Security software can reduce effectiveness of DEP/ASLR

You can apply SEHOP per application in XP. You just won't have it system wide.

 

Yes, I know, if you look at the link I referenced in my post above there is an image about a third of the way down that clearly indicates this.

Thanks!

P.S. I see you already posted that link > here earlier.

Edit: added P.S.

 

Yes indeed, after installing the 64bit java I installed the 64bit flash beta and had them use the 64bit version of IE.

I will keep that msi trick in mind next time.

 

Ah, I see.

Ie IE9's Javascript engine 64bit yet?

 

No, maybe with IE10. But the person I did it for wouldn't care about 500ms extra js processing time.

 

Here is a .bat file to set most windows files in EMET protected applications.
I found this batch file on some old thread here in wilders. (i updated the commands -add changed to -set)

I havent experience crashes while using this.

change .txt to .bat (don't forget to run as admin and reboot after applying)

 

Found out Daemon Tools Lite has DEP and ASLR enabled for its exes and ASLR for its dlls.

 

Who knows if in a near future Virtual Clone Drive supports it.

 

-edit-

On the other hand, Spybot team still hasn't replied to my thread asking about ASLR support. I wonder if it would take them that long to provide an upgrade to the current stable Spybot version? Maybe yes, maybe no...

 

It would only benefit them.

Probably no, because they are probably too lazy and its probably low priority, who knows

 

Did a scan of Online Armor 5.1 with Attack Surface Analyzer. Can download the report at the link below.

-http://www.megaupload.com/?d=UMXUNWCI-

 

Noticed this in Emsisoft Anti-Malware 6.0.0.33 changelog:

Feature #2448: Updates the context menu extension to no longer disable ASLR for processes it is loaded into.

 

That's pretty funny to be honest. Good thing I have no need for such 3rd party software.

 

I fail to see whats funny about it. I posted this as it was related to the discussion in this thread regardless if a person uses the software or not.

 

A context menu entry.... disabling ASLR... it's hilarious. You know what a context menu entry is right?

 

Are you serious of course know what a context menu entry is. I still don't see what's funny or hilarious about it. That was a silly question to ask me.

 

I would say that it is very nearly so ridiculous that it's to the point of humor.

 

...as opposed to entry

 

I just gave a quick run to the latest Spybot 2.0 beta version, and for what I could see it does not support ASLR either. Isn't Spybot team aware of ASLR, at all?

 

Apparently not. And its not a priority it seems.

 

I still haven't tested it out (to see why I disliked it in the past), but I did download PowerArchiver and WinZip (both paid products), and only WinZip supports ASLR.

Both have pleasant GUIs, though. Not all is lost.

 

I asked Tzuk to enable ASLR.

 

Hahaha. Well at least you found another archiver that supports ASLR.

 

Unfortunately, I may have seen what wasn't there. I was retesting Winzip moments ago, and while looking at Process Explorer, there was no ASLR.

I think I confused it with some other application offering ASLR, while looking at PE back then.

Sorry about it.

 

No problem m00n , it happens.