The infamous Internet Worm, launched in 1988 by then Cornell University student Robert Morris, was the first worm to publicly demonstrate the risk of buffer overflow attacks. It infected thousands of systems on the Internet, frustrating military and university researchers at the time. Modern malware writers continue to exploit the same type of vulnerability on a much larger scale. The Internet has grown exponentially, connecting banks, corporations, government agencies, and private homes. The recent generation of worms, such as MS Blaster and Sasser, have attracted mass media attention because they delayed British Airways flights and affected networks from public hospitals in Hong Kong to the Sydney train system—all made possible by a single category of security vulnerability.
Buffers are fixed-length memory locations used to hold data. They can be adjacent to other memory locations also used to hold data. If a program attempts to write more data into the buffer than will fit, the remaining data can overflow into the adjacent memory location and overwrite its previous contents with malicious code. It is an esoteric task that requires a high degree of skill, but if the malicious code can then be executed, what was once a fine, upstanding member of the computer community is now, potentially, a minion of evil.
The effects of buffer overflow exploits can be dramatic and complex, though the root cause, and effective remedies, have been known for some time. It's possible to write and compile computer programs in ways that check and prevent these errors, but traditional software engineering tools and practices have failed to address the problem for decades.
New programming tools and conscientious coding can thwart buffer overflow attacks, but because rebuilding all existing computer code is impractical, techniques have been developed to mitigate the risk. Executable space protection techniques, as implemented through Microsoft's Data Execution Prevention (DEP), disallow code execution in areas of memory where it is not expected, and significantly reduce the threat of buffer overflow attacks. It's technology with a proven track record of success. Several critical exploits have already been proven to fail on DEP-enabled systems—but not all DEP is created equally.
Modern processors from both AMD and Intel include hardware-based DEP technology. Windows 7 can take full advantage of this important security feature, but it will not do so by itself. As installed,
Was this article helpful?