mb
Mar 1st, 2007

Two New Vista Papers by Symantec

Today Symantec released two new whitepapers about security protections in Vista: Analysis of GS Protection in Windows Vista and Analysis of Address Space Layout Randomization on Windows Vista.

Although my last blog post criticized Symantec for its hyped FUD, these two papers, by the same author, definitely provide some good information and demonstrate the thorough research that Ollie Whitehouse has done on this matter. Furthermore, the author clearly states the true issues here and provides detailed research notes.

It’s important to note that these papers aren’t just about flaws, they provide useful explanations of how ASLR and buffer security checks work. Unfortunately, most media sources will likely see this as a Symantec-finds-major-flaws-in-Vista-security-model story but this is what it comes down to as far as flaws are concerned:

  1. ASLR (Address Space Layout Randomization) is not as random as it should be, thereby reducing its effectiveness, but still not invalidating the layer of protection it provides.
  2. There are about 150 binaries, some created by third parties, in the Windows directory that do not use GS buffer security check.

I would consider these issues, based on the current threats, to be minor at this point, but they certainly are things Microsoft should address as part of a continuing evolution of Vista’s security model.



2 Responses to “Two New Vista Papers by Symantec”

  1. # zers.net » Blog Archive » Two New Vista Papers by Symantecon 10 Mar 2007 at 12:03 am

    […] Read more here: mb […]

  2. # Online Backups » Two New Vista Papers by Symantecon 22 Mar 2007 at 2:14 pm

    […] More here: mb […]

Trackback URI | Comments RSS

Leave a Reply