Kenneth F. Belva

FUD: Kaspersky Claims Vista May Be Less Secure Then XP

Even if UAC is 100% broken, turned off and never used as per Kaspersky’s claim, Vista’s Memory Address Randomization (here, here) will significantly help prevent exploit code. This in itself is an excellent stride forward in securing the memory of the computer from corruption and arbitrary code.

MS Defender, which is installed by default in Vista, is also a solid way to prevent spyware/malware.

Nothing is 100% foolproof, even Microsoft admits that. It’s my opinion that Vista is more secure out of the box, even with UAC turned off, than Windows XP SP2.

2 Comments

  1. mtd Mar 19, 2007 at 8:15 am | Permalink

    Memory Adress Randomisation prevents exploit code? Maybe in your dreams. I used this technique on linux some time ago, but stopped using it.

    We can look at that issue in following way. How much attempts must be done to guess correct address? When I looked at this link:http://blogs.msdn.com/michael_howard/archive/2006/05/26/608315.aspx
    I did not seen more than 8 bits of information required to guess address correctly. So when exploits will add a simple loop over 2^8 addresses, they will pass this ‘protection’ without difficulty.

    It doesn’t see to me as improved security. Seems more like obscure technique, which should only work when not published.

  2. Kenneth F. Belva Mar 19, 2007 at 8:39 am | Permalink

    mtd,

    Thanks for the comment.

    Such a loop would be a lot of banging against the box. Not many exploits have that type of time because either the app or service fail when dealing with memory corruption exploits (as apposed to web app hacks). One would suspect that such a noisy exploit would also be detected. SQL slammer could not exist in a MAR world. Agree?

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*