Husar, as I understand it, the newer security models (mandatory signed drivers, random memory positioning (which has a name which I forget)*, etc.) were incorporated into 64-bit Windows, and not into 32-bit. That's what I'm talking about. Also, 64-bit Windows has the same advantage as OS X; it's the minority. So lazy spyware/adware/malware writers in Bulgaria are less likely to target your platform. Something to think about.
-edit-
*Ah, here it is: Address space layout randomization. So obvious I would have never guessed it.
Address space layout randomization relies on the low chance of an attacker guessing where randomly-placed areas are located; security is increased by increasing the search space. Thus, address space randomization is more effective when more entropy is present in the random offsets. Entropy is increased by either raising the amount of virtual memory area space the randomization occurs over, or reducing the period the randomization occurs over; the period is typically implemented as small as possible, so most systems must increase VMA space randomization.
To defeat the randomization attackers must successfully guess the positions of all areas they wish to attack. For data areas such as stack and heap, where custom code or useful data can be loaded, more than one state can be attacked by using NOP slides for code or repeated copies of data; this allows an attack to succeed if the area is randomized to one of a handful of values. In contrast, code areas such as library base and main executable need to be discovered exactly. Often these areas are mixed, for example stack frames are injected onto the stack and a library is returned into.
Bookmarks