Microsoft Aims To Boost Security With New APIs for Developers
In a blog post yesterday, Microsoft announced new APIs that will make security settings easier for developers, particularly for those writing solutions that will run on Windows Server 2008, Windows Vista and Windows XP SP3.
The APIs support Microsoft's Data Execution Prevention approach to application security.
"We want more people to opt-in to using Data Execution Prevention (aka DEP aka NX)," the blog post from Michael Howard reads. "We've added some new APIs that allow a developer to set DEP on their process at runtime rather than using linker options. The new APIs also give developers some more flexibility if your application uses an older version of the Abstract Type Library (ATL.)"
Microsoft's DEP technologies help prevent malicious code downloads from data pages by performing "additional checks on memory," according to the company.
The new APIs are SetProcessDEPPolicy, GetSystemDEPPolicy, GetProcessDEPPolicy. More details on how to implement them, as well as possible downsides and conflicts, are described in Howard's blog post here.