Microsoft has clarified that the defensive measures in Windows 7 OS are not meant to prevent from each and every attack forever. This came out because of the Pwn2Own hacking contest. Various security experts circumvented the security measures in the Windows Operating System and in IE8(Internet Explorer 8), in Pwn2Own hacking contest. Various news reports were generated regarding this.
Pete LePage is the product manager in Internet Explorer’s developer division. He defended the data execution prevention (DEP) and the address space layout randomization (ASLR). LePage alluded in the blog post about the security technologies and the fire-proof safe’s fire rating and also how ASLR and DEP represents a strategy called “defense in depth”. It delays the inevitable instead of stopping it.
LePage also wrote that defense techniques are not designed to prevent the attack forever. Instead it is significantly harder for exploiting vulnerability. LePage also spelled out his belief that the defense in depth security features like ASLR and DEP continues to be the effective protection mechanism.Three-time winner of the Pwn2Own competition, Charlie Miller admitted to the computer world that exploiting the vulnerabilities are getting difficult.
Miller also said that last year it had been fine for any of the twenty bugs to win, but it is not so this year. This year the best-of-breed and the better bug wins. Really there is a need for a well-behaved special vulnerability.It has been easy for the experts to find out the flaws in the operating systems but it is easy to allow the security debate to deteriorate into the argument of “my platform is the better one” . As noted in the editorial of last Friday, Users have to ensure that they follow the best practices for the security.