AccessMyLibrary provides FREE access to over 30 million articles from top publications available through your library.
Create a link to this page
Copy and paste this link tag into your Web page or blog:
A software risk management consultancy by the name of Cigital claims the protection mechanism in Microsoft's Visual C++.NET compiler is vulnerable to attack.
The mechanism is called /GS and is there to handle buffer overflows, the cause of a lot of Microsoft's security woes.
Cigital warns against using it. It claims /GS resembles a piece of third-party widgetry called StackGuard and it takes a dim view of StackGuard. "The StackGuard mechanism makes a poor efficiency/security tradeoff, especially as implemented in Microsoft's compiler," it says.
Microsoft claims /GS has nothing to do with StackGuard.
Cigital took impetus from a white paper written last year by Microsoft developer Brandon Bray called "How Visual C++.NET can prevent buffer overruns." Cigital thinks the title is misleading and overpromises. It claims developers might be lulled into a false sense of security and rely on the /GS feature to protect their code.