Researcher lauds Windows 8 memory protections

Researcher lauds Windows 8 memory protections

Researcher lauds Windows 8 memory protections

Date: Aug 01, 2012


Michael S. Mimoso, Editorial Director

LAS VEGAS -- Enhanced Windows 8 memory protection features in the upcoming Microsoft OS could help drastically reduce the number of successful memory-based attacks, according to a security researcher who studied operating system improvements.

The protections could help reduce the number of heap-based memory buffer overflow attacks, said Chris Valasek, a senior security scientist at San Francisco-based application development testing firm Coverity Inc. Attacks using the heap memory manager help cybercriminals overwrite important program processes, using overflows to install malware on a victim's system. 

More from Black Hat 2012

For all the news, analysis, commentary and video interviews from Las Vegas, visit SearchSecurity.com's Black Hat 2012 special coverage page.

Valasek said Microsoft has made it much harder for attackers to use the memory manager against itself in an attack. In-line metadata – certain pieces of information that were in predictable locations – were taken out-of-band. Memory allocated with code execution also doesn't always come from a predictable location, Valasek said.

"All the public ways to subvert this memory manager up until Windows 8 were remediated in Windows 8," Valasek said in an interview with SearchSecurity.com. "Microsoft took a long deep look at it and solved most of these problems."

More on Windows Security: Alerts, Updates and Best Practices

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: