MikeHow just wrote a brief write-up of some of the things our new heap manager on Vista is capable of detecting at runtime over at the SDL blog: http://blogs.msdn.com/sdl/archive/2008/06/06/corrupted-heap-termination-redux.aspx

As with the Low Fragmentation Heap - you can opt-in to that stuff by calling the HeapSetInformation() API and passing in the handle to your heap (or any heap in your process for that matter).

Speaking of opting-in to various good for security things - here's a great write-up from Matt Thomlinson and the aforementioned Mikehow from last year: http://msdn.microsoft.com/en-us/library/bb430720.aspx

The paper has a nice write-up of the following mitigation technologies in Windows for the every (wo)man:

  • /GS Stack buffer overrun detection.
  • /SafeSEH exception handling protection.
  • No eXecute (NX) / Data Execution Prevention (DEP) / eXecute Disable (XD).
  • Address space layout randomization (ASLR).
  • Heap randomization.
  • Stack randomization.
  • Heap corruption detection.