by: Gregg Keizer
January 31, 2008 (Computerworld) Microsoft Corp. has added new security-related APIs to upcoming service packs for Windows Vista and XP to expand the use of the anti-exploit technology dubbed Data Execution Prevention (DEP).
The new APIs will be included with Vista Service Pack 1, Windows XP Service Pack 3 and the brand-new Windows 2008 when those operating systems ship this quarter and next, said Michael Howard, a principal security program manager in Microsoft's security engineering and communications group.
According to Howard -- one of Microsoft's resident security gurus, who is probably best known for co-authoring Writing Secure Code -- the new APIs will allow more developers, particularly those still using older versions of ATL (Active Template Library), to call DEP in their apps.
DEP, which also goes by NX -- for No eXecute -- was introduced by Microsoft in Windows XP SP2 and expanded in Vista and Server 2008. It's designed to stop some kinds of exploits -- buffer overflow attacks, primarily -- by blocking code from executing in memory that's supposed to contain only data.
The new APIs can be used by developers working with the older ATL to enable DEP at runtime, or when the application actually launches. Previously, those programmers were forced to decide ahead of time whether their software would try to protect itself using DEP.
Subscribe to:
Post Comments (Atom)
0 comments
Post a Comment