ISV best practices, Corrupted Heap Termination, the pursuit of (security) happiness . . .

MikeHow just wrote a brief write-up of some of the things our new heap manager on Vista is capable of detecting at runtime over at the SDL blog:

As with the Low Fragmentation Heap – you can opt-in to that stuff by calling the HeapSetInformation() API and passing in the handle to your heap (or any heap in your process for that matter).

Speaking of opting-in to various good for security things – here’s a great write-up from Matt Thomlinson and the aforementioned Mikehow from last year:

The paper has a nice write-up of the following mitigation technologies in Windows for the every (wo)man:

  • /GS Stack buffer overrun detection.
  • /SafeSEH exception handling protection.
  • No eXecute (NX) / Data Execution Prevention (DEP) / eXecute Disable (XD).
  • Address space layout randomization (ASLR).
  • Heap randomization.
  • Stack randomization.
  • Heap corruption detection.

  • Comments (0)