The reasons I downgraded from 64 bits Vista to 32 bits long ago: it seemed a useless increase of attack surface with so little 64 bits applications available (at that time). Also the disk access was 32bits so system bus was a 32 bits bottleneck also. When I ran 32 bits OS I discovered an performance increase of my cheap dual core pentium (maybe because the small secondary cache doubled in capacity by reducing the register size by half?).
They are doing things way too difficult. For 32-bit processes easier methods for bypassing EMET's anti-ROP mitigations exist. Furthermore, I don't know whether EAF+ is actually active in there exploit demo (even though its box is checked). If I look at the default flash exploitation framework of MSF then I do not see any code that allows for an EAF+ bypass.
As long as your using a x64 browser on a x64 OS, you should be fine. The soft spot, the researchers said, is the Windows on Windows, or WoW64, Windows subsystem that allows 32-bit software to run on 64-bit Windows machines. A sizeable sample of Duo customers shows some disturbing numbers in terms of vulnerable users. For example, 80 percent of browsers in the researchers’ sample size were 32-bit processes executing on a 64-bit host running WOW64, putting them all at risk.
@Windows_Security I would gladly downgrade from 64bit to 32bit just to use Windows Defender again. But I just don't want to throw away 12 GB of my RAM
Have you checked how many times, you post "there are easier ways to exploit/bypass etc ...." (often followed with "not to be discussed here") Maybe you should put your money where your mouth is and show the researchers of Duo Security (a bunch of amateurs apparently) how it is done
Can understand that, just running a G3240 Pentium with 4GB RAM (of which 3.4 usable. but memory usage never peaks over 1.7 GB as far as I know)
@Windows_Security See what itman says above. The problem is 32-bit apps on 64-bit Windows. Note, browsers and other vulnerable programs should really be 64-bit native binaries where possible. The much larger address space makes some attacks more difficult. Edit: @Minimalist Why on Earth would you want to use Windows Defender?!
I'm not Minimalist but why not? It may not be the "best" but is actually pretty decent coupled with an up-to-date system.
And the reason I never upgraded to 64-bit in the first place, especially the latter part (so little 64-bit support). The only reason to ever have that much RAM (i.e. 16 GB) is for modern PC gaming. If you're just using your box for normal use it's pointless. You'll never use that much. I have a setup that uses 16 GB of RAM just for gaming on Win7 Ult. x64, with a Core i5 CPU. When I go back to using my Inspiron 530 using x86 XP Pro w/ 3.25 (readable) RAM and a Core 2 Duo CPU it blows it out of the water.
I actually found that it's lighter on my Win7 Ult. x86 setup to just disable Windows Defender and use Emsisoft AM. And it's certainly more dependable.
@safeguy My own experience is that Defender generates very large amounts of disk I/O on Windows 7. If you do software development, web design, systems administration, etc. it's useful for virtualization. Generally agreed though, most users do not need that much RAM.
Yes you're right. I'm sorry for wrong naming. Malware Defender is the one I would really want to use Windows Defender - no thanks.
haha lol. I had a feeling. You have always favored HIPS software . I was wondering why a sane person would want to revert to 32 bit just to run Windows Defender lol.
(1) Yes, very little 64 bits programs existed when Vista 64 bits was launched. Ridiculous attack surface duplication still exists in latest 64 bits Wndows OS-ses. On 32 bits OS you only have to block a few 16bits backward compatibility programs and your done. (2) Do you define vulnarable as internet facing (A) or processing rich content (B) ad A: that is do-able on 64 bits ad B: wish you luck on corporate installs (office etc mostly 32 bits), see offical M$ advisory I have DEP forced for Office through this registry tweak (and have SEHOP, ASLR, Heap Termination on Corruption and Untrusted fonts protection also enabled)
