Partial implementation of Write ^ Execute on Windows to protect against malicious exploits of buffer overflow such as Code Red, SQL Slammer and WebDAV
From: news (exOttawaREMOVE_at_rogers.com)
Date: Wed, 07 May 2003 18:27:51 GMT
Exurity Inc. has come up with new concepts to implement partial (Write ^
Execute) methods on Windows to prevent buffer overflows from being
maliciously exploited. This technology has been tested on Windows NT 4 (SP6)
and is to be implemented on Windows 2K etc. later.
Write ^ Execute method is not a signature-based protection mechanism as so
many IDS technologies implement. Therefore, it is more generic against
Windows-based exploitation of buffer overflows. For sure, IDS technologies
do have their own technical merits and benefits. This Write ^ Execute
technology is the last defense line against buffer overflow exploitation and
makes a lot of exploitation and hacking of Windows application (server and
client alike) buffer overflows almost impossible if they manage to snake
around that far through firewall, IDS and other protection mechanism layers.
To be more specific, this technology is NOT as the mechanism implemented as
Visual C++ /GS option
t/html/vctchCompilerSecurityChecksInDepth.asp. And it is not implemented as
a segmentation mechanism either.
Write ^ Execute technology enhances Windows security for currently deployed
Windows NT 4.0 and Windows 2000 alike, or probably for Windows 2003 as well.
It provides protection for buffer overflowing applications under attack and
therefore grants extra grace period for these vulnerabilities to be patched.
If deployed, it will trap exploits of buffer overflow such as SQL Slammer,
Code Red I/II and its derivatives, WebDAV and other advanced shell codes.
Performance impact is very minimal and negligible.
If you are interested in a virtual demo, or want to integrate it into your
products, please contact us.
We did not "re-invent the wheel". We just "ported the wheel" from OpenBSD to