Microsoft’s use of code-scrambling diversity to secure Windows Vista is getting crucial support from OEM partners.
The Redmond, Wash. software giant has convinced major U.S. computer makers—including Dell, Gateway and Hewlett-Packard—to make default changes at the BIOS level to allow a new Vista security feature called ASLR (Address Space Layout Randomization) to work properly.
ASLR, which is used to randomly arrange the positions of key data areas to block hackers from predicting target addresses, is meant to make Windows Vista more resilient to virus and worm attacks.
However, for randomization to be effective, DEP/NX (Data Execution Prevention/No eXecute) must be enabled by default.
During a three-day conference to in November 2006, Microsoft security program manager Michael Howard said he pleaded with OEMs to enable DEP/NX in the BIOS by default on all their shipping PCs in time for Windows Vista.
Howard, a key evangelist for Microsoft’s SDL (Security Development Lifecycle) process, used his personal blog to announce that all the major OEMs “have agreed to not disable DEP/NX in their BIOSes by default.”
“This is huge,” Howard declared. Because most CPUs that ship today support DEP/NX, Howard explained that Vista users on older hardware can use the control panel to manually verify that PCs have DEP enabled. With full support from OEMs, Microsoft is effectively using ASLR to create software diversity within a single operating system, a move that is widely seen as Redmond’s attempt to address the monoculture risk.
Continue for more info….
Windows Vista Randomization Gets OEM Thumbs Up