Many Popular Windows Apps Ignore Security Options 202
eldavojohn writes "The latest versions of Microsoft Windows have some good security options available — now if only they could get their most popular third-party applications to use them. A report from Secunia takes a look at two such options — DEP and ASLR — and Brian Krebs breaks down who is using them and who is not. A security specialist noted, 'If both DEP and ASLR are correctly deployed, the ease of exploit development decreases significantly. While most Microsoft applications take full advantage of DEP and ASLR, third-party applications have yet to fully adapt to the requirements of the two mechanisms (PDF). If we also consider the increasing number of vulnerabilities discovered in third-party applications, an attacker's choice for targeting a popular third-party application rather than a Microsoft product becomes very understandable.' Among those with neither DEP or ASLR: Apple Quicktime, Foxit Reader, Google Picasa, Java, OpenOffice.org, RealPlayer, and AOL's Winamp. While Flash player can't implement DEP, it does have ASLR. Google Chrome is the only popular third-party application listed with stars across the board."
It's worth noting that several apps highlighted in the Secunia research paper have added support for those security options in recent patches, or are in the process of doing so. Examples include Firefox, VLC, and Foxit Reader.
Adobe's problem (Score:4, Insightful)
Re: (Score:2)
Re: (Score:2)
Neither ASLR nor DEP completely mitigate attacks. A buffer overrun is a buffer overrun, those just make it much harder to exploit - ideally, the chance of success is so low that the attack is impossible for any practical purpose, but pragmatically, there are many creative ways in which a programmer can screw up even further and open the hole wider.
Then, of course, no ASLR will save you if you do downright moronic things, such read untrusted input that is potentially downloaded from the Net and pass it over,
isn't that OSs problem? (Score:2)
Why should this be up to an application at all? You either have a secure install or you don't, if you do, then no application would have the authority to run outside of the rules, if you don't, you have to acknowledge it as a user and force the OS not to bother forcing this.
It's FIRST: User's choice. Second: OS enforcement. Distant third: what an individual application is doing.
So if the user says: Enforce, then all calls to OS routines to allocate memory for example must be rerouted by the OS through th
Re: (Score:2, Interesting)
Just enforce the DEP and ASLR system wide and see what breaks. I personally couldn't imagine doing anything else. Few clicks and that's it.
Re: (Score:3, Informative)
DEP sounds similar to what simcity did back in the dos days, use memory after it had freed it. Funny thing is, microsoft made sure that if windows detected a dos binary named simcity do that, it would allow it. This to maintain backwards-compatibility.
and i suspect this is also why DEP is made optional pr program, as there may have been some lazy code written back in the day thats still in use somewhere.
Re: (Score:2)
[citation needed]
Re: (Score:2)
heh, seems it was the win3.x version, not the dos version, but still:
http://www.joelonsoftware.com/articles/fog0000000054.html [joelonsoftware.com]
Re: (Score:3, Informative)
DEP isn't really similar to that at all. That was a case of misusing a memory manager, which is bad behavior and can cause security holes, but doesn't really count as failing to use a security feature. DEP - Data Execute Protection - does just what it sounds like: it prevents the data (stack and heap) of a program's memory representation from being executed. More specifically, if the instruction pointer tries to move to a page of memory that has the NX (No eXecute) bit set, it throws a hardware interrupt an
Re: (Score:2)
The problem is, a lot of programs - especially those that execute any kind of code, such a JavaScript in Foxit or ActionScript in Flash - use executable code in data pages legitimately, and intentionally call into it. The CPU doesn't know the difference, so those programs get killed too. The OS *can* know the difference - you can set exemptions for specific apps in Windows - but adding such an exemption just turns of DEP for that program entirely.
Any application that doesn't run unless exempted from DEP should be considered seriously broken and require fixing (indeed, this is how it is for MS's own software). Any application that needs writable-executable data pages for whatever reason (JIT etc) should use the appropriate API calls to request OS to change page permissions from writable to executable and back as needed.
