Michael Howard's Web Log

ASLR is indipendent by the DEP/NX.

they're agreed to *not* enable...  ???

The double negative had me going for a loop there for a bit.. Once I realized they were enabling DEP it was cool :)

I thought that the Data Execution Prevention tab didn't say anything (at the bottom) when hardware-based DEP was available, but did say "Your computer's processor does not support hardware-based DEP" if it was BIOS-disabledor otherwise not available.

So I guess apps that don't play nicely with DEP will yield messages like "The instruction at "0x77f41d24" referenced memory at "0x00000000." The memory could not be written." from the O/S then? I mean its the programmers that have to write better code right?

According to Joe Wilcox at eweek, the network connection is tempermental? You are online one second and then you lose your network connection. Has this been fixed? You talk about so many things about Vista but the key feature, network stability, seems to be left out. Assumed that it is stable. Check out eweek's podcast.

This news is false, because ASLR works on every CPU !!!

However, third party binaries must still "opt-in" to full ASLR to receive image base randomizations.  Heap and stack address randomizations are globally on by default, however.  Virtually all of the Microsoft binaries that ship with Vista opt in to ASLR for image base addresses, which is absolutely a good thing, but third party software will not (by default) take full advantage of ASLR without being recompiled (technically, it is possible to flip the necessary bit in the PE header with a hex editor or the like, but I wouldn't consider that a general use solution).

Specifically, PE images must be linked with a new linker option that sets a new flag in the PE header which indicates to Vista that the image is ASLR aware and wants to have its base address randomized.  This extra step is required even for images that were built with base relocations, so there is still a necessary call to action for ISVs to relink their binaries with the ASLR-aware flag.  More details at Nynaeve.net: http://www.nynaeve.net/?p=100

What happen if the CPU does not have DEP/NX

capability? so what happen to the ASLR now. does ASLR still protect me or is this feature turn off?

Why do you say that "for ASLR to be effective, DEP/NX must be enabled by default too"? As I understand it, they are completely different and independent features why try to address two key points of exploits: the fact that they usually overwrite data so if we prevent the execution from that portion of memory we prevented some exploits and the other the fact that exploits must call library functions to do their work (and don't have the luxury of waiting for the loader to tell those addresses).

The only point where I can see some relation between the two is the fact that it will be harder to find a JMP ESP instruction with a stable address (which is useful for stack overflow attacks - the kind DEP/NX should prevent)

Howard said: "calsz, this news is correct, DEP is not enabled on all CPUs. This blog post is about how DEP must be enabled for ASLR to be effective"

DEP is NOT ASLR!!!

ASLR works with every CPU also with DEP disabled.

Howard said: "calsz, this news is correct, DEP is not enabled on all CPUs. This blog post is about how DEP must be enabled for ASLR to be effective"

DEP is NOT ASLR!!!

DEP is NOT a requisite for ASLR!!!

ASLR works with every CPU also with DEP disabled.

[Default] Spotlight on: Visual Studio Team System for Database Professionals Visual Studio 2005 Team

Dear Micheal,

I hate to rain on the parade, but I wouldn't trust vendors (especially toshiba) to keep their word on this. Toshiba's support and configuration is poor. They have a track record of being slow and conservative. Try accessing their support website for downloads (i.e. manuals, bios updates, drivers etc.); you'll be lucky to get a 6KB/s download and luckier still if the download doesn't stall. Disabling the NX/DEP is incredibly arrogant and sloppy of these vendors. Crippling a security feature like this is really wrong. BTW I just saw brand new VISTA ready Toshiba laptops and all of them had the NX/DEP disabled (with no option to turn it on in BIOS setup).