Last Friday I wrote about a presentation on a new hack attack that was claimed to make Vista’s security improvements all but useless. A lot of tech related websites ran the story as though it were the apocalypse for Windows as an OS, but the folks ovet at ArsTechnica.com say things aren’t quite as bad as they might seem:
The work done by Dowd and Sotirov focuses on making buffer overflows that were previously not exploitable on Vista exploitable. These are buffer overflows that would be exploitable on Windows XP anyway; after all, there’s no need to defeat ASLR if an OS does not have ASLR at all. Furthermore, these attacks are specifically on the buffer overflow protections; they do not circumvent the IE Protected Mode sandbox, nor Vista’s (in)famous UAC restrictions. DEP, ASLR, and the other mitigation features in Vista are unlikely to ever be unbreakable, especially in an application like a web browser that can run both scripts and plugins of an attacker’s choosing. Rather, their purpose is to make exploitation more difficult. Microsoft has a solution for those wanting to make it impossible—use .NET. These protections are there for when that’s not an option, to reduce—but not eliminate—the vulnerability caused by such programming errors. Even with DEP and ASLR, the coding errors that result in buffer overflows still ought to be fixed; it is only through fixing the errors that the flaws can truly be eliminated.
Even with the attacks described in the paper, Vista has many worthwhile security improvements compared to XP. Internet Explorer on Vista runs in a highly restricted environment, so that even when it is running malicious code it cannot harm the system. Stories suggesting that Vista’s security is now irredeemably broken are far off the mark; the truth is merely that some of its automatic security protection is less effective than it was before.
They even have a few suggestions on how Microsoft may be able to reduce, if not eliminate, the effectiveness of these new exploits. The whole article is worth a read just for the overview of the security improvements Windows Vista has in place and what the problems are that allow this new attack to succeed. The upshot, however, is that Vista isn’t completely vulnerable to hackers as some sites have suggested.