Improved C Security


Improved C++ Security

Even the software used to write Windows Vista has an increased focus on security. Most of Windows Vista is written in C++ and built with a version of the compiler in the Microsoft Software Developer Kit (SDK). Visual C++, a component of Visual Studio 2005, contains many of these same security enhancements, increasing the number of security protections available to developers. All Windows code is compiled with the /GS switch by default, which prevents many stack-based buffer overflows from being successful. It inserts a sacrificial canary value into the execution space (before the return address of the function entry, if you want the technical details) and in some other strategic places. Using the /GS flag to protect more than the return function is a new feature in the compiler used for Windows Vista and in Visual C++ 2005. Many types of buffer overflows, by their very nature, cannot avoid overwriting the canary value, which allows Windows to detect the error condition and halt the affected program.

Significantly more effort is focused on preventing attackers from using legitimate code against itself. Programming functions particularly prone to problems, such as strcpy, strncpy, and so on, have been deprecated and all code in Windows Vista was required to replace them with less vulnerable substitutes. You can find a complete list of banned functions and APIs, and their replacements at http://www.msdn2.microsoft.com/en-us/library/bb288454.aspx.

Malware will often purposefully trigger exceptions and flow the program execution into a malicious exception handling routine. All Windows code has been compiled with the Safe Exception Handling switch (/SafeSEH), which hard codes approved exception addresses into the compiled Windows executable header.



Windows Vista Security. Securing Vista Against Malicious Attacks
Windows Vista Security. Securing Vista Against Malicious Attacks
ISBN: 470101555
EAN: N/A
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net