AccessMyLibrary provides FREE access to over 30 million articles from top publications available through your library.

Index of articles > Business > Computers and Office Automation Industries publications > Client Server News articles > February 2002 articles
Close

Create a link to this page

Copy and paste this link tag into your Web page or blog:

<a href="http://www.accessmylibrary.com/article-1G1-83146259/vc-net-compiler-called.html" title="Facts and information about VC++.NET Compiler Called "Vulerability Seeder".">VC++.NET Compiler Called "Vulerability Seeder".</a>
Close Set up an RSS feed that alerts you when new articles from Client Server News are available.
XML Add to My Yahoo! Add to My AOL Add to Google Subscribe in NewsGator
Frequently asked questions about RSS feeds

VC++.NET Compiler Called "Vulerability Seeder".

Client Server News

| February 25, 2002 | COPYRIGHT 2002 G2 Computer Intelligence. This material is published under license from the publisher through the Gale Group, Farmington Hills, Michigan.  All inquiries regarding rights should be directed to the Gale Group. (Hide copyright information)Copyright

A software risk management consultancy by the name of Cigital claims the protection mechanism in Microsoft's Visual C++.NET compiler is vulnerable to attack.

The mechanism is called /GS and is there to handle buffer overflows, the cause of a lot of Microsoft's security woes.

Cigital warns against using it. It claims /GS resembles a piece of third-party widgetry called StackGuard and it takes a dim view of StackGuard. "The StackGuard mechanism makes a poor efficiency/security tradeoff, especially as implemented in Microsoft's compiler," it says.

Microsoft claims /GS has nothing to do with StackGuard.

Cigital took impetus from a white paper written last year by Microsoft developer Brandon Bray called "How Visual C++.NET can prevent buffer overruns." Cigital thinks the title is misleading and overpromises. It claims developers might be lulled into a false sense of security and rely on the /GS feature to protect their code.

In response, Microsoft has pulled Bray's piece off the MSDN developers' web site for "updating" and the company concedes, "The title is probably not the best title in the whole world."

...
View articles courtesy of your local library
Related articles from newspapers, magazines, journals, and more
For more facts and information, see all results

Source: HighBeam Research, VC++.NET Compiler Called "Vulerability Seeder".

©2009 Gale, a part of Cengage Learning. All rights reserved.
About us | FAQs | Contact us | Privacy policy | Terms and conditions
Other Gale sites: Encyclopedia.com | HighBeam Research | Acquire Content | Books & Authors | Goliath | MovieRetriever | Smart QandA