For an introduction to the security implications of Windows Vista, the overview paper, blog and podcast below are the place to begin. The remaining research available on this page provides in-depth technical analysis of Vista's many new components.
The term "buffer overflow" used to exist only in the lingo of serious security professionals and vulnerability researchers. However, the number of buffer overflow vulnerabilities discovered in previous versions of Windows have made this term an all-too-common part of industry vocabulary. Learn how GS addresses these common classes of software flaws on Windows Vista, and the security exposure that still remains.
Much has been made of Vista's new protection features, but can they withstand the onslaught of today's malware threats? What would it take for malware authors to achieve Vista compatibility and usher in a new breed of Vista-compatible threats? This paper takes a look at the early answers to these questions based on Symantec's testing.
Vista has new defenses for a broad variety of memory manipulation attacks ranging from memory corruption errors to heap overflows. Named Address Space Layout Randomization (ASLR), the goal is to "shuffle" the address space deck so that common footholds are nearly impossible for attackers to find. Explore ASLR's effectiveness as a barrier to memory manipulation attacks.
The Microsoft Windows networking stack has witnessed a complete overhaul with the release of Windows Vista. Everything from core protocols, TCP and IP, to application layer protocols, RPC and SMB, have been affected. This paper provides an in-depth security analysis of this new stack, its resistance to legacy attacks, and the exposure that still remains.
Teredo is a new network protocol that provides IPv6 support on IPv4 networks. While this Microsoft-designed protocol allows for a smoother migration to IPv6, there are serious security implications when using Teredo in a corporate environment. This paper provides a security analysis of the Teredo protocol, as well as the risks that are associated with it.