Just sharing some of my inconsequential lunch conversations with you... RSS  

Thursday, May 28, 2009

Windows 7 overrun buster

It seems like Windows 7 is raising the security bar. According to The Register:

Microsoft engineers have fortified the latest version of Windows with a feature designed to make it significantly harder for attackers to exploit bugs that may be lurking deep inside the operating system.

Though this doesn’t avoid all overruns, it blocks the most common exploit technique for pool overruns. “It doesn't mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker."

It seem like Microsoft is on the right track:

"This is smart," said Charlie Miller, who as principal analyst at Independent Security Evaluators has successfully exploited weaknesses in Windows, OS X and Linux. "I think they're trying to stay ahead of the curve."

Attacking this problems at the kernel level and raising the development security recommendations is the right way to keep Microsoft ahead of the security game. And I love the way they ended the post:

I wonder when Larry, Steve and Linus will start banning strcpy() in their products?

No comments:

Development Catharsis :: Copyright 2006 Mário Romano