News & Blog


User Rating: 1 / 5

Star ActiveStar InactiveStar InactiveStar InactiveStar Inactive

windows securityI mentioned in a previous blog , see Are MAC Computers more secure, some of the technologies used in the Windows Operating system to make it secure. I am going to talk about this as simply as I can as they will become a recurring them in discussing how secure a computer is.

In particular we mentioned the following and I am just going to add a description of what they do.

Data Execution Prevention (DEP)

Prevents code being run from areas in memory which should only have data eg the heap, stack or data sections of memory.

The stack is a data structure used to retain memory adresses and associated data which will be executed at a later time.

Manipulation of the stack is a common technique in breaking windows, mac and linux operating systems enabling executable code to be placed in the stack however the stack should only contain addreses and should never have executable code within it. DEP stops this by marking areas of memory as non excutable.

The heap is a memory area where dynamic variables (data) are located and is subject to similar exploitation techniques as mentioned above.


Address Space Layout Randomization (ASLR)

Before Windows Vista executable code ie programs were loaded into memory in a predictable manner which made it easier for attackers to write code which manipulated certain structures eg stack, head , programs and libraries.

If the code always loads to the same address it is far easier to manipulate ASLR randomises the location of these objects every time they are loaded into memory.


Structured Exception Handler Overwrite Protection (SEHOP)

Export Address Table Filtering (EAF)

In order to do something useful an exploit generally needs to call functions exposed by Windows. However, in order to call one of these functions, the exploit must first find where it is loaded. This mitigation blocks the most common approach used by exploits to look up the location of a function which involves scanning the export address table of loaded libraries.


Heap Spray Allocation (HSA)

Heap Spraying is a payload delivery technique which relies on a programs heap being located in a predictable memory location. If code can be injected into the heap before an exploit causes the program to fail. HSA preallocates these predictable memory adresses before a program eg Javascript can try to own them.


Null Page Allocation (NPA)


Bottom-Up Rand (BUR)


Kernel Patch Protection

The picture shows the structure of the Windows OS and Kernel mode are those functions which User programs eg Word rely on to execute. We do not get to see code executing in kernel Mode.

windows security technologies

KPP ensures the following Kernel structures cannot be manipulated.

Modifying system service tables

Modifying the interrupt descriptor table

Modifying the global descriptor table

Using kernel stacks not allocated by the kernel

Modifying or patching code contained within the kernel itself, or the HAL or NDIS kernel libraries



Share this on:
share on twitter Share on Google + share on facebook


Guaranteed Rapid Response

Latest News from Ategra

FREE IT Newsletter

  • Get the latest news, views, ideas.

  • Get free tools, tips and resources.

  • Start to relax and stop stressing about your IT.

Subscribe now!

Ategra Pty Ltd | Ategra Computer Technology

Ategra home 35 Georgina Cres, Yarrawonga, Palmerston, NT 0830, Australia
Postal: PO Box 152 Palmerston 0831  
Ategra phone Phone: 08 8932 7888
Fax: 08 9476 6023
Ategra opening times Business Hours:
Mon ~ Fri: 8:00am - 5:00pm
Ategra email