Among the new security features in the beta 2 version of Microsoft Vista is a new backend defense against buffer overrun exploits, according to one Microsoft security expert.
Common in the world of open-source operating systems, address space layout randomization (ASLR) was an 11th-hour addition to the recently-released beta, according to Michael Howard, program manager for Microsoft’s security team. He wrote last week in his security blog that this new feature will make the Windows operating system less susceptible to attacks.
"It is not a panacea, it is not a replacement for insecure code," he said. "But when used in conjunction with other technologies, which I will explain shortly, it is a useful defense because it makes Windows systems look ‘different’ to malware, making automated attacks harder," he said.
Microsoft released the beta 2 version of Vista last month along with beta 2 versions of Office 2007 and the next version of Windows Server – now codenamed "Longhorn."
As the security world further tests the recently-released beta, he is anxious to hear reviews of how well ASLR works within the operating system.
"We added ASLR pretty late in the game, but we decided that adding it to beta 2 and enabling it by default was important so we can understand how well it performs in the field," he said.
The new security feature works by randomly changing the location of key system function data within the system. The idea is to put system code in unpredictable places so that automated malware has a more difficult time finding the files it needs to function.
"In the case of Windows Vista beta 2, a dynamic link library or executable file could be loaded into any of 256 locations, which means an attacker has a 1/256 chance of getting the address right," he said. "This makes it harder for exploits to work correctly. Think Where’s Waldo?"
According to media reports, Microsoft CEO Steve Ballmer said last month that feedback from the latest beta could push back Vista's release, now scheduled for January of next year.