Security software can reduce effectiveness of DEP/ASLR

[m00nbl00d]

Quote:

Originally Posted by Tarnak

I have read most of the posts with interest. However, since I run XP, I see no benefit to installing EMET on my system. I have DEP only for a system setting, since ASLR and SEHOP is not available for XP.

Also, I did find a good reference Protecting your Windows PC with Microsoft EMET 2.1

In the meantime I have this...

You can apply SEHOP per application in XP. You just won't have it system wide.

[Tarnak]

Quote:

Originally Posted by m00nbl00d

You can apply SEHOP per application in XP. You just won't have it system wide.

Yes, I know, if you look at the link I referenced in my post above there is an image about a third of the way down that clearly indicates this.

Thanks!

P.S. I see you already posted that link > here earlier.

Edit: added P.S.

[funkydude]

Quote:

Originally Posted by Hungry Man

Yes, 64bit installs fine but it can't be used with a 32bit browser (at least I don't think?)

You can unpack the java installer and install from an .msi apparently.

Yes indeed, after installing the 64bit java I installed the 64bit flash beta and had them use the 64bit version of IE.

I will keep that msi trick in mind next time.

[Hungry Man]

Ah, I see.

Ie IE9's Javascript engine 64bit yet?

[funkydude]

No, maybe with IE10. But the person I did it for wouldn't care about 500ms extra js processing time.

[Konata Izumi]

Here is a .bat file to set most windows files in EMET protected applications.
I found this batch file on some old thread here in wilders. (i updated the commands -add changed to -set)

I havent experience crashes while using this.

change .txt to .bat (don't forget to run as admin and reboot after applying)

[1chaoticadult]

Quote:

Originally Posted by m00nbl00d

Oh... I remember that fellow... I used to use with Windows 98. There's been quite some time... I'll take a look at it again.

I just wish that PeaZip would actually be an alternative. It uses 7-zip core, though. That means no ASLR support either. I like its GUI, though. Too bad.

-edit-

By the way, for anyone interested, Elaborate Bytes Virtual CloneDrive also doesn't support ASLR. It loads a dll to Explorer. I'll try and see if I can send them an e-mail, rather than having to register in their forum. Would it really hurt to make use of these security technologies?

Found out Daemon Tools Lite has DEP and ASLR enabled for its exes and ASLR for its dlls.

[m00nbl00d]

Quote:

Originally Posted by 1chaoticadult

Found out Daemon Tools Lite has DEP and ASLR enabled for its exes and ASLR for its dlls.

Who knows if in a near future Virtual Clone Drive supports it.

[m00nbl00d]

-edit-

On the other hand, Spybot team still hasn't replied to my thread asking about ASLR support. I wonder if it would take them that long to provide an upgrade to the current stable Spybot version? Maybe yes, maybe no...

[1chaoticadult]

Quote:

Originally Posted by m00nbl00d

Who knows if in a near future Virtual Clone Drive supports it.

It would only benefit them.

Quote:

Originally Posted by m00nbl00d

-edit-

On the other hand, Spybot team still hasn't replied to my thread asking about ASLR support. I wonder if it would take them that long to provide an upgrade to the current stable Spybot version? Maybe yes, maybe no...

Probably no, because they are probably too lazy and its probably low priority, who knows

[1chaoticadult]

Did a scan of Online Armor 5.1 with Attack Surface Analyzer. Can download the report at the link below.

-http://www.megaupload.com/?d=UMXUNWCI-

[1chaoticadult]

Noticed this in Emsisoft Anti-Malware 6.0.0.33 changelog:

Feature #2448: Updates the context menu extension to no longer disable ASLR for processes it is loaded into.

[funkydude]

Quote:

Originally Posted by 1chaoticadult

Feature #2448: Updates the context menu extension to no longer disable ASLR for processes it is loaded into.

That's pretty funny to be honest. Good thing I have no need for such 3rd party software.

[1chaoticadult]

Quote:

Originally Posted by funkydude

That's pretty funny to be honest. Good thing I have no need for such 3rd party software.

I fail to see whats funny about it. I posted this as it was related to the discussion in this thread regardless if a person uses the software or not.

[funkydude]

Quote:

Originally Posted by 1chaoticadult

I fail to see whats funny about it. I posted this as it was related to the discussion in this thread regardless if a person uses the software or not.

A context menu entry.... disabling ASLR... it's hilarious. You know what a context menu entry is right?

[1chaoticadult]

Quote:

Originally Posted by funkydude

A context menu entry.... disabling ASLR... it's hilarious. You know what a context menu entry is right?

Are you serious of course know what a context menu entry is. I still don't see what's funny or hilarious about it. That was a silly question to ask me.

[Hungry Man]

I would say that it is very nearly so ridiculous that it's to the point of humor.

Quote:

Feature #2448: Updates the context menu extension to no longer disable ASLR for processes it is loaded into.

...as opposed to entry

[m00nbl00d]

I just gave a quick run to the latest Spybot 2.0 beta version, and for what I could see it does not support ASLR either. Isn't Spybot team aware of ASLR, at all?

[1chaoticadult]

Quote:

Originally Posted by m00nbl00d

I just gave a quick run to the latest Spybot 2.0 beta version, and for what I could see it does not support ASLR either. Isn't Spybot team aware of ASLR, at all?

Apparently not. And its not a priority it seems.

[m00nbl00d]

Quote:

Originally Posted by 1chaoticadult

Well I use WinRAR and it supports ASLR and its enabled. But of course its shareware and bought a license for it long ago

I still haven't tested it out (to see why I disliked it in the past), but I did download PowerArchiver and WinZip (both paid products), and only WinZip supports ASLR.

Both have pleasant GUIs, though. Not all is lost.

[Hungry Man]

I asked Tzuk to enable ASLR.

[1chaoticadult]

Quote:

Originally Posted by m00nbl00d

I still haven't tested it out (to see why I disliked it in the past), but I did download PowerArchiver and WinZip (both paid products), and only WinZip supports ASLR.

Both have pleasant GUIs, though. Not all is lost.

Hahaha. Well at least you found another archiver that supports ASLR.

[m00nbl00d]

Quote:

Originally Posted by 1chaoticadult

Hahaha. Well at least you found another archiver that supports ASLR.

Unfortunately, I may have seen what wasn't there. I was retesting Winzip moments ago, and while looking at Process Explorer, there was no ASLR.

I think I confused it with some other application offering ASLR, while looking at PE back then.

Sorry about it.

[1chaoticadult]

Quote:

Originally Posted by m00nbl00d

Unfortunately, I may have seen what wasn't there. I was retesting Winzip moments ago, and while looking at Process Explorer, there was no ASLR.

I think I confused it with some other application offering ASLR, while looking at PE back then.

Sorry about it.

No problem m00n , it happens.