anandk
12-08-2007, 10:56 AM
ReDirection Of Data to a Virtual Store.
Under a normal/standard User Account, any application that tries to write to a protected system folder like C\Program Files or C\Windows, gets automatically redirected to a Virtual File Store, which is situated within the particular users profile.
In the same fashion, if an application attempts to write to areas/keys of the registry which have System wide ramnifications, like the HKEY_LOCAL_MACHINE hive, it gets re-directed to Virtual Keys within the users section of the registry.
Applications that attempt to read from these protected file & registry locations look first in the virtual stores.
Such an action prevents malicious applications from writing to areas that could bring down the entire system.
Buffer Over-run Protection.
Address Space Layout Randomization (http://en.wikipedia.org/wiki/Address_space_layout_randomization)(ASLR) is another technology, new in Vista, that defend against the buffer overrun (http://en.wikipedia.org/wiki/Buffer_overflow)exploits.
Each time you boot Vista, the system code is loaded into different locations of the memory.
This seemingly simple change thwarts a class of well-known attacks in which the exploit code attempts to call a system function from a known location.
Just some little tidbits...
Under a normal/standard User Account, any application that tries to write to a protected system folder like C\Program Files or C\Windows, gets automatically redirected to a Virtual File Store, which is situated within the particular users profile.
In the same fashion, if an application attempts to write to areas/keys of the registry which have System wide ramnifications, like the HKEY_LOCAL_MACHINE hive, it gets re-directed to Virtual Keys within the users section of the registry.
Applications that attempt to read from these protected file & registry locations look first in the virtual stores.
Such an action prevents malicious applications from writing to areas that could bring down the entire system.
Buffer Over-run Protection.
Address Space Layout Randomization (http://en.wikipedia.org/wiki/Address_space_layout_randomization)(ASLR) is another technology, new in Vista, that defend against the buffer overrun (http://en.wikipedia.org/wiki/Buffer_overflow)exploits.
Each time you boot Vista, the system code is loaded into different locations of the memory.
This seemingly simple change thwarts a class of well-known attacks in which the exploit code attempts to call a system function from a known location.
Just some little tidbits...