Internet Explorer 8 on Vista and Windows 7

Viral has just pinged me a write up of a hacking contest from the Washington Post (he is American after all) . The "Pwn2Own" contest at the CanSecWest security conference in Vancouver won by a 25 year German student called “Nils”.  He won $15,000 for exposing a vulnerability in IE8 beta.  This is good as this is what betas are there for and this was fixed the next day by Microsoft (as discussed here on the Microsoft Security Research & defence blog) and so the released version is that but more secure.

However browsers run on operating systems so what’s also interesting in this article is how the cross platform browser Firefox is more secure on Windows Vista / Windows 7 of their data execution prevention (DEP) and address space layout randomization (ASLR) capabilities.  XP has DEP from sp2 but  ASLR only came in with Vista and to quote  Nils “ASLR doesn't appear to be properly implemented between OS X and versions of Safari and Firefox built for that operating system”.

Finally it is only with IE8 that the browser can block the .NET DEP +ASLR bypass mechanism and so as Nels says in the article

"It's getting pretty hard to do a lot of this stuff on Windows Vista and Windows 7”  

Technorati Tags: Firefox,Safari,Internet Exploere 8,IE8,DEP,ASLR,hacking

Comments

• Anonymous
  March 30, 2009
  PingBack from http://www.windows7vista.com/andrew-fryers-blog-internet-explorer-8-on-vista-and-windows-7/

• Anonymous
  April 07, 2009
  I downloaded internet explorer onto this lovely little Windows XP black cased Eee pc and it is working really well. Browser security is great and my small screen is not protesting, in fact she likes it! (I mean my PC) That may sound weird but I treat all of my pc's as I do my female friend's ie. very well and all of my pc's also have female name's and they never let me down.