Security software can reduce effectiveness of DEP/ASLR

Oh, yes. Well I can already assume those issues just as I can with EMET. Unfortunately there isn't much I can do in a lot of cases.

Ironically we are forced to implement FURTHER security software (ie: somethign like sandboxie) to somehow mitigate the increased attack surface, all the while still increasing our attack surface by adding sandboxie

 

It's in their best interests to keep the OS secure - that means having Dev's focus on getting it to actually work.

I doubt MS will spend much on a shiny and attractive UI for a program that's aimed at software engineers lol

 

I would prefer it that way lol. I would rather have the focus be on functionality then putting most of their efforts into a shiny UI.

 

You could ask Tzuk why he doