Windows Bugs Could Be Much More Serious
A key security feature in Windows doesn't work as planned. It's not a vulnerability in itself, but means that hackers who find bugs in software are much more likely to be able to do damage.
The problem is with Address Space Layout Randomization (ASLR). It deals with the way a computer organizes different programs in memory. As an analogy, it's like organizing vehicles of different sizes and makes in a parking lot.
Most operating systems support ASLR, which means that when a program starts up and needs to use the computer's memory, it's assigned a random location. In the analogy, think of cars, trucks and vans being given a completely random space every time they are parked.
Windows 8 Changed, Broke Settings
Until Windows 7, ASLR worked in a somewhat optional manner; it was up to program developers if they wanted their programs to use this feature. From Windows 8 on, however, Microsoft changed the settings so that every program would always have a random memory location each time it was loaded. In theory, this helped to keep the operating system more secure. That's because random memory locations effectively keep hackers "in the dark", so to speak.
Security researchers now claim that forcing ASLR on all programs actually broke the system, and instead meant there was no randomization. As such, programs are always assigned the same memory location. (Source: zdnet.com)
That means that a hacker who finds a bug in a particular program can much more easily find and access the program in the computer's memory. This makes it easier to exploit a security flaw in Windows and/or potentially jump straight into the operating system's memory, raising privilege levels on a rogue program.
Put another way, it means hackers could have the power to install, infect, and execute malware by remote without the user ever knowing what hit him. It also means hackers could steal financial data, passwords, or even propagate identity theft.
Wake-Up Call For Securing PCs
To return to the parking lot analogy, it's a little like a car thief who has found a way to pick the locks of all cars of a particular make. If the ASLR is not working, it means that thieves will know exactly where specific cars will be parked every time. They'll still need to know the lock picking technique, but they'll be able to find cars they can steal much more quickly, with less chance of arousing suspicion.
The good news is that any programs which were already actively set by the developers to use ASLR won't be affected. The problem is only with programs where Windows forced ASLR to run, as it is this feature which does not randomly select memory locations. (Source: theregister.co.uk)
For home users, there's not much that can be done to address the problem. Instead, it simply serves as another reason to follow good security practices and reduce the risk of being vulnerable to bugs and security flaws by keeping all software patched (including Windows) and up-to-date.
What's Your Opinion?
Are you surprised such a bug went unnoticed for so long? Will this news change the way you keep your computer secure? Should Microsoft apologize for what appears to be a major blunder?
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Cute....
"...there's not much that can be done to *address* the problem"
:-)
windows bugs
Are you surprised such a bug went unnoticed for so long?
no
Will this news change the way you keep your computer secure?
no
Should Microsoft apologize for what appears to be a major blunder?
yes