RSS Alerts

Share

More services

Related Links

Related Stories

  • Testing begins for Intel's remote kill technology
    Intel's Anti-Theft (AT) technology – which allows companies to give a remote command to a laptop PC to disable access to the computer's operating system or, where appropriate, disable the encryption key system – is reportedly being tested by a number of companies around the world.
  • Multi-topology Apple OSX VPN software unveiled
    Apple has supported VPN client technology on its Mac platform since the earliest days of the Mac operating system, but now German company, NCP Engineering, has developed a multi-topology highly secure VPN client for the Mac OS X environment.
  • F-Secure research shows persistent password trouble
    Research just published by veteran AV vendor F-Secure claims that the message about using unique passwords on different systems is still not getting through to end users of technology.
  • ISACA identifies top five social media risks for business
    A white paper just published by ISACA, the not-for-profit IT security association, claims to show that five main social media issues pose a serious security risk for most businesses.
  • Adobe fixes Flash flaw in five days
    Adobe has quietly fixed the 'critical' security flaw affecting its Flash and Reader software that it revealed earlier this week. The issue has been fixed in an urgent patch folded in with a raft of updates that are claimed to solve 32 documented problems with Adobe's software.

Top 5 Stories

News

Software vendors failing to use Microsoft Windows security systems

02 July 2010

Danish security tracking company Secunia has reported that around half of third-party software applications are failing to use two key Windows security features developed by Microsoft.

Secunia's researchers have revealed that many of the applications they examined – including Apple Quicktime, Foxit Reader, Google Picasa, Java and OpenOffice.org – do not support two Windows features; Address Space Layout Randomisation (ASLR), which dynamically moves memory access points around, and Data Execution Protection (DEP), which helps to block memory-based code execution by unauthorised software.

Secunia says that adoption of DEP has been slow and uneven between operating system versions, and that ASLR support is improperly implemented by nearly all vendors.

Reporting on the research, security expert Brian Krebs said that he followed up the report's findings with the makers of all eight products that Secunia said ignored both DEP and ASLR, "and received a few encouraging answers."

"VLC maker VideonLAN said the most recent version – v1.1.0 – takes advantage of both features. Foxit Software said its Foxit Reader will support ASLR and DEP in the next major release", he said in his security blog posting.

Interestingly, PC Mag security reporter Larry Seltzer said that his investigations and observations do not agree with Secunia's "shocking" findings.

"In a number of cases... Secunia puts a 'no' in their table when there is partial support, such as Shockwave's DEP in some browsers but not others. This seems misleading to me", he said in his blog posting.

"But I do want to thank them for bringing to my attention the false support for ASLR in some of these programmes, as they set the bit for their main image load but then load DLLs at fixed addresses. Shame on you Adobe, Apple, Mozilla and Opera", he added.

According to Seltzer, it's worth noting that Foxit Reader gets a lot of attention and installs as a supposedly safe alternative to Adobe Reader.

"While you may be safer for the fact that Foxit isn't targeted in the way that Adobe's Reader is, Foxit Software appears to be putting a lot less effort into their security than Adobe."

This article is featured in:
Application Security • Malware and Hardware Security

 

Comments

ravendawson says:

21 October 2010
This article addresses one of today's hottest issues in the internet world and that is--Security. Computer security is a very important area of discussion, with the advent of malicious programs like Spyware and Adware, besides viruses and Trojan horses. It's kinda scary to know that a majority of programs don't abide with the security features developed by Microsoft. In a way, it's also quite disappointing cause for all people know, these products are great since they're popular and alot of people patronize them. I myself is a frequent user of quick time and java.

I'm the type of user who is very particular when it comes to security so I take every opportunity I can to have security applications and settings that come along with Windows and that I found another interesting topic discussing them here: http://www.programerrorsfix.com/microsoft-windows-security.html

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012