Re: (Score:2)
It's already been the user's choice since WinXP SP2. The deal is, 1) you cannot turn it on by default because many apps will break. 2) most users are ignorant, they wouldn't know about the choice, understand the choice, or figure out what to do if stuff doesn't work and how to exclude them if desirable.
http://support.microsoft.com/kb/875352#5 [microsoft.com]
If you are logged on as an administrator, you can manually configure DEP to switch between the OptIn and OptOut policies by using the Data Execution Prevention tab in S
Why can't Flash implement DEP? (Score:2)
Re: (Score:2)
Yeah, and apparently Flash is "DEP-safe", since IE 8 enables DEP and Flash works there (unless IE is only enabling DEP for the main process and not the tab processes).
Re: (Score:3, Informative)
No DEP only prevents execution on memory that is not marked executable. Enabling DEP marks all memory as nonexecutable by default, but you can use the VirtualAlloc [microsoft.com] function in windows to allocate memory that is marked executable. This allows for the implementation of JIT compilers even with DEP turned on.
Re: (Score:2)
you can still use VirtualAlloc() with PAGE_EXECUTE | PAGE_READWRITE as the third parameter, and voila, you have read/write memory that's also executable.
Which is actually a very bad idea in general, for precisely the reasons DEP was introduced in the first place. Really, there's no reason why an app needs a memory page to be both writable and executable at the same time. A typical JIT generates the code once and executes it after; more advanced ones (e.g. JVM HotSpot) can periodically re-JIT stuff, but they don't do it all that often.
Consequently, the proper technique is: use VirtualAlloc with PAGE_READWRITE only, write whatever you want there, then use Vir
"app" (Score:3, Insightful)
Can we please stop calling everything "apps" and go back to programs. App is getting to be as annoying as blog.
Re:"app" (Score:5, Funny)
Re: (Score:3, Interesting)
"App" has been short for "application" for a long time. I'm more annoyed by people who think it's specific to the iPhone (an intranet blog at work not long ago claimed (with no iContext, it was about the progress of technology rather than anything directly Apple-related) that the "first app" appeared in 2008).
Re: (Score:2)
In my understanding, "application" means a piece of software with which users interact directly. "Program" means a piece of software in general, even kernels and libraries are programs. As "program" comes from a broader meaning (a set of contents/instructions, a plan) it is not limited to user interaction.
Nevertheless, I keep using the word "program" for applications. Probably because, back in the days of Basic et al, we talked about writing "programs", and "application" was a later term I associate with
Re: (Score:2)
To me, apps are modules of code you find on smartphones. Applets are Java based pieces of code. Applications are executables made for a general purpose computer like a Windows machine, Mac, or pSeries. Programs are a catch-all, but I tend to use the word programs for code written on a full computer OS, as opposed to a smartphone.
Comes from NeXT and OS X (Score:2)
You probably know but, for people not using actual OS X or never used NeXT OS, the extension of application on OS X is ".app", of course it has nothing to do with the .exe format, it is a self contained directory "acting like" single application file.
WindowMaker (GNUStep) dock applets are called .app too
More interestingly, Symbian calls them ".app" (e.g. Opera.app) internally too. J2ME applications? Called .fakeapp :) If I was a J2ME developer to target Symbian devices, that would really make me think twice
"decreases significantly"? (Score:3, Interesting)
I guess it's a matter of perspective...
Insomnia Sec's SyScan presentation on defeating DEP [insomniasec.com] [PPT warning]
Google cache HTML-ified alternative to the PPT [googleusercontent.com]
It may well be that DEP's useful days are numbered. It's likely just a matter of time before these techniques are better researched, more widely understood and commonplace.
As always, the best defense is in depth, responsible disclosure, and patching, patching, patching.
Re: (Score:3, Informative)
or hired guns pulling black ops missions on the people writing the malware.
Re: (Score:2)
Defeating DEP in and of itself is trivial. That's what ASLR is for. It's still technically possible to exploit an application that uses both, but it's much, much harder, and generally speaking you can't get a guarantee of success like you can with a return-to-shellcode or return-to-libc attack - the first of which DEP prevents and the second of which ASLR prevents.
DEP yes, ASLR no (Score:4, Interesting)
Data execution prevention is a no-brainer. Unix has had that since the 1970s.
