kemical

Windows Forum Admin
Staff member
Premium Supporter
Joined
Aug 28, 2007
Messages
36,176
Windows 7 might get fixed

Eventually
By Link Removed - Invalid URL
Thursday, 31 December 2009, 12:04



MICROSOFT WINDOWS HACKER Mark Russinovich has been telling Beta News how he fixed a problem that has been plaguing Windows for the last 20 years.
For ages malware writers have been tricking Windows into executing data as though it were code. Malware places data into the Windows "heap" that bears the pattern of executable instructions.
When something crashes it can leave the system a state where the data in that heap is pointed to and then executed. Security software can only wait for patterns of such heap corruption to appear, and then act. Which is often too late.
Russinovich was hired by the Vole to improve system reliability. Windows 7 included a lot of his ideas to harden the whole process.
The first thing that he changed was to develop a Unified Background Process Manager that reduces the number of concurrently running processes in Windows.
Russinovich said that a lot of what made Vista and its predecessors slow were services hanging around in memory, waiting for an excuse to do something useful.
The idea was not new. Windows 2000 had introduced something called Event Tracing. That gives Windows 7 the trigger to start or stop a service.
This means that the Windows Error Reporting service wakes up sooner. Russinovich adapted it so it can analyse the causes of crashes as they happen.
Looking at some of the data Russinovich discovered that 15 per cent of all user-mode crashes are caused by heap corruption. He also found that a third of all crashes that happen during Windows shutdown are caused by heap corruption.
With a new Windows Error Reporting service, engineers can craft more effective ways to address the root problems of as much as one-third of key categories of crashes.
Russinovich then worked out a fix called the fault-tolerant heap. When Windows 7 sees heap corruption in a process, it enables heap mitigation. Then it monitors the effectiveness of the heap mitigation, and if that's effective it keeps the fix.
It also looks at the software that caused the heap corruption and warns the Vole. µ
Link Removed
 


Windows 7 Might Get Fixed
Mark Russinovich, a well-known Microsoft Windows hacker, recently shared with Beta News how he applied a fix for a problem that's troubled Windows for nearly 20 years.
For years, malware writers have exploited a weakness in Windows by tricking the operating system into executing data as code—specifically, data placed in the Windows "heap" that resembles executable instructions. When a system crashes, it might continue to run with malicious or corrupted data from that heap. Traditional security software often detects such heap corruption only after it has already caused a crash.
Russinovich was brought in by the Vole to bolster system reliability, and many of his ideas have been integrated into Windows 7. One key change he implemented was developing a Unified Background Process Manager to reduce the number of concurrently running processes—many of which in previous versions (like Vista and earlier) were idle yet contributed to slowdowns by waiting for an excuse to become active. This concept isn’t entirely new; Windows 2000 introduced Event Tracing, which gives Windows 7 the necessary trigger to start or stop a service more efficiently.
A revamped Windows Error Reporting service now springs into action earlier, analyzing crash causes as they occur. According to Russinovich’s findings, about 15% of all user-mode crashes stem from heap corruption, with a third of the crashes during Windows shutdown also caused by this issue.
His fix, dubbed the "fault-tolerant heap," works by enabling heap mitigation when corruption is detected in a process. It then monitors the effectiveness of this mitigation—if it proves effective, Windows 7 keeps the fix in place. Furthermore, the system assesses the software causing the heap corruption and alerts the Vole for further action.
This breakthrough might address a significant portion of legacy crash issues, promising improved stability and reliability for Windows 7.
Link Removed
 


Back
Top