Logo
programming4us
programming4us
programming4us
programming4us
Windows XP
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone
 
 
programming4us
Windows 7

Protecting Windows from Viruses and Spyware : Antimalware Strategy: Defense in Depth (part 3) - Data Execution Prevention

1/24/2013 6:30:54 PM

4. Personal Firewalls: A Layer of Protection from Worms

Because worms spread across networks without user interaction, antivirus programs that seek to prevent users from launching viruses do not apply. Defense against worms demands a layered defense, where the first layer is a good network firewall.

5. Automatic Updates: Remove the Side Doors

In conjunction with antivirus, antispyware, and personal firewall software, automatic updates are a critical part of a solid security strategy because they shut down avenues of attack as soon as they are discovered. Malware often relies on flaws found in software to work. These flaws are akin to open side doors to your home that, hopefully, nobody knows about. There they stand as an open invitation for malware to walk in. Automatic updates don’t just shut the door; they usually remove the door entirely and put a permanent wall in its place. You can enable and configure automatic updates in the Security section in Action Center. If daily updates at 3:00 a.m. do not suit you, adjust the time and frequency as you like.

6. Data Execution Prevention

The infamous Internet Worm, launched in 1988 by then Cornell University student Robert Morris, was the first worm to publicly demonstrate the risk of buffer overflow attacks. It infected thousands of systems on the Internet, frustrating military and university researchers at the time. Modern malware writers continue to exploit the same type of vulnerability on a much larger scale. The Internet has grown exponentially, connecting banks, corporations, government agencies, and private homes. The recent generation of worms, such as MS Blaster and Sasser, have attracted mass media attention because they delayed British Airways flights and affected networks from public hospitals in Hong Kong to the Sydney train system—all made possible by a single category of security vulnerability.

Buffers are fixed-length memory locations used to hold data. They can be adjacent to other memory locations also used to hold data. If a program attempts to write more data into the buffer than will fit, the remaining data can overflow into the adjacent memory location and overwrite its previous contents with malicious code. It is an esoteric task that requires a high degree of skill, but if the malicious code can then be executed, what was once a fine, upstanding member of the computer community is now, potentially, a minion of evil.

The effects of buffer overflow exploits can be dramatic and complex, though the root cause, and effective remedies, have been known for some time. It’s possible to write and compile computer programs in ways that check and prevent these errors, but traditional software engineering tools and practices have failed to address the problem for decades.

New programming tools and conscientious coding can thwart buffer overflow attacks, but because rebuilding all existing computer code is impractical, techniques have been developed to mitigate the risk. Executable space protection techniques, as implemented through Microsoft’s Data Execution Prevention (DEP), disallow code execution in areas of memory where it is not expected, and significantly reduce the threat of buffer overflow attacks. It’s technology with a proven track record of success. Several critical exploits have already been proven to fail on DEP-enabled systems—but not all DEP is created equally.

Modern processors from both AMD and Intel include hardware-based DEP technology. Windows 7 can take full advantage of this important security feature, but it will not do so by itself. As installed, DEP is enabled only for core Windows components. To take full advantage of DEP for non-Windows programs, you must find the Data Execution Prevention menu, nestled deep in the user interface, and turn on DEP for all programs. Microsoft did not enable this setting because some programs do not work with DEP enabled. This should not deter you from taking full advantage of DEP because, as shown in Figure 5, there is an exception list, and the trouble is worth the extra security.

Figure 5. Enable DEP for all programs and services.

To enable DEP, follow these steps:

1.
Select Start, Control Panel, System and Security.

2.
Choose System, Advanced System Settings.

3.
On the Advanced tab of the Performance Options dialog box, click Settings (under Performance), and then select the Data Execution Prevention tab.

4.
Select the Turn on DEP for All Programs and Services radio button.

5.
Click OK. In the System Properties dialog box that prompts you to restart your computer, click OK.

6.
Close any remaining dialog boxes and windows, and then restart your computer.

Hardware DEP takes advantage of the processor’s inherent security features. Even if your computer lacks an AMD processor with NX (No Execute) or an Intel processor with XD (Execute Disabled) features, Windows 7 can still provide some level of buffer overflow protection using software DEP. Although not as good as hardware DEP, software DEP has proven effective against real-world exploits. It can protect the exception-handling processes in Windows and provides better protection when programs are built specifically to support software DEP.

Note

In addition to DEP, Windows 7 uses address space layout randomization (ASLR) to combat malicious code execution. Without ASLR, key OS components load in predictable locations that are more easily targeted. Randomizing the location of executable images adds a new level of difficulty for would-be exploiters but not for you. This protection activates and selects new random locations automatically at startup.

Other -----------------
- Managing Windows 7 : Managing Multiple Monitors
- Managing Windows 7 : Controlling the Power Options
- Managing Windows 7 : Creating a Linked Online ID, Managing Travel Settings
- Designing an Update Management Strategy : Updating with System Center Configuration Manager
- Designing an Update Management Strategy : Configuring an Update Testing Infrastructure, Verifying Update Deployment
- Zero Touch Installations : Creating and Capturing a Reference Image (part 3) - Advertise the Reference Image Task Sequence, Run the Reference Image Task Sequence
- Zero Touch Installations : Creating and Capturing a Reference Image (part 2) - Install Packages on the Distribution Points, Create a Collection and a Computer Association
- Zero Touch Installations : Creating and Capturing a Reference Image (part 1)
- Preparing and Configuring Boot Images (part 2) - Adding Drivers to a Boot Image
- Preparing and Configuring Boot Images (part 1) - Creating Boot Images
 
 
Video tutorials
- How To Install Windows 8 On VMware Workstation 9

- How To Install Windows 8

- How To Install Windows Server 2012

- How To Disable Windows 8 Metro UI

- How To Change Account Picture In Windows 8

- How To Unlock Administrator Account in Windows 8

- How To Restart, Log Off And Shutdown Windows 8

- How To Login To Skype Using A Microsoft Account

- How To Enable Aero Glass Effect In Windows 8

- How To Disable Windows Update in Windows 8

- How To Disable Windows 8 Metro UI

- How To Add Widgets To Windows 8 Lock Screen
programming4us programming4us
Popular tags
Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 windows Phone 7 windows Phone 8
programming4us programming4us
 
Popular keywords
HOW TO Swimlane in Visio Visio sort key Pen and Touch Creating groups in Windows Server Raid in Windows Server Exchange 2010 maintenance Exchange server mail enabled groups Debugging Tools Collaborating
programming4us programming4us
 
programming4us
Women
programming4us
Windows Vista
programming4us
Windows 7
programming4us
Windows Azure
programming4us
Windows Server
programming4us
Windows Phone