ASLR, though, is iffy. Randomizing the position of code in memory is a form of security through obscurity. If there's a bug that's exploitable with ASLR, it's a bug that can crash the program without it. It also makes debugging harder. No two crash dumps for the same bug are the same. Not even close.
What's more useful is running applications with very limited privileges. If the browser's renderer can't do much except render the single page it's supposed to be rendering, then corruption within it isn't a big deal. Firefox's approach to running plugins in a separate process is a big step forward, and the more jail-like that process becomes, the better. You really need a mandatory security model like SELinux to make this work, and Windows doesn't have that.
ASLR possibly degrades performance? (Score:3, Interesting)
Re:ASLR possibly degrades performance? (Score:4, Informative)
None - ASLR affects the initial base location where various program sections are placed, so code & data locality remains the same relative to each other.
Re: (Score:3, Insightful)
None, really. ASLR doesn't mean that every single instruction winds up somewhere random, it just means that when loading a file of executable code - either a program or a library - it places the in-memory representation at a random address. This means you can't, for example, do a return-to-libC attack by simply figuring out the address that your target platform places its C runtime at; it will instead be different on every system and every day. However, within any given binary, the relative locations of ins
Re:DEP yes, ASLR no (Score:4, Interesting)
The point of ASLR isn't to provide absolute security, it's to provide an additional layer of security to make it harder to produce meaningful exploits from vulnerabilities.
Re: (Score:3, Informative)
You really need a mandatory security model like SELinux to make this work, and Windows doesn't have that.
Oh? Since Vista, Windows can run executables in "low integrity mode". When a low integrity mode process is started, the security token of the process (which is inherited from the user) is stripped of all admin privileges, stripped of write access to anywhere but a designed cache area and barred from making changes to the registry.
Basically, Windows allows a user account to be sub-divided based on the activity the account is used for. If it is a potentially internet faced activity the app should use low-inte
Re: (Score:2)
for an app such as IE (or Chrome) to allow files to be downloaded, a separate "helper" or "broker" process must be used. [...] a lower integrity process *can not* send messages to a higher privileged process.
Then how does IE tell its "broker" what to do?
Re: (Score:2)
http://msdn.microsoft.com/en-us/library/Bb250462 [microsoft.com]
Re: (Score:2)
Agreed, seems like security theatre to me. ASLR makes legitimate debugging a pain, and what's the benefit? It's the computing equivalent of airport security.
Furthermore, DEP sounds good, but my eyes were opened recently to return-oriented programming, which allows arbitrary exploits to run without ever modifying any executable code. And ASLR/DEP are useless when the exploits run as managed code anyway: a common attack vector ever since the first MS Word macro viruses.
Re: (Score:2)
ASLR, though, is iffy. Randomizing the position of code in memory is a form of security through obscurity.
Yes, and guess what? Security through obscurity works, too. It's not foolproof, for sure, but it can make it much harder to break something. Especially - as is the case with ASLR - the "obscured" bits change every time.
The direct analogy would be passwords - they are themselves a classic example of security through obscurity (indeed, the security of the password-protected system hinges on only trusted person/people knowing the password, and no-one else), and the more often you change them, the more secure y
Re: (Score:3, Insightful)
1. You can't run self-decrypting programs.
2. You can't alter instructions at runtime to fool debuggers.
3. You can't place keys in executable code sections at runtime, making it much easier for someone to stop your program and dump the keys out of the memory image.
DEP actually makes attacks against cryptographic software *easier* to implement.
How oft
Microsoft also mentioned memory protection (Score:4, Funny)
Re: (Score:2)
Re: (Score:2)
Do you mean, were Microsoft's bad decisions meant to be funny, or did you mean, was the executive summary of Microsoft's bad decisions highlighted at an opportune time with ironic phrasing meant to be funny?
I can't RTFA (Score:3, Funny)
because Its PDF and I don't know if my Adobe reader has DEP so I'm afraid I'll get hacked..... /s
Java? (Score:3, Interesting)
I'd be a bit surprised if Java could take advantage of either of these mechanisms due to the nature of the dynamic compiler and class-loading, without major, major problems. MS probably had to build special mechanisms into the CLR runtime for it to work in .NET.
