18:45 CET, 1st July 2010 By Carsten Eiram.
Two security mechanisms that are really being promoted when it comes to later versions of Windows are DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).
These two security mechanisms can make it very hard for attackers to create reliable exploits for a vulnerability in an application and, as a result, many users feel quite safe when running these later version of Windows.
Is that feeling of safety just an illusion, though? It is if the used applications do not properly support the two security mechanisms.
Secunia Research recently gathered information on the 50 most popular non-Microsoft applications installed on Windows users' systems based on our PSI statistics. We then decided to take a closer look at 16 of them to determine if they properly supported DEP and ASLR.
Unfortunately, our research shows that most popular, non-Microsoft applications do not implement these features properly and, therefore, don't offer users the expected protection.
More information on our research can be found here.
Chief Security Specialist
Subject: DEP / ASLR Neglected in Popular Programs