Friday, July 2, 2010

Windows Exploit Protection Mostly Unused by Popular Apps

Via -

According to an analysis by security firm Secunia, very few applications use the Data Execution Prevention (DEP) and Address Space Layout Randomisation (ASLR) features of Windows which can render attacks on vulnerabilities ineffective. In total, the company looked at 16 popular applications such as browsers, media players and office applications.


Windows leaves it up to each application to set specific flags when loading and to signal that DEP and ASLR should be used. While most Microsoft applications frequently use these functions, Secunia say that third-party applications either don't use them at all or implement them only partially or in the wrong way. The Firefox, Opera and Safari browsers, for instance, only support DEP, but not ASLR. Only Google's Chrome web browser uses both options.


According to Secunia, the infrequent use of these options is likely to be another reason for virus authors to target more applications by vendors other than Microsoft.


No comments:

Post a Comment