Vista Security Features Finally Getting Some Respect


ASLR, NX Finally Arrive in QuickTime

Support for one of Windows Vista's best behind-the scenes security features, address space layout randomization (ASLR), is now available in Apple QuickTime 7.4.5 for Windows, eWeek reports . ASLR, which randomly locates program start and other key address locations each time an ASLR-compliant program runs on Windows Vista, is a key feature of Windows Vista that, so far, has seen limited use in third-party applications.

QuickTime 7.4.5 also includes support for hardware NX (No Execute), better known as Data Execution Protection , which, unlike ASLR, is widely supported in third-party applications. Given the frequent security patches QuickTime's needed over the last year or so, it's about time it received some significant beefing up in this area.

IE8 to Enable NX/DEP by Default

And, speaking of NX/DEP, Microsoft's IE8, currently in early beta , will have NX/DEP enabled by default on Windows Vista and its architectural sibling, Windows Server 2008. No word on when IE8 betas will include this improvement.

Improved Security Just in Time, as XSS Attacks Continue to Run Wild

It's a good thing that QuickTime and IE8 are getting "hardened up," as the BBC reports that XSS (Cross-Site-Scripting) vulnerabilities continue to make all parts of the Web potentially dangerous.

Around the web