Linked by Thom Holwerda on Sat 27th May 2006 17:26 UTC, submitted by Ricus
Windows "Windows Vista Beta 2 includes a new defense against buffer overrun exploits called address space layout randomization. Not only is it in Beta 2, it's on by default too. Now before I continue, I want to level set ASLR. It is not a panacea, it is not a replacement for insecure code, but when used in conjunction with other technologies, which I will explain shortly, it is a useful defense because it makes Windows systems look 'different' to malware, making automated attacks harder." On a related note, Microsoft is having difficulties in reaching parity between the 64bit and 32bit version of Vista concerning the amount of drivers shipped.
Thread beginning with comment 128623
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Good news
by bn-7bc on Sun 28th May 2006 10:01 UTC in reply to "RE: Good news"
bn-7bc
Member since:
2005-09-04

Whitelisting is not a bad idea, if the combine it with digital signatures. Here is an example: All windows services ar signed with a cert from MS, the publick jkey for that sert i stored in the whitelist. I know this is not a perfect solution but it at least eliminates the rename problem.
PS: I'm not a PKI ekspert nore an expert on encryption so if I'm wrong please tell me.
If jo feel the need to mod me down, go ahead but drop me a ceommentt telling me why, so I can avoid the same misstake(s) again.

Reply Parent Score: 1

RE[3]: Good news
by netpython on Sun 28th May 2006 10:49 in reply to "RE[2]: Good news"
netpython Member since:
2005-07-06

Or ship Vista with gpg/md5 and let the installer mandatory check all the signatures.Which is a 2nd nature in unix world.The only download sites that have windows apps too with verifiable signatures are sites like sourceforge.

Reply Parent Score: 1

RE[4]: Good news
by elevator on Sun 28th May 2006 10:59 in reply to "RE[3]: Good news"
elevator Member since:
2005-06-29

Or ship Vista with gpg/md5 and let the installer mandatory check all the signatures.Which is a 2nd nature in unix world.The only download sites that have windows apps too with verifiable signatures are sites like sourceforge.
Most (if not all) Windows system files are digitally signed, just run 'sigverif' on your XP box to create a report wether they are still valid ;)

Reply Parent Score: 3

RE[3]: Good news
by elevator on Sun 28th May 2006 10:58 in reply to "RE[2]: Good news"
elevator Member since:
2005-06-29

Whitelisting is not a bad idea, if the combine it with digital signatures.
Well, that would 'reserve' some filenames specific to Microsoft and that would be a very bad idea ;)

Imagine Microsoft creating a new Picture programming naming it "Windows Picture" - wp.exe for friends - imagine WordPerfect liking it that its program is now being flagged as malicious ...

Reply Parent Score: 1

RE[4]: Good news
by rayiner on Sun 28th May 2006 15:59 in reply to "RE[3]: Good news"
rayiner Member since:
2005-07-06

"Reserving" some filenames as specific to Microsoft (actually, specific to the vendor-installed suite of software) is exactly what is desired here. You need some way of segregating potentially malicious software from known-safe software.

An executable called 'wp.exe', if it's not part of the system, is potentially malicious software. It should be flagged as such, regardless of whether it hurts Corel's feelings...

Reply Parent Score: 2