Security analyst Will Dormann of Carnegie Mellon University’s CERT Coordination Center (CERT/CC) caused a major kerfuffle earlier this month when he tweeted that Windows 10’s implementation of a security feature known as system-wide mandatory ASLR is “essentially worthless.”
That led to a flurry of caustic headlines in the tech press, typified by ZDNet’s own story on the issue: Key Windows 10 defense is ‘worthless’ and bug dates back to Windows 8.
That headline has two problems.
First, the feature in question isn’t a “key Windows 10 defense.” System-wide mandatory ASLR is an esoteric option that applies mostly in edge cases and has to be configured manually.