Online PC Support

OPS Technical Solutions : +1877-770-0433


Microsoft Secure Developmental Tool Kits

Microsoft is definitely the leading software developer today. With the inclusion of windows machines for various high budget purposes, the need for security is inevitable. The faster the technologies are developing. The downside of technology and Software are developing in the form of virus’, malwares etc. Each day, new virus’ are created. The security system needs to be up to the task to survive that attacks. Microsoft has released a new software tool to help developers write secure applications by highlighting the system changes created when their wares are installed on Windows machines. The Attack Surface Analyzer, released on Tuesday, is a free verification tool that analyzes the changes in system state, run time parameters and securable objects in the Windows operating system. The tool, which was released as part of Microsoft’s Secure Development Lifecycle, takes snapshots of a system and compares the results before and after an application is installed. It then identifies resulting classes of security weaknesses.

Microsoft’s principal security program manager David Ladd mentioned that, the tool also gives an overview of the changes to the system Microsoft considers important to the security of the platform and highlights these in the attack surface report. Among the checks performed are analysis of changed or newly added files, registry keys, services, ActiveX controls, listening ports, and access control lists. It’s available for free, for now as a beta so that Microsoft can collect feedback from users.

Attack Surface Analyzer was one of several security tools Microsoft released at this week’s Black Hat Security Conference in Washington, DC. Redmond also published the next version of its SDL Threat Modeling Tool that’s used to assess whether applications under development meets security and privacy guidelines. It now works with Microsoft Visio 2010. The software company also released version 1.2 of the SDL Binscope Binary Analyzer, a verification tool that analyzes binaries on a project – wide level to insure they comply with SDL requirements.

The new offerings add to a growing roster of free security apps Microsoft makes available for free to developers. Other tools include version 2 of EMET, short for Enhanced Mitigation Experience Toolkit. It is used to add security measures such a Data Execution Prevention and Address Space Layout Randomization to older applications and operating systems, such as Internet Explorer 6 and Windows XP. Other apps include the Microsoft Solutions Framework, exploitable Crash Analyzer, and the Microsoft MiniFuzz fuzzer tool. Tuesday’s additions come as vulnerability tracking service Secunia reported that failure to apply third-party patches – as opposed to updates from Microsoft – is almost exclusively responsible for the growing exposure of Windows machines to security threats.

Protecting the system from harmful programs are a must. Solutions for better security definitely lie in the design of the software. Most commercial systems fall in a ‘low security’ category because they rely on features not supported by secure operating systems. In commercial environments, the majority of software subversion vulnerabilities result from a few known kinds of coding defects. Common software defects include buffer overflows, format string vulnerabilities, integer overflow, and code/command injection. It is to be immediately noted that all of the foregoing are specific instances of a general class of attacks, where situations in which putative ‘data’ actually contains implicit or explicit, executable instructions are cleverly exploited. With the current technology and Operating System feature, implementing a secured system is not farfetched.

How to Troubleshoot Data Execution Prevention (DEP) in Windows 7

In Windows XP tablet OC and in Windows XP Service Pack 2 the Data Execution and Prevention is done by both Software and Hardware. Data Execution Protection known as DEP in short is a methodology or technique which runs extra checks in the data being executed in the RAM to find for any unwanted code and stop its execution. This is additional protection which prevents such code from getting executed by itself or when attached with any other legitimate application. Though both Hardware and Software DEP solve the same purpose but the way they function is quite different. Let us discuss in detail how DEP works in Windows XP SP2 and in Windows XP tablet PC.

In order for a program or a code to run it needs to be present in the memory. Every location of the memory is marked as executable and non-executable by the hardware. Malicious codes always try to run from the non-executable area of the memory because they have to start themselves. Hardware DEP checks for such data and marks the malicious code as non-executable and raises an exception for the same. All this is done by the hardware and this hardware scans all the pages being swapped into the memory. Whenever a malicious code is detected the page is marked as non-executable and then loaded into the memory. Hardware based DEP implementation depends upon the processor and almost all the processors coming these days are capable of doing so. DEP is a feature of Microsoft Windows Operating system and the two major processor makers (Intel and AMD) have designed their processors in such a way that they compliment Windows and let DEP be managed by them. AMD has incorporated no-execute page protection called as NX in its processors for handling DEP, and Intel has done the same by adding Execute Disabled Bit (XD) in its processors. These are the features available in the hardware but for Windows to use these features it has to boot the computer in Physical Address Extension mode. This mode is started by default and we do not have to do any setting for it manually.

We have seen above how the Hardware enforced DEP helps in protecting are computer by not letting the malicious code to execute, but what happens when Windows is running on a non-DEP compatible processor. In such cases the Software based DEP comes into role and it runs security checks on the data being swapped into memory by a set of predefined code or algorithm. It can be run by Windows on any processor but has major limitations to it.

Whenever a code tries to run from within the non-executable area of the memory an exception gets raised and you might get some error messages or notifications for the same. Malicious code never comes alone. It always comes within some legitimate code and stays hidden. DEP tries to catch such injected code which tries to execute itself. Hardware based DEP stops only the malicious code from running but the Software DEP stops the entire program from getting executed.

Call Now: +1 833-522-1003
Call Now: +1 833-522-1003
Call Now: +1 833-522-1003