09 February, 2007

Vista Vulnerabilities

Two friends of mine Max and Ivan from Core Security talk with SC magazine about one of the weaknesses that Microsoft has not been able to completely close in Vista.

Good article and they are spot on about the ASLR issue. It randomizes memory utilization to help minimize the potential effectiveness (an attempt to get rid of them completely) of buffer overflow attacks. If it is used it will stop a lot and I would put it easily in the 80-90% effectiveness category but not perfect.

This is why I have been pointing to the solution offered by Determina for a while in this category. To be honest I am surprised Microsoft has hasn't bought them yet and integrated their product. I haven't been able to find any instance in which it didn't work to stop the overflow and it protects all the applications on the system.

Update:
I just discovered that Determina has started up a blog. If you get a chance Sandy or Alex why don't you tell us what the difference is between what you do and what he standard memory randomization methods do?

2 comments:

Rob Lewis said...

From what I see, Determina's product is dependent upon announced vulnerabilities, but would not protect against "less than zero day attacks". True?

Robert said...

Not true....Determina's Memory Firewall needs no knowledge of code executions vulns at all to protect them. These are the critical vulns and make up the vast majority of all vulns. Their Liveshield product which is designed to protect against other vulnerabilities does need to know about those vulnerabilities. The key thing to remember here is the fact that these are the non-critical vulnerabilities that do not allow you to execute code on a system.