large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

A key Windows 10 security feature is actually ‘worthless’, research claims

A security feature in Windows 10 that has been touted by Microsoft as one of the reasons to upgrade to the operating system, is largely worthless according to research.

The Address Space Layout Randomisation (ASLR) feature makes up part of the security suite in Windows 10 which Microsoft has been promoting as more secure than its previous versions of Windows.

ASLR loads programs at random addresses in memory to defend against cyber security attacks that rely on executing code at programs loaded at predictable memory locations.

The feature has been available from Windows Vista, but whereas it worked with applications that adopted ASLR, with Windows 8 Microsoft introduced Force ASLR which essentially enables ASLR on all applications.

Force ASLR can be switched on through Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which since the Windows 10 Fall Creators Update, is now part of the Windows Defender Exploit Guard.

So far so good, but a security researcher Will Dormann, who works at Carnegie Mellon University computer emergency response team, tweeted an error in the implementation for Force ASLR which rendered it “worthless”.

He noted that Force ASLR ends up recollecting program memory addresses but after that it uses the same address each time they are executed, essentially losing the randomisation nature of ASLR.

“Windows 8 and newer systems that have system-wide ASLR enabled via EMET or Windows Defender Exploit Guard will have non-DYNAMICBASE applications relocated to a predictable location, thus voiding any benefit of mandatory ASLR. This can make exploitation of some classes of vulnerabilities easier,” explained Dormann.

He pointed out then Windows 7 does a better job at ASLR than later versions of Windows, which would suggest that Windows 10 isn’t as robust as Microsoft has been championing it as.

Microsoft has yet to comment on the issue, but there’s a chance it will attempt to find a way to get Force ASLR working as it should through a security update.

Related: Best Black Friday deals

Have you encountered any security gremlins in Windows 10? If so, let us know on Twitter or Facebook.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.