Windows 7 Architectural and Internal Security Improvements - Data Execution Prevention

One of the most commonly used techniques for exploiting vulnerabilities in software is the buffer overflow attack. A buffer overflow occurs when an application attempts to store too much data in a buffer, and memory not allocated to the buffer is overwritten. An attacker might be able to intentionally induce a buffer overflow by entering more data than the application expects. A particularly crafty attacker can even enter data that instructs the operating system to run the attacker’s malicious code with the application’s privileges. One well-known buffer overflow exploit is the CodeRed worm, which exploited a vulnerability in an Index Server Internet Server Application Programming Interface (ISAPI) application shipped as part of an earlier version of Microsoft Internet Information Services (IIS) to run malicious software. The impact of the CodeRed worm was tremendous, and it could have been prevented by the presence of Data Execution Prevention (DEP).

DEP marks sections of memory as containing either data or application code. The operating system will not run code contained in memory marked for data. User input—and data received across a network—should always be stored as data and is therefore not eligible to run as an application.

The 32-bit versions of Windows Vista and Windows 7 include a software implementation of DEP that can prevent memory not marked for execution from running. The 64-bit versions of Windows Vista and Windows 7 work with the 64-bit processor’s built-in DEP capabilities to enforce this security at the hardware layer, where it is very difficult for an attacker to circumvent it. DEP provides an important layer of security for protection from malicious software. However, it must be used alongside other technologies, such as Windows Defender, to provide sufficient protection to meet business requirements.

DEP is enabled by default in both 32- and 64-bit versions of Windows Vista and Windows 7. By default, DEP protects only essential Windows programs and services to provide optimal compatibility. For additional security, you can protect all programs and services.

Source of Information : Windows 7 Resource Kit 2009 Microsoft Press

No comments:

Incremental-only backup

The incremental-only approach to backup makes a single full backup copy and thereafter makes incremental backup copies to capture newly writ...