On the other hand, Java has a reputation of being a pretty bulletproof platform in terms of the exploits that these two mechanisms are designed to protect against.
Re: (Score:2)
I'd be a bit surprised if Java could take advantage of either of these mechanisms due to the nature of the dynamic compiler and class-loading, without major, major problems.
It is entirely possible to take advantage of these counter-measures. I believe that Java on BSD does something like copying memory around to support the NX bit and still allow the running process to write new code. The restriction that is enforced is that a memory block cannot be *both* executable *and* writable. It is perfectly ok to write memory and then switch it to executable code.
MS probably had to build special mechanisms into the CLR runtime for it to work in .NET.
No, they just designed .NET to always execute fully compiled. Unlike Java, .NETs "intermediate code" was never intended to b
Re: (Score:3, Informative)
No, they just designed .NET to always execute fully compiled. Unlike Java, .NETs "intermediate code" was never intended to be interpreted at runtime. Instead .NET JITs an assembly (dll) before executing. .NET even supports creating assemblies dynamically (no hacks) through Reflection.Emit (no need to save to files and do bytecode manipulation). A dynamic assembly is still compiled fully to machine instructions before execution begins.
I was just reading the .NET 4 help file on this this week, and the JIT compiler is invoked on a per-method basis. The virtual function table is used to substitute the compiled methods for the original bytecode.
One difference between .NET and Java is that .NET invokes the JIT on the "first call", whereas Java still prefers to run code using emulation until a method has been called a certain number of times, after which the JIT is invoked. You're almost right: .NET never executes anything other than compiled
Re: (Score:2, Informative)
You simply have to ask for memory that doesn't have the NX bit set when requesting a memory allocation.
Translation: You don't call malloc(), you use VirtualAlloc with the right flags. Then you get a block of memory back that can be executed.
Either way, with interpreted languages, there is no requirement to be able to directly execute the memory. The interpreter is the executing code, reading and basing its execution path based on what the 'compiled' java byte code looks like. Java doesn't compile to nat
Kernel, not apps (Score:2, Interesting)
DEP should be handled by the operating system, not the apps. This is the philosphy which has made Windows such a mess over the years.
Two words: JIT recompiler (Score:2)
DEP should be handled by the operating system, not the apps.
Some applications still need to be aware of the operating system's DEP facility. (See discussion above [slashdot.org] for why.)
Re: (Score:3, Informative)
First of all, DEP is technically a kernel feature, or at least parts of it require kernel support. MS even wrote a completely software-based feature that tries to implement DEP on systems without the NX bit (it's not perfect, but it helps a bit).
Windows has 4 settings for DEP enforcement:
* Turn it all off (generally not used, unless you have a misbehaving driver). This option is only available if you know where to look; it's not in the UI
* Turn it on if a program opts in (most MS software do
How Can Google Chrome Be Considered "Safe"... (Score:2, Interesting)
Re:How Can Google Chrome Be Considered "Safe"... (Score:4, Informative)
There's nothing wrong with installing a program in the Application directory; it's pretty much the norm on Windows for per-user installations. Think of it as equivalent to ~/bin on Unix systems. Of course that doesn't fit in well for enterprise environments, but Google does provide a pack installer for managed systems, [google.com] which installs under "Program Files" and lets you disable auto-updates. And while the current version of Chrome is lacking other enterprise features, the next version will have full support for GPO configuration, Admin templates, and all the other things you'd expect in an enterprise.
As for your absurd claim that per-user installations are somehow a security vulnerability, you're going to have to provide something to back that up. Because I've spent about 15 years in the information security field I can't even get close to a rationale for that one.
Re: (Score:3, Insightful)
Why doesn't Windows enforce it's security?
Because they write the OS and do not dictate what you can run on your box?
Or do you want your windows apps to only come from Windows Application Store?
