Popular applications do not use Windows security technologies

According to company Secunia, helping users and the organizations to receive timely notices on vulnerability of a software, many popular programs don’t use built in the last versions of Windows protection technologies.

According to a new research by Secunia, the vast majority of the 16 studied popular applications do not use any technology to prevent the execution of data (DEP), or technology randomization of address space (ASLR). The first of these is known to help prevent code execution from intended only for the data chunks of memory, and the second address is constantly changing location in the memory of the key components of the OS.

Statistics gathered by means of users of free utility Secunia PSI, testifies that among the applications developed by the companies independent of Microsoft, that supports DEP and ASLR have no are in the lead. In particular, it is a question of platform Java, Apple Quicktime, Foxit Reader, Google Picasa, OpenOffice.org, RealPlayer and VLC Player. Developers of browsers Firefox, Chrome and Opera support DEP better, however the degree of compatibility with the given technology for them varies from the version of a platform of Windows, and for ASLR and at all does not carry constant character.

The same concerns and applications of Adobe corporation which became recently the main target of hackers.

By word experts Secunia on safety to insert support DEP and ASLR it is possible, however the majority of developers neglect this possibility. Almost all manufacturers are working wrong with the technology of ASLR, which allows hackers to successfully manipulate the defaulted stack.

According to Secunia, namely lack of support for Microsoft introduced measures to protect and has in recent years, the reason that cybercriminals are turning their sights on third-party applications and not on the program created by the Redmond giant. Protection of DEP and ASLR, which enjoys all the advantages of software from Microsoft, makes the attackers look for vulnerabilities in the programs of other developers.

This entry was posted on Tuesday, July 6th, 2010 at 10:58 pm and is filed under MicroSoft News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

(no comments yet)

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.