Some Windows Vista randomization is better than no Windows Vista randomization, right? Address Space Layout Randomization is one of the new security technologies introduced in Windows Vista, and according to Symantec it has a prophylactic role. However, the Cupertino based security company has disputed and downplayed the role that randomization will play in protecting Windows Vista. Ollie Whitehouse, Symantec Architect and a member of the Security response team, has evaluated the Windows Vista ASLR and found it to be not as random as expected.

Non-uniform distribution of address usage for heap randomization, the fact that HeapAlloc has less entropy than malloc, an Image randomization bug and a PEB randomization bug are the issues Whitehouse has identified in ASLR.

"Are these problems the end of the world? No, not really. After all, some ASLR is better than no ASLR. However, these issues do potentially increase the likelihood of successful exploitation when compared to what could have been a perfect implementation," Whitehouse revealed.

Windows Vista Address Space Layout Randomization is a technology that randomly locates programs in memory with each execution or with every reboot. In this context, Microsoft has introduced a barrier that would permit Vista to mitigate the exploitation of memory corruption and memory manipulation vulnerabilities.

"The results of this analysis show that at least one aspect of ASLR's implementation did not perform as expected. Symantec found that one of the randomized components was not randomized consistently, resulting in a reduced degree of randomness in the layout of an application's memory. While ASLR continues to be effective, this reduction does increase the likelihood that an attacker can guess the correct address to target," Symantec informed.

According to the Cupertino based security vendor, Microsoft has already confirmed the ASLR issues and will address them with the release of Windows Vista Service Pack 1.