Re:Wait a minute (Score:5, Informative)
There is a balance between a walled garden and complete anarchy. Right now, Windows programs are such a poor quality level because they can get away with it. It is SOP in the Windows arena to ship alpha or beta code, call it a release, then fix it after launch, if ever. Most of the time, bugs end up given a "FNR", or fixed in next release status.
When Vista came out that added UAC for basic security, and the screaming of app developers whining about not being able to have all their code have Administrator privs by default, was unbelievable. In that time, Apple changed architectures and even though there was a tad of griping, it was not this hand-wringing that was observed from the Windows camp. Similar when something changes under Linux that forces program developers to change course. Similar with drivers in Vista. I know of more than one company which shipped broken drivers deliberately and pointed the finger at Microsoft when things crashed, as opposed to actually writing production quality code.
I'd like to see a compromise between the two extremes: First, applications that manage to pass a code quality review get a certificate. Second, have a rule that Authenticode-signed programs adhere to some code quality guidelines. Failure to do so gets the cert revoked. This way, programs install as normally. Finally, Other programs that don't do either of these wind up in a virtual machine, completely isolated from the main OS and the app windows they put up are clearly marked as coming from an untrusted application, similar to untrusted applets in Java's sandbox.
Microsoft has to both address being able to handle legacy code, and be able to keep a hand on lazy developers who will do the absolute minimum it takes to ship, even if means ignoring every security guideline out there. This is what virtualization is for -- Allow well behaved apps, and companies who agreed to code quality standards to install on the OS, while the legacy stuff can go play at the kiddie table in an encapsulated VM. Of course, if someone wants to drop a self signed cert in for their code as they are developing it, or a company wants to write code in-house and wants their CA to be trusted for code revisions, they can feel free to do so.
Authenticode for free software? (Score:4, Insightful)
[Programs not signed by a commercial code review agency] wind up in a virtual machine, completely isolated from the main OS and the app windows they put up are clearly marked as coming from an untrusted application, similar to untrusted applets in Java's sandbox.
Then any program that doesn't have a commercial entity behind it would have to run in the sandbox. For example, a lot of free software [wikipedia.org] for Windows lacks Authenticode signatures because many individuals who maintain free software in their spare time don't want to incorporate ($100 or more depending on state) in order to become eligible for an Authenticode certificate and then keep the certificate up to date ($179.95/year [instantssl.com]).
Apple doesn't just make Mac OS X (Score:4, Insightful)
Apple doesn't allow unsigned programs to run at all.
Since when has Mac OS X Snow Leopard blocked the use of unsigned or self-signed software on the Mac?
Popular open-source projects that would like a certificate can petition their users for donations
If a program has to be signed to be useful, such as if it has to be signed just to be able to open the documents that the user chooses, then how can the program become popular in the first place?
Re: (Score:2, Insightful)
Well, they could remove the ability to opt out of DEP for an application, then the apps would have to adapt or stop working.
It's backwards compatibility features that are being used, and conspire with current developers to hose new Windows security measures.
Re: (Score:2)
See their Trusted Platform Modules (TPM), DRM and HDCP divisions and reconsider our imaginary "freedom to run what we want" a double standard.
None of those do anything unless the application and/or user tells them to.
From Vista on a clause in every Windows EULA gives MS the right to delete executables and files from YOUR computer should they choose to do so (does XP also have this?)
Please quote the relevant section of the EULA.
Re: (Score:2)
"6. POTENTIALLY UNWANTED SOFTWARE. If turned on, Windows Defender will search your computer for “spyware,” “adware” and other potentially unwanted software. If it finds potentially unwanted software, the
Re: (Score:2)
Re:Wait a minute (Score:4, Informative)
Because third-party developers can write whatever code they want to.
There is a registry setting that forcibly enables ASLR for all executables.
Re:Wait a minute (Score:4, Informative)
Also, the DEP setting is opt-in on workstation SKUs (your app has to say that it wants it) -- for compatibility, and opt-out for server SKUs (your app has to say that it doesn't want it) -- for security.
Re: (Score:2)
Re: (Score:2)
Er, "Professional" (XP) and "Ultimate" (Vista, 7) let you pick: Opt-In, Opt-Out, Force-On, Off.
