• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 21. Implementing Windows Vista’s... > Thwarting Malware Randomly with ASLR

Thwarting Malware Randomly with ASLR

Microsoft isn’t assuming that users’ machines will never be subject to malware attacks. To that end, Windows Vista implements not only support for the NX bit and continued support for Data Execution Prevention (which prevents malicious code from running in protected memory locations). Vista also implements an open-source security feature called Address Space Layout Randomization (ASLR). This feature aims to thwart some common attacks that attempt to run system code. In previous versions of Windows, certain system DLLs and executables were always loaded into memory using the same addresses each time. Attackers could launch one of those processes because they knew the function’s entry point. With ASLR, Vista randomly loads these system functions into one of 256 memory locations, so attackers can’t be certain where a particular bit of system code resides in memory.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint