Browsers are presently the most attacked software, so it is imperative that browsers take full advantage of the defenses offered by the operating system. Windows Vista offers many defensive enhancements designed to protect PC users from malware. Applications that run on the platform should take full advantage of these defenses, especially the applications using the Internet Explorer.
In the case of Internet Explorer, some of the Windows Vista defenses only come into play when all components consumed by the browser support the defenses. The purpose of this article is to provide a summary of the Windows Vista ISV security features for the Internet Explore (IE) based applications for software developers and vendors to take advantage of the defenses to protect the PC end users.
Windows Vista incorporates numerous defensive strategies to protect PC users from exploits. Some of these defenses are in the core operating system, and others are offered by the Microsoft Visual C++ compiler. The major defense features in the Windows Vista ISV are:
- /GS Stack buffer overrun detection: /GS is a compiler switch that instructs the compiler to add startup code and function epilog and prolog code to generate and check a random number that is placed in a function's stack. If this value is corrupted, a handler function is called to terminate the application and reduce the chance that shell code that attempts to exploit a buffer overrun will execute correctly.
- /SafeSEH exception handling protection: An exception handler is a unit of code executed when an exceptional condition, such as a divide by zero, occurs. The address of the handler is held on the stack frame of the function and is therefore subject to corruption and hijacking. The linker included with Visual Studio 2003 and later includes an option to store the list of valid exception handlers in the image's PE header at compile time. When an exception is raised at runtime, the operating system (Windows XP SP2, Windows Server 2003, Windows Vista, and Windows "Longhorn" Server and later) won't dispatch to an address in that image other than the exception handler addresses in the PE header.
- No eXecute (NX) / Data Execution Prevention (DEP) / eXecute Disable (XD): Named NX by AMD, DEP by Microsoft, and XD by Intel, this technology requires CPU support that helps prevent code from executing in data segments. DEP support was first introduced in Windows XP SP2 and is a critically important defense in Windows Vista, especially when used with ASLR.
- Address space layout randomization (ASLR): ASLR moves images into random locations when a system boots and thus makes it harder for shell code to operate successfully. For a component to support ASLR, all components that it loads must also support ASLR. For example, if A.EXE consumes B.DLL and C.DLL, all three must support ASLR. By default, Windows Vista will randomize system DLLs and EXEs, but DLLs and EXEs created by ISVs must opt in to support ASLR.
Heap randomization: When an application creates a heap in Windows Vista, the heap manager will create that heap at a random location to help reduce the chance that a heap-based buffer overrun
- succeeds. Heap randomization is enabled by default for all Windows Vista applications.
- Stack randomization: When a thread starts in a process compiled with /DYNAMICBASE, Windows Vista moves the thread's stack at a random location to help reduce the chance that a stack-based buffer overrun will succeed.
- Heap corruption detection: Heap corruption detection is the ability to fail an application if the heap manager detects that the application has corrupted the heap, or the heap becomes inconsistent. This setting does not only detect heap-based buffer overruns, but certain illegal operations, for example, freeing a pointer to the wrong heap will also fail the application.
Related Terms:Windows Vista Security, IE security, Vista ISV security