Re: (Score:2)
Yeh, I have no idea what the GP was on about.
Also, don't use the term SKU unless you're trying to restock your warehouse... makes you look like a fool.
Re: (Score:2)
its a term from the retail world
each different version of Windows has a different SKU (hint its the UPC barcode or mapped to same)
so for each combo of 32/74 bit Home/Business/Ultimate and Upgrade or Full Install there is a different SKU
Re: (Score:2)
There is a registry setting that forcibly enables ASLR for all executables.
You don't even have to go to the registry for it, though it really is tucked away in a corner that's only missing the "beware of the leopard" sign.
(assuming Vista/7) Control Panel -> System and Security -> System ->Advanced system settings -> Advanced tab -> Performance Settings -> Data Execution Prevention.
The default is it being turned on for all stock Windows applications, and (while it doesn't clearly say so) for anything that opts in. As I understand, it is largely due to the sheer am
Re: (Score:3, Informative)
Because enforcing that every application use these would mean certain sorts of applications couldn't be written (or at least not as easily).
DEP is data execution prevention. It marks certain areas of address space as being "data only", so the processor won't execute them. While this is generally a good idea, as it prevents a hacker from constructing a NOP sled and then using an access violation bug somewhere to execute code they've stuck in memory, it also has the side effect of making self-modifying code m
Re: (Score:2, Insightful)
Re:Wait a minute (Score:5, Informative)
> I know that under FreeBSD and Linux applications are expected to run with the provided resources unless they're specifically run as root or similar.
DEP and ASLR are all about making it harder for stuff like say Mozilla to be pwned. Not really about resources.
You can force DEP to be on for everything on Windows: http://support.microsoft.com/kb/875352#5 [microsoft.com]
But if your favourite app crashes badly, hope you know how to exclude it.
The trouble is if Mozilla is pwned, and runs "arbitrary code of the attacker's choice", that code can do anything that user account can do, and access anything that user account can access. This is true for FreeBSD, Linux and Windows.
Just because I run a browser doesn't mean I want to allow it full access to whatever my account can access/do.
Windows Vista and Windows 7 actually sandbox IE, so in fact Windows is one up on most major Linux distros in that respect.
I've seen the default apparmor template for firefox on ubuntu. 1) It's not enabled by default, and 2) Even if you enable it, it doesn't really help if you want security, you have to modify the template if you want to protect all your nonbrowser-related files from a pwned browser instance.
Re: (Score:2)
Sandboxing helps, but Windows has to do it, because it's just way too easy for viruses to install crap to the boot sector.
Re: (Score:2)
Actually, it's not (and hasn't been for years). Opening a drive's boot sector (or loading kernel drivers) requires administrative privileges, and starting with Vista the default configuration is that your apps don't *have* admin privileges (I configured XP this way too, but it didn't have a nice mechanism like UAC or sudo for those times when Admin is needed - runas is a pain by comparison). NT has a very powerful security model... it's just that most users say "Give me and everything I run full permissions
Re: (Score:2)
This is more like SELinux than about resource restriction. UAC does it's best to ensure that even admin users(nothing wrong with them for single user pcs) have to explicitly grant privilege escalation(admin is more like wheel now), and in 7 it's actually tolerable to leave it on.
Unfortunately most desktop apps don't conform to those kind of rules in windows any more than they do in Linux so it doesn't enforce by default any more than selinux is generally enabled by default.
Re: (Score:2)
Re: (Score:2)
Any moron writing an application to run [by recompiling code and then executing it] is a moron.
The publishers of VMware, VirtualBox, Virtual PC, Java, and .NET would take issue with your characterizing their developers as morons.
Re: (Score:3, Insightful)
Some would argue that programming this way is broken to begin with...
True, some work for Apple (Score:3, Interesting)
Re: (Score:2)
Managed execution environments, such as .NET and Java, usually recompile each method as it is executed for the first time. In a DEP environment, the JIT recompiler needs a way to tell the OS to flip parts of memory between data and executable.
The flags [microsoft.com] to request the newly allocated memory block to be executable have been there since WinNT 3.1.
