you didn't notice, but we don't have viruses anymore like in the 90s.

Reply Parent Score: 2