Browser support for Data Execution Prevention technology
As you know, much of the malware that infiltrates users' computers gets there using bugs in browsers, and even more often in popular plugins such as Flash, Adobe Reader, Java, etc.
At the same time, a significant part of such vulnerabilities (namely, those related to buffer overflows ) could be blocked by including support for the Data Execution Prevention technology available in the Windows operating system, starting with XP SP2, for the browser and its plugins.
In short: this technology prohibits the execution of code from memory areas marked as “non-executable,” that is, containing data not intended for execution by the processor. Thus, if you try to use a buffer overflow to run arbitrary code, an exception will be generated, and the affected program will be closed.
')
Unfortunately, not all programs are able to fully operate in DEP mode, and popular browsers are no exception. Here is a brief overview of the possibilities for working in the DEP mode of modern browsers.
In IE7, work in DEP mode was forcibly disabled by default due to problems with plug-ins. In msdn, they write that IE8 by default includes DEP support for both the browser and child processes (plug-ins, activex, etc.), while IEBlog claims that there are no problems with popular plug-ins when using DEP link in the comments).
It is known that Chrome not only supports work in DEP mode, but also specifically includes it in order to increase the security of the main browser processes (but for plugins, DEP is enabled in a limited compatibility mode).
Firefox crashes related to DEP are actively discussed on the mozilla forums, including the latest versions of FF. At the same time, I could not find any confirmed DEP-related bugs related to recent versions of the browser in the bugzilla (I checked all unconfirmed DEP-related bugs on XP / SP3 / FF3.6 - they were not confirmed). The comments state that no problems with FF with DEP enabled were noticed.
Opera developers claim that Opera can work in DEP mode , starting with version 9.64 (while the normal operation of this browser in DEP mode, it seems, begins only with version 10.50rc3, in which they fixed an important bug related to DEP). Whether the plugins are supported in DEP mode is not known.
I could not find reliable information about the presence or absence of DEP support in Safari for Windows.
PS: Do not confuse “supports DEP” (i.e., is able to work normally if DEP is enabled for all applications in the system by default) and “specifically enables DEP” (i.e., sets the DEP mode for your process, even if DEP is disabled at system level).
PPS: Of course, system administrators should keep in mind that DEP is not a panacea . ASLR on Vista / Seven and installing WehnTrust on XP can provide more serious protection (in fact, the same trick, there’s just no native ASLR support in XP). But this is a completely different story, however, if there is interest in the subject, I will make a separate note.
UPD: More about the implementation of DEP support in Chrome ( translation # 1 , translation # 2 ). The author believes that the developers of this browser may have had to disassemble windows in order to understand how to change the DEP modes for your process in XP (in Vista, this can be done through documented APIs).
At the same time, a significant part of such vulnerabilities (namely, those related to buffer overflows ) could be blocked by including support for the Data Execution Prevention technology available in the Windows operating system, starting with XP SP2, for the browser and its plugins.
In short: this technology prohibits the execution of code from memory areas marked as “non-executable,” that is, containing data not intended for execution by the processor. Thus, if you try to use a buffer overflow to run arbitrary code, an exception will be generated, and the affected program will be closed.
')
Unfortunately, not all programs are able to fully operate in DEP mode, and popular browsers are no exception. Here is a brief overview of the possibilities for working in the DEP mode of modern browsers.
Internet Explorer
In IE7, work in DEP mode was forcibly disabled by default due to problems with plug-ins. In msdn, they write that IE8 by default includes DEP support for both the browser and child processes (plug-ins, activex, etc.), while IEBlog claims that there are no problems with popular plug-ins when using DEP link in the comments).
Chrome
It is known that Chrome not only supports work in DEP mode, but also specifically includes it in order to increase the security of the main browser processes (but for plugins, DEP is enabled in a limited compatibility mode).
Firefox
Firefox crashes related to DEP are actively discussed on the mozilla forums, including the latest versions of FF. At the same time, I could not find any confirmed DEP-related bugs related to recent versions of the browser in the bugzilla (I checked all unconfirmed DEP-related bugs on XP / SP3 / FF3.6 - they were not confirmed). The comments state that no problems with FF with DEP enabled were noticed.
Opera
Opera developers claim that Opera can work in DEP mode , starting with version 9.64 (while the normal operation of this browser in DEP mode, it seems, begins only with version 10.50rc3, in which they fixed an important bug related to DEP). Whether the plugins are supported in DEP mode is not known.
Safari
I could not find reliable information about the presence or absence of DEP support in Safari for Windows.
PS: Do not confuse “supports DEP” (i.e., is able to work normally if DEP is enabled for all applications in the system by default) and “specifically enables DEP” (i.e., sets the DEP mode for your process, even if DEP is disabled at system level).
PPS: Of course, system administrators should keep in mind that DEP is not a panacea . ASLR on Vista / Seven and installing WehnTrust on XP can provide more serious protection (in fact, the same trick, there’s just no native ASLR support in XP). But this is a completely different story, however, if there is interest in the subject, I will make a separate note.
UPD: More about the implementation of DEP support in Chrome ( translation # 1 , translation # 2 ). The author believes that the developers of this browser may have had to disassemble windows in order to understand how to change the DEP modes for your process in XP (in Vista, this can be done through documented APIs).
Source: https://habr.com/ru/post/88961/
All Articles