So if "some" argue that managed code is broken by design, I'd guess "some" work for Apple's iOS division, the only company I can think of that has explicitly banned managed code.
Not really, JS is also managed code, and Apple's implementation is even a JIT.
Re: (Score:3, Informative)
The kernel did enforce the flags as best as it could. But the processor didn't allow you to have a writable page without the X bit until the 64bit extensions for x86 were designed by AMD [wikipedia.org]. Once processors were available that supported the NX bit (some time around 2004), the OS was modified to support it.
The scandal is that its' been 6 years since that time and apps still haven't caught up with the change.
Re: (Score:2)
Some would argue that programming this way is broken to begin with...
That's big in CompSci circles and it's infected a great deal of programmers.
However, COMPUTED GOSUB/GOTO/PERFORM are stunningly useful and are just another term for arrays of function pointers.
Re: (Score:2)
Because enforcing that every application use these would mean certain sorts of applications couldn't be written (or at least not as easily).
Unless setting "Turn on DEP for all programs and services except those I select" doesn't do what it says (i.e., a program can still "opt-out" in code), then there are very few apps that have a problem with DEP.
I have this set on dozens of machines (both server and desktop), and have had to make exceptions for less than 5 programs, with the only really annoying one being the driver installer for a TV tuner card (since I think that means that any program named "SETUP.EXE" would be exempted). After I ran the
Re: (Score:2)
I know I'd hate to have to debug an app on an OS that randomized the memory addresses each time I ran my code. Much better to be able to enable this sort of thing in the release builds.
But then, you'd probably never knew there was an access violation to begin with. You'd notice something odd once and perhaps only once, without any way to reproduce it.
There's always going to be bugs, and they must be fixed. The OS enforcing this on all apps would make this nearly impossible.
Re: (Score:2)
> I know I'd hate to have to debug an app on an OS that randomized the memory
> addresses each time I ran my code. Much better to be able to enable this
> sort of thing in the release builds.
You can turn randomization off on your development machine when you need to. You still should write code that will run with it on as it should be on production machines.
Re: (Score:2)
How would you write a JIT without the ability to turn off DEP on certain pages of memory?
The JIT engine would have to tell the operating system to mark a given range as writable, write, mark the range as executable, and finally execute. Opting in to DEP is an application's way of telling the OS that it is aware of these newly introduced DEP syscalls.
Re: (Score:2)
Re: (Score:2)
They existed from the beginning of Win32, they just didn't do anything until DEP was introduced.
Then how were developers supposed to test their programs against an implementation that didn't do anything?
Re: (Score:2, Insightful)
Because then 90% of old Windows apps won't run and since people only buy Windows to run Windows apps, they get pissed off.
It's bad enough with 64-bit Windows 7 where many games require hacks and workarounds or simply won't run at all in the case of old 16-bit games. I only use Windows on my laptop for games and video editing and given the incompatibility issues I'm not sure it's even worth bothering; the average older game seems about as likely to run in Wine as Windows.
Microsoft are screwed because they've
Re: (Score:2)
It's bad enough with 64-bit Windows 7 where many games require hacks and workarounds or simply won't run at all in the case of old 16-bit games.
Old 16-bit games run just fine in Windows 7 through the appropriate emulator, such as DOSBox or Snes9x. Or what am I missing?
Re: (Score:2)
16-bit Windows apps generally won't work in DOSBox, in my experience. In any case, emulating another OS on top of your current OS does not actually mean that your software will run on your current OS. It's annoying, but the simple truth is that due to the design of the processor, you can not natively run 16-bit software on 64-bit Windows.
Windows 3.1 in DOSBox (Score:2)
16-bit Windows apps generally won't work in DOSBox, in my experience.
Someone else's experience [zetafleet.com] says Windows 3.1 works in DOSBox. From when is your experience?
In any case, emulating another OS on top of your current OS does not actually mean that your software will run on your current OS.
Mac OS X on PowerPC paravirtualized Mac OS 9 to run Mac OS 9 apps. Microsoft appears to be doing something similar with "XP Mode" in Windows 7 Professional.
you can not natively run 16-bit software on 64-bit Windows.
