Just days after a pair of researchers outwitted major Windows 7 defenses to exploit Internet Explorer and Firefox, Microsoft said the measures aren't meant to "prevent every attack forever."

At the same time, it defended the security measures, saying they remain an effective way to hinder exploits.

Pete LePage, a product manager in IE's developer division, stood up for DEP (data execution prevention) and ASLR (address space layout randomization), the security features that two hackers sidestepped to win $10,000 each at the high-profile Pwn2Own hacking contest last Wednesday.

"Defense-in-depth techniques aren't designed to prevent every attack forever, but to instead make it significantly harder to exploit a vulnerability," LePage said, referring to DEP, ASLR and another feature specific to IE, called Protected Mode.

Full story: Computerworld