Shipping with Vista Beta 2, there is a new security feature called Address Space Layout Randomization (a.k.a ASLR); other than being a mouthful, this helps defend against buffer overrun exploits. It does this by moving the entry points into the system dll’s around randomly in memory. Its all about odd, and there are 256 locations it can be loaded in, or in other words there is a 1/256 chance of getting the address correct. This will help make the attacks such as return-to-libc (which start with a buffer overflow) harder. This of course is not a replacement for writing poor code or fixing the actual overruns found, but it would certainly go a long way in reducing automated attacks that use this exploit.
There are some other new things that help make this more secure. VC++ features the new generation of /GS (which adds runtime buffer overflow detection) and /SafeSEH (which enables the OS to kill a process wherein a raised ex handler’s address does not match with a list in the PE’s header) switches. There is also function pointer obfuscation, especially handy for the long lived pointers, where the pointers are decoded just before it is needed.
While I think this certainly is a step in the right direction, it is of course not perfect and I said earlier it does not fix the problem of buggy code. It is important to point out the four areas this does not address – Information leaks, partial address overwrites, brute force and non-relocated executables (such as EXE’s). There are people working on these and there might be some solutions or workarounds that are implemented, but nevertheless this is all an interesting step. Not to mention, Windows finally also catches up on Linux features on this. 🙂
If you want more details check out the following: