Posted on 01/31/2005 10:49:07 AM PST by Ernest_at_the_Beach
Positive Technologies, a security firm based in Moscow, reported on Friday that it has uncovered a hole in the Data Execution Protection (DEP) security measures in Microsoft Windows XP Service Pack 2. Microsoft touted the DEP as a key development in the security updates of SP2 before it was released in August of 2004.
DEP is designed to prevent hackers from tricking the operating system into running a program loaded surreptitiously into the computer's memory (usually via buffer overrun). In a report called "Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass," Positive Technologies said that it found two minor flaws in the way Microsoft implemented the technology that could allow a hacker to gain access to an arbitrary region of memory (around one kilobyte). The company alerted Microsoft to the errors on December 22 of last year, but it has also produced a small, temporary utility (called PTmsHORP) to remedy these issues until Microsoft releases a patch.
Check out the Positive Technologies report and CNET for more info
JOSHUA'S OPINION
As time goes on we are seeing that XP Service Pack 2 has just as many issues as any other implementation of Windows. Not surprised? I guess this is old hat by now.
What is interesting here is that the DEP was touted by Microsoft as key to its security upgrades in SP2. Of course, as soon as Microsoft makes such a claim, a bevy of security companies begins looking at ways to break it.
Despite the various problems Windows has and the constant patching and updating that Microsoft has to engage in, I am actually very thankful for the hard work these security companies do in finding these holes and reporting them. In my mind it 1) keeps us from being too dependent upon one software company (Microsoft) and thus is a check on the monopoly that could be gained by that company, and 2) keeps us protected from the malicious programmers out there who would like to find these flaws first.
fyi
Windows SP2 ping
Well, how about that?
What's all the Gates knee-padders to say about open source, when the (supposedly) latest and greatest highly protected source is hacked in short order?
I had to exclude IE from DEP on an SP2 install since it wouldn't allow Explorer to run. Think DEP is smart and killed IE because it's dangerous? :)
ROFL!!
I got SP2 installed and didn't even notice something called DEP! But I quite spending so much time with XP, working the internet with Xandros, feel much safer.
should be
quit
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.