Microsoft forces BIOS changes
by Brian Turner
If you're new here, you may want to subscribe to my RSS feed. Thank you for visiting!
Microsoft has secured an agreement with PC manufacturers to add a change at the BIOS level to improve security in Windows Vista.
Microsoft’s Address Space Layout Randomization (ASLR) feature could make automated, large-scale attacks significantly more difficult.
ASLR relies on Data Execution Prevention (DEP), another new Vista security feature, in order to function fully. DEP is also known as No Execute (NX). PC manufacturers have the ability to disable DEP at the BIOS level, and may choose to do this if they are concerned about application compatibility.
Now, however, all major PC makers have agreed to enable DEP by default.
ASLR involves arranging the positions of certain data areas, such as the position of libraries, heap and stack, randomly in a process’s address space. This means that security attacks, which rely on these components having predictable target addresses, have a low chance of success when ASLR is in place.
ASLR has been used previously in the OpenBSD Unix variant and the PaX and Exec Shield security patches for Linux. Most newer PC processors support DEP. However, DEP is currently switched off in Internet Explorer by default because it can make plug-ins fail.
Questions? Discuss this in our Internet Business forums for help and advice
Story link: Microsoft forces BIOS changes
Add to Bookmarks:
Related stories:
Leave a Reply
Previous: « MIME encoding could exploit anti-virus
Next: Forrester in damage limitation over Apple iTunes report »
Visited 1125 times, 2 so far today