Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: On the effectiveness of DEP and ASLR

13 Dec 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
On the effectiveness of DEP and ASLR

Quote:

DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization) have proven themselves to be important and effective countermeasures against the types of exploits that we see in the wild today. Of course, any useful mitigation technology will attract scrutiny, and over the past year there has been an increasing amount of research and discussion on the subject of bypassing DEP and ASLR [1,2]. In this blog post we wanted to spend some time discussing the effectiveness of these mitigations by providing some context for the bypass techniques that have been outlined in attack research. The key points that should be taken away from this blog post are:
  • DEP and ASLR are designed to increase an attacker's exploit development costs and decrease their return on investment.
  • The combination of DEP and ASLR is very effective at breaking the types of exploits we see in the wild today, but there are circumstances where they can both be bypassed.
  • Exploits targeting Microsoft and third party vulnerabilities have been created that are capable of bypassing DEP and ASLR in the context of browsers and third party applications.
  • We are currently not aware of any remote exploits that are capable of bypassing DEP and ASLR in the context of in-box Windows services and various other application domains.
  • Knowledge of potential bypass techniques directly informs our future work to improve the robustness and resiliency of DEP, ASLR, and our other mitigation technologies.
On the effectiveness of DEP and ASLR - Security Research & Defense - Site Home - TechNet Blogs


My System SpecsSystem Spec
.

13 Dec 2010   #2
Lomai

Win7 HP (x64)/Win7 Ultimate (x64)
 
 

Thanks for the informative post Jan.
Have a great day
My System SpecsSystem Spec
Reply

 On the effectiveness of DEP and ASLR




Thread Tools





Similar help and support threads
Thread Forum
Is SAS loosing its effectiveness?
Hi everyone in all the recent or old MRG Flash test SAS performance is very poor. Is it loosing its effectiveness? What you all think? MRG Product Comparison | MRG Effitas
System Security
MSE effectiveness ?
I am beginning to wonder MSE effectiveness. Is it not supposed to catch malwares, viruses and other malicious softwares ? I just ran malwarebytes ( I did that almost weekly ), and it caught 7 infections. Would anyone please tell me what those are ? Do they have anything to do with You-tube...
System Security
Speedboost effectiveness
How much of an actual performance boost does readyboost actually have? If anyone has any realtime benchmarks I'd like to see the data. Cheers.
Performance & Maintenance
effectiveness of win7 monitor calibration?
hello, been reading about win7 monitor calibration for color matching at microsoft site and how to do it. don't have win7 yet tho. is this monitor calibration effective? colors on monitor and printed materials match pretty well say compared to 3rd party calibration tools? thanks for the input....
Graphic Cards
Security Firewalls(ease and effectiveness)
I use Comodo Firewall 3. I have it on safe mode and it pops out a few alerts now and then and it learns most of the stuff(it would help if you are a hardcore pc person, which I am not) but still I think it is a pretty good firewall. Not sure though if me leaving it on safe mode and not tinkering...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App