I was only pointing out that 0123456 didn't say natively.
Re: (Score:2)
I was only pointing out that 0123456 didn't say natively.
I rather thought that was implied; otherwise you might as well have said that Windows 7 runs PS2 games, because it can do in an emulator.
Though I'd accept merely running them playably, which no emulator/virtual machine I've tried so far can do with Carmageddon. Either the graphics are corrupt or it's too slow to play.
Re: (Score:2)
> Why doesn't Windows enforce it's security?
Because the high-end part of the PC market has been all Mac for many years now, well over 90%, leaving Windows as just a low-end commodity system where nobody pays for software so it has to run stuff that's 10 years old. Because there is no incentive for the authors of Java or QuickTime to fix Microsoft's problems for them. Most Windows users are still on XP and don't even have these features.
Re: (Score:2)
Linux doesn't enforce DEP or ASLR, either. OS X doesn't even support real ASLR.
You're blatantly wrong here, and your attitude toward the parent poster speaks poorly of your character.
Re:Multi-Platform Programs (Score:4, Informative)
No, for most applications it wouldn't have much impact on the code base to implement these changes, especially compared to the other changes in GUI, Networking, IPC, and other system libraries that they already have to maintain.
The two features are both about preventing memory access errors from turning into exploits. The only apps that need to be changed before enabling DEP are ones that do some sort of JIT compilation of code into data memory and then execute it - and even these apps can enable DEP if they allocate memory for this compiled code using a windows specific api that marks it a executable. The only apps that will run into problems with ASLR are those that hardcode memory locations. No one should be doing this and a cross-platform app definitely won't be.
So it isn't a big deal for cross-platform applications, they probably just haven't spent the time to investigate all the ins and outs of MS's features, since they aren't native to that platform. I know I haven't on my in-house applications; I probably should.
Re: (Score:2)
Also I should add that Linux, OS X, and other operating systems have these same features under different names, so any work required to clean up the code to meet the standards required to enable them would be beneficial to all the platforms. Only a small amount of platform specific code would be needed to enable the features on each platform.
Re: (Score:2)
So, basically run your own malloc function that, in turn, detects the OS and uses the required API?
If it's that simple, why hasn't it been done yet? Yeesh. I hope it's that simple and yet I hope it isn't (because if it is, that means lazy coders are involved)
Re: (Score:2)
but yes, whats wrong with a #ifdef and a configure script?
Re: (Score:2)
So, basically run your own malloc function that, in turn, detects the OS and uses the required API?
Even simpler. Since we're talking about native code here, you have to compile it separately on different platforms - and, on each, you compile it against the version of the library that wraps the native OS API. So there's no "detection" to speak of, it's just a thin wrapper (and if you do link-time optimizations, it may even be stripped out completely by the compiler in the output binary).
If it's that simple, why hasn't it been done yet?
It has been done. Thing is, most applications which are written as cross-platform to begin with usually don't have any p
Re:Multi-Platform Programs (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Hell, most of them completely ignore even the basics of User Permission Management. "Do you want to use our software? run it as Administrator!".
What was IMO even worse was that feature has existed since NT 3.1!
Source is the same, OS is the issue (Score:2)
On OS X, VLC is the king of all download sites. No matter what kind of a person it is, he/she automatically installs VLC after first fresh OS X install.
There has been NO reports of VLC failing under normal user (non admin) on OS X. Same goes for other mentioned apps, including Real PLayer and even games.
As there is no separate VLC source for both platforms (and Linux), it must be something with underlying OS mechanisms, even the UI or the architecture causing problems under normal user/uac.
In fact, it may h
Massively multiplatform apps (Score:2)
Apple Quicktime is Windows/Mac, shares a lot of same code between clients. VLC? Insanely multiplatform and multi CPU, Real Player is almost like Firefox , the pack the open source Helix Player for different target platforms. OS X/Linux Real Players are said to differ a little from the raw material while on Windows, you know the story.
For Opera, things go really interesting. Opera Core is actually a single, amazingly portable pure C. UI is tailored for different operating systems and their needs and no need