Tag: windows 7 security

Posted on

Windows 7 AutoRun Changes


Microsoft are making a number of advancements with Windows 7 (see Safe Unlinking) and there’s another change being made-this time to the AutoRun feature.

More and more malware is using the Autorun feature as a way of getting itself onto machines, the most high profile being Conficker; so MS have moved to prevent this in their latest Operating System.

What is AutoRun?

AutoRun is a technology used to start some programs automatically when a CD or another media is inserted into a computer. The main purpose of AutoRun is to provide a software response to hardware actions that a user starts on a computer (from MS Security Research & Defense Blog).

What are MS doing?

The Microsoft engineers have made changes in Windows 7 to help prevent the spread of Malware:

1) AutoPlay will still work for CD/DVDs but it will no longer work for USB drives. For example, if an infected USB drive is inserted on a machine then the AutoRun task will not be displayed. The dialogs below highlight the difference that users will see after this change. Before the change, the malware is leveraging AutoRun (box in red) to confuse the user. After the change, AutoRun will no longer work, so the AutoPlay options are safe.

AutoRun1autorun2

This, and other changes, can already be seen in the Windows 7 RC  that is available for download now. Microsoft also plan on making these changes available for XP & Vista users. You can see full details over at the MS Security Research & Defense Blog.

Posted on

Windows 7 Kernel Feature Improves Security – Safe Unlinking


The Windows 7 kernel has a new feature called “Safe Unlinking”, to help increase security and prevent vulnerabilities known as pool overrun attacks. This will make the experience of using Windows 7 faster, more reliable and above all, safer by making it harder for people to launch these attacks.

It sits in the memory allocation section of the kernel and performs a series of checks to detect memory corruption, and potential pool overrun attacks. This is the latest in a succession of new security features that MS have been adding over the last few years including:

  • Stack protection (/GS)
  • Data Execution Prevention (DEP)
  • Heap Protection
  • Address Space Layout Randomization (ASLR)
  • Structured Exception Handler Overwrite Protection (SEHOP)

Peter Beck, from Microsoft’s Security Research & Defense team says:

“This simple check blocks the most common exploit technique for pool overruns. It doesn’t mean pool overruns are impossible to exploit, but it significantly increases the work for an attacker”.

What is an overrun attack?

Wikipedia explains it as:

“Memory (on the heap) is dynamically allocated by the application at run-time and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers.”

Safe Unlinking will also help improve the reliability of Windows 7 by performing a Bug Check as soon as an overrun is detected, which will prevent further memory corruption, crashes and errors.

More detailed technical information can be found on the MS Security Research & Defense blog here.

Website Powered by WordPress.com.