installer

Problem

Security Development Lifecycle (SDL) is a group of enhanced compile-time checks that report common coding mistakes as errors, preventing them from reaching production. These checks minimize the number of security issues by enforcing strict memory access checks. They also prevent the use of hard-to-secure string and memory manipulation functions. To prove the binary has been compiled with these checks enabled, the compiler emits a special debug object. Removing the debug table eliminates this proof. Therefore, this check only applies to binaries that still have their debug tables.

Problem

High Entropy Address Space Layout Randomization (HEASLR) is a vulnerability mitigation option that forces software components to load on a different memory base address each time they are used. This makes the memory layout unpredictable, and it is therefore harder for malicious code to be reliably injected during application runtime. Memory space that 64-bit applications have at their disposal is significantly larger, but the application needs to opt in to take the advantage.

Problem

Buffer overrun protection (Stack Guard) is a vulnerability mitigation option that prevents stack-based memory corruptions. Special values, called stack cookies, are inserted in the stack immediately before the return address value. Code flow protection is achieved by monitoring for unexpected stack cookie value changes. The stack cookie value initialization is delegated to an application-defined function. That is not a recommended practice, as the protection effectiveness depends on the random number generator strength.

Problem

Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Because the code flow integrity is verified during runtime, malicious code is less likely to be able to hijack trusted execution paths.

Problem

Control Flow Guard (CFG/CFI) protects the code flow integrity by ensuring that indirect calls are made only to vetted functions. This mitigation protects dynamically resolved function targets by instrumenting the code responsible for transferring execution control. Higher-level programming languages implement structured exception handling by managing their own code flow execution paths. As such, they are subject to code flow hijacking during runtime. Language-specific exception handling mitigation enforces execution integrity by instrumenting calls to manage execution context switching. Any deviation from the known and trusted code flow paths will cause the application to terminate. This makes malicious code less likely to execute.