Comments

# duk said on December 6, 2006 5:24 AM:

ASLR is indipendent by the DEP/NX.

# grovellee said on December 7, 2006 9:21 AM:

they're agreed to *not* enable...  ???

# interesting said on December 7, 2006 11:36 AM:

The double negative had me going for a loop there for a bit.. Once I realized they were enabling DEP it was cool :)

# michael_HOWARD said on December 8, 2006 12:21 AM:

The wording is correct. By default CPUs and the OS support DEP/NX. But OEMs *can* disable it in their BIOS. We asked them not to disable it!!

# Nigel said on December 8, 2006 7:28 AM:

I thought that the Data Execution Prevention tab didn't say anything (at the bottom) when hardware-based DEP was available, but did say "Your computer's processor does not support hardware-based DEP" if it was BIOS-disabledor otherwise not available.

# michael_HOWARD said on December 8, 2006 12:19 PM:

We changed it for the final release of Windows Vista.

# chazz said on December 10, 2006 7:57 AM:

So I guess apps that don't play nicely with DEP will yield messages like "The instruction at "0x77f41d24" referenced memory at "0x00000000." The memory could not be written." from the O/S then? I mean its the programmers that have to write better code right?

# ed said on December 13, 2006 2:58 PM:

According to Joe Wilcox at eweek, the network connection is tempermental? You are online one second and then you lose your network connection. Has this been fixed? You talk about so many things about Vista but the key feature, network stability, seems to be left out. Assumed that it is stable. Check out eweek's podcast.

# calsz said on December 14, 2006 10:40 AM:

This news is false, because ASLR works on every CPU !!!

# michael_HOWARD said on December 16, 2006 1:43 AM:

calsz, this news is correct, DEP is not enabled on all CPUs. This blog post is about how DEP must be enabled for ASLR to be effective

# michael_HOWARD said on December 16, 2006 1:48 AM:

>>According to Joe Wilcox at eweek

>>the network connection is tempermental [sic]

I couldn't find anything about this on the eweek site - can you pls send me the URL?

# Skywing said on December 16, 2006 2:53 AM:

However, third party binaries must still "opt-in" to full ASLR to receive image base randomizations.  Heap and stack address randomizations are globally on by default, however.  Virtually all of the Microsoft binaries that ship with Vista opt in to ASLR for image base addresses, which is absolutely a good thing, but third party software will not (by default) take full advantage of ASLR without being recompiled (technically, it is possible to flip the necessary bit in the PE header with a hex editor or the like, but I wouldn't consider that a general use solution).

Specifically, PE images must be linked with a new linker option that sets a new flag in the PE header which indicates to Vista that the image is ASLR aware and wants to have its base address randomized.  This extra step is required even for images that were built with base relocations, so there is still a necessary call to action for ISVs to relink their binaries with the ASLR-aware flag.  More details at Nynaeve.net: http://www.nynaeve.net/?p=100

# Mike said on December 16, 2006 2:53 AM:

What happen if the CPU does not have DEP/NX

capability? so what happen to the ASLR now. does ASLR still protect me or is this feature turn off?

# Cd-MaN said on December 17, 2006 6:45 AM:

Why do you say that "for ASLR to be effective, DEP/NX must be enabled by default too"? As I understand it, they are completely different and independent features why try to address two key points of exploits: the fact that they usually overwrite data so if we prevent the execution from that portion of memory we prevented some exploits and the other the fact that exploits must call library functions to do their work (and don't have the luxury of waiting for the loader to tell those addresses).

The only point where I can see some relation between the two is the fact that it will be harder to find a JMP ESP instruction with a stable address (which is useful for stack overflow attacks - the kind DEP/NX should prevent)

# michael_HOWARD said on December 17, 2006 12:21 PM:

Cd-MaN, you answered your own question in your last paragraph!

# calsz said on December 18, 2006 12:22 PM:

Howard said: "calsz, this news is correct, DEP is not enabled on all CPUs. This blog post is about how DEP must be enabled for ASLR to be effective"

DEP is NOT ASLR!!!

ASLR works with every CPU also with DEP disabled.

# calsz said on December 18, 2006 12:22 PM:

Howard said: "calsz, this news is correct, DEP is not enabled on all CPUs. This blog post is about how DEP must be enabled for ASLR to be effective"

DEP is NOT ASLR!!!

DEP is NOT a requisite for ASLR!!!

ASLR works with every CPU also with DEP disabled.

# Robert Burke's Weblog said on December 19, 2006 10:51 AM:

[Default] Spotlight on: Visual Studio Team System for Database Professionals Visual Studio 2005 Team

# Eh Canadian said on January 23, 2007 11:39 AM:

Dear Micheal,

I hate to rain on the parade, but I wouldn't trust vendors (especially toshiba) to keep their word on this. Toshiba's support and configuration is poor. They have a track record of being slow and conservative. Try accessing their support website for downloads (i.e. manuals, bios updates, drivers etc.); you'll be lucky to get a 6KB/s download and luckier still if the download doesn't stall. Disabling the NX/DEP is incredibly arrogant and sloppy of these vendors. Crippling a security feature like this is really wrong. BTW I just saw brand new VISTA ready Toshiba laptops and all of them had the NX/DEP disabled (with no option to turn it on in BIOS setup).

New Comments to this post are disabled