Security Bonuses for Vista Programmers
June 16, 2008 – 2:46 PMIn this era in which software, especially prominent software, must be presumed to be under attack, you need the best tools to defend yourself. Much has been made of security features built into Windows Vista, such as IE Protected Mode, which accrue to all users. However, programmers can easily gain new security defenses for their applications if they code Vista-specific sections in them.
Some of these facilities are famous and don’t actually involve any coding changes at all, at least not for their own sake. Take ASLR, or Address Space Layout Randomization. This feature loads program images into random locations, making it hard for shell code in many attacks to run reliably. Note that this defense presumes that the attack code has begun executing, but it prevents it from doing meaningful damage. All a programmer has to do is to link the program with a relatively modern version of the linker and use the /DYNAMICBASE linker switch.
What happens if attack code executes in an ASLR program? The program will almost certainly crash. This is a good thing, in the sense that it’s a lot better than the shell code in the attack program executing. This is a common theme among many of the new Vista-specific defenses.
DEP, or Data Execution Prevention—also known as NX support—is similar in effect. All reasonably modern processors, and certainly anything that can run Windows Vista, can be set to throw an exception when program code is run from an area marked as data. This is a fundamental technique for vulnerability exploit: Send data to a program that tricks the program into transferring program control to attack code sent by the attacker, and this code will inevitably be stored in a data area such as the heap. All programmers need to do to take advantage of NX is to link with the /NXCOMPAT switch. This is not a Vista-specific feature, by the way; it was added in Windows Vista SP2, and even after all that time relatively few programs opt into it, which is both surprising and appalling. We should expect more from developers.
You must be logged in to post a comment.