back to article Microsoft says Win 8/10's weak randomisation is 'working as intended'

Microsoft has rebutted analysis that suggested its Address Space Layout Randomisation (ASLR) technology could be exploited. Redmond's response, posted here, was that ASLR is working as intended, and that the lack of randomisation discovered by Will Dormann - with assistance from Matt Miller of Microsoft - was a feature, not a …

  1. Anonymous Coward
    Anonymous Coward

    Glad to be sticking with Win Vista

    Because of this, I was also spared that horrible year when Win7 / 8 users were spammed incessantly with 'Upgrade to Windows 10 for free' ads.

    Microsoft thought I was unworthy to upgrade to Win 10. Thank you, Microsoft.

    1. s2bu

      Re: Glad to be sticking with Win Vista

      Vista is an abomination. It’s basically MEv2. I’d rather use 2000, or dare I even say it, 98SE!

      1. Dan 55 Silver badge

        Re: Glad to be sticking with Win Vista

        After you applied the platform update, Vista was basically Windows 7 with widgets.

      2. Ian Emery Silver badge

        Re: Glad to be sticking with Win Vista

        I think you are being nasty to Win ME; no way was it as bad as Vista.

  2. J J Carter Silver badge
    Windows

    Back in your box!

    Good rebuttal of the FUD

    1. Dan 55 Silver badge
      Trollface

      Re: Back in your box!

      It's not a bug. It just doesn't do what it did before and what people expect it to do unless you furtle around somewhere in the biggest control panel of them all, the registry. This is works as designed. Nothing to see here, please disperse.

  3. fidodogbreath Silver badge

    What do you make of it, Johnny?

    It could be a bug! It could be a feature! Or a hat! Or a pteradactyl!

  4. Anonymous Coward
    Anonymous Coward

    Windows 7

    Presumably this has been retrofitted into WIndows 7 via Windows Update along with all the Telemetry Spyware ?

    1. Anonymous Coward
      Anonymous Coward

      Re: Windows 7

      And convienently the link to fix ASLR on Windows 7 on that page [https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/] is broken, even through the web page was only put up yesterday.

      1. Anonymous Coward
        Anonymous Coward

        Re: Windows 7

        you call it a broken link, they'll call it a feature :/

        btw, it opens in my browser...

    2. Ian Emery Silver badge

      Re: Windows 7

      Anyone smart and stubborn enough to stop Win10 was surely smart and stubborn enough to stop all the spyware as well; I know I was.

      In other news, Austin/British Leyland say that the wheels falling off of the Allegro was a feature and not a bug.

      The captain of the Titanic says the ship sinking was always part of the plan, and not a bug.

      Wile E Coyote says getting hit on the head by the anvil was always his intention and should NO WAY be considered as a bug.

      1. TechnicalBen Silver badge

        Re: Windows 7

        Security roll ups make it harder. I've not got the time. :(

        1. m-k

          Re: Windows 7 / Security roll ups make it harder. I've not got the time. :(

          that was part of a plan (feature). And it works :(

    3. rmason Silver badge

      Re: Windows 7

      According to what I read yesterday it's always been this way in win7 too, just nobody noticed.

  5. John Smith 19 Gold badge
    WTF?

    "Microsoft Secure Windows Initiative"

    Now is that secure as in "Prevents malware running" or secure as in not allowing you to run what appears to be a video or song you have not bought from a recognized media outlet?

    It's so hard keep up with Microsoft sometimes.

    Because MS has used both, and does both.

  6. Anonymous Coward
    Anonymous Coward

    One mans bug is a another mans feature said no one ever.

  7. phy445

    Nothing to do with article but...

    The google ad in the right hand column where there is usually some IT related ad or a link to a wallet that will change my life currently shows a lady in a swim suit and is mildly distracting. Is this a side effect of blocking cross-site tracking or google's AI mocking me in some way?

    1. Anonymous Coward
      Anonymous Coward

      Re: Nothing to do with article but...

      it's a bugged feature of targeted advertising. Proof that ad-blocking works 100% as designed (when you allow some). Enjoy while it lasts, i.e. until "they" find a way to be even more targeted, e.g. a man in a monokini on a motorbike.

      1. NonSSL-Login

        Slightly to do with article but...

        It's not a bug, it's a feature....

  8. Digitall

    Temp fix

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel]

    "MitigationOptions"=hex:00,01,01,00,00,00,00,00,00,00,00,00,00,00,00,00

    Temporary fix until MS decides to address the issue available from https://www.bleepingcomputer.com/news/security/windows-8-and-later-fail-to-properly-apply-aslr-heres-how-to-fix/

    Thanks to Catalin Cimpanu :)

  9. Zippy's Sausage Factory
    Joke

    I'm not sure I understand this...

    There's a "full hardened" mode that you enable via a registry setting, but it might break stuff.

    There's a "full hardened mode but only for processes they say they're OK with it" that's the default, and probably won't break most stuff.

    Given that there's like a gazillion sheep Windows users, doesn't it make sense to not break stuff if possible? I mean let's face it, your average idiot corporate user doesn't care much about security, so long as they can run that silly joke problem they got from their mate down the pub some old finance application the company shelled out for when Windows 98 was an exciting new prospect...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019