Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

Fw: Partial implementation of Write ^ Execute on Windows to protect against malicious exploits of buffer overflow such as Code Red, SQL Slammer and WebDAV

1 view

Skip to first unread message

news

unread,

May 7, 2003, 2:43:38 PM5/7/03

Hi, there:

Exurity Inc. has come up with new concepts to implement partial (Write ^
Execute) methods on Windows to prevent buffer overflows from being
maliciously exploited. This technology has been tested on Windows NT 4 (SP6)
and is to be implemented on Windows 2K etc. later.

Write ^ Execute method is not a signature-based protection mechanism as so
many IDS technologies implement. Therefore, it is more generic against
Windows-based exploitation of buffer overflows. For sure, IDS technologies
do have their own technical merits and benefits. This Write ^ Execute
technology is the last defense line against buffer overflow exploitation and
makes a lot of exploitation and hacking of Windows application (server and
client alike) buffer overflows almost impossible if they manage to snake
around that far through firewall, IDS and other protection mechanism layers.

To be more specific, this technology is NOT as the mechanism implemented as
Visual C++ /GS option
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechar
t/html/vctchCompilerSecurityChecksInDepth.asp. And it is not implemented as
a segmentation mechanism either.

Write ^ Execute technology enhances Windows security for currently deployed
Windows NT 4.0 and Windows 2000 alike, or probably for Windows 2003 as well.
It provides protection for buffer overflowing applications under attack and
therefore grants extra grace period for these vulnerabilities to be patched.
If deployed, it will trap exploits of buffer overflow such as SQL Slammer,
Code Red I/II and its derivatives, WebDAV and other advanced shell codes.

Performance impact is very minimal and negligible.

If you are interested in a virtual demo, or want to integrate it into your
products, please contact us.

We did not "re-invent the wheel". We just "ported the wheel" from OpenBSD to
Windows.

Best regards

Peter Huang
http://members.rogers.com/exurity/

0 new messages