Ozone HIPS: Unbreakable Windows presented at BlackHatUSA 2005

by Eugene TsyrklevichVlad Tsyrklevich,

URL : http://www.blackhat.com/presentations/bh-usa-05/bh-us-05-tsyrklevich.pdf

Summary : Windows is the number one target on the Internet today. It takes less than 5 minutes for an unpatched Windows machine, connected to the Internet, to get owned. Yet the most prevalent security practices still consist of running anti-viruses and constant patching.
This presentation introduces a new tool, called Ozone, that is designed to protect against most of the commonly exploited attack vectors. To protect against the most common of these, buffer overflows, Ozone uses an address space randomization technique. In addition, Ozone runs all processes in a sandbox that severely limits what a compromised process is allowed to do. Finally, Ozone protects itself and the underlying operating system against further attacks.