2011-03-07 10:29 AEST by Arthur Barrett - Starting with Windows XP SP2 and Windows Server 2003, Microsoft Windows offers 
a number of defensive enhancements for processes, eg: Data Execution 
Prevention.
http://technet.microsoft.com/en-us/library/cc738483(WS.10).aspx

Since CVS Suite 2009 is XP and later, we can start to turn these features on 
(eg: Suite 2009 Server, or Suite 2010 Server).  It could also be turned on for 
the client (eg: CVSNT 2.5.05).

More info here:
http://technet.microsoft.com/en-us/library/cc738483(WS.10).aspx

Already enabled (Suite 2008/Suite 2009):
•/GS Stack buffer overrun detection.

Suggest enabling (Suite 2009/Suite 2010/CVSNT 2.5.05)
•/RELEASE checksum in header of EXE.
•/SafeSEH exception handling protection.
•Data Execution Prevention (DEP) / No eXecute (NX).
Note: Need to test on a DEP-capable CPU, note and fix any failures due to DEP

Suggest enabling in installer (Suite 2009/Suite 2010/CVSNT 2.5.05) Windows 7+:
•Structured Exception Handler Overwrite Protection (SEHOP).

Suggest enabling when move to VS.NET 2005 (CVNST 2.5.05):
•Address space layout randomization (ASLR).

Suggest enabling in a future release (CVS Suite 2010 or 2011):
•Pointer Encoding. 
    •struct request requests[] in server.cpp; and 
    •struct response in client.h
•Heap corruption detection/Heap Metadata Protection
    wmain in win32.cpp already calls HeapSetInformation() on Vista+
     -- needs to add HeapEnableTerminationOnCorruption


We have no intention of supporting this recommendation since these problems 
are already mitigated by extensive code review (F&OSS):
•Migration of buffer-overrun prone functions to safer versions.