processor anti-execute protection from malicious code

Discussion in 'other anti-malware software' started by chris2busy, Jan 31, 2008.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    DEP backdoor
    More here :)
     
    lucas1985, Feb 3, 2008
    #26
  2. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Which means setting DEP to AlwaysOn, not OptOut. There are no exceptions possible in this mode, and even if you don't have exceptions in OptOut, AlwaysOn is still safer. The second link in Lucas post explains this.

    One has to edit the boot.ini for AlwaysOn (followed by a reboot), and then see some programs not open. The big name for me was Opera, i completely stopped using it i'm afraid.
     
    Pedro, Feb 3, 2008
    #27
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    I´m not sure what´s going on, but lately I´ve been getting a couple of unexpected DEP alerts (about SnagIt, Maxthon and Gadwin Printscreen), I´m not sure if they were false positives or not, but interesting was that Comodo Memory Firewall didn´t make a sound.
     
    Rasheed187, Feb 12, 2008
    #28
  4. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    If i recall Ilya correctly, there are just some programs badly coded that violate DEP parameters, sort of speak. The programs, or just some extension.
     
    Pedro, Feb 13, 2008
    #29
  5. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    The problem with CMF is that it do not make stack and heap areas non-executable.
     
    Ilya Rabinovich, Feb 14, 2008
    #30
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    Thanks for the info Ilya, I totally forget that you´re the make of an anti BO tool yourself, so that´s why you know so much about this stuff. But what are you saying, that CMF isn´t really that powerful, or is it still useful?
     
    Rasheed187, Feb 17, 2008
    #31
  7. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    It is useful in order to provide some kind of ASLR protection. Other its protective staff is about 'call function' analize and can be bypassed.
     
    Ilya Rabinovich, Feb 23, 2008
    #32
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    Thanks for the feedback. From what I´ve been reading, I get the general impression that eventhough CMF is not THE ultimate anti BO tool, it might still actually be useful, and might still stop certain BO attacks, combined with hardware DEP. Btw, wouldn´t ASLR cause trouble on XP? I know a while back, some of us tried WehnTrust, and it caused problems. To my surprise, CMF seems to be running just fine with all my other tools.
     
    Rasheed187, Feb 24, 2008
    #33
  9. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    No, there should be no problems at all because of ASLR. As about WehnTrust- it is written poor way, too many bugs within :)
     
    Ilya Rabinovich, Feb 25, 2008
    #34
  10. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    17,559
    Location:
    The Netherlands
    Rasheed187, Mar 5, 2008
    #35
  11. Ilya Rabinovich

    Ilya Rabinovich Developer

    Joined:
    Sep 13, 2005
    Posts:
    1,543
    I don't know about it too much.
     
    Ilya Rabinovich, Mar 6, 2008
    #36
Page 2 of 2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...