Submission + - Third-party MS application dev's ignore security (krebsonsecurity.com)
put_it_down writes: ""Many of the most widely used third-party software applications for Microsoft Windows do not take advantage of two major lines of defense built into the operating system that can help block attacks from hackers and viruses, according to research released today.
Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system's memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) first introduced with Windows XP Service Pack 2 back in 2004 attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they're seeking, the code placed there will not execute or run.""
Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system's memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) first introduced with Windows XP Service Pack 2 back in 2004 attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they're seeking, the code placed there will not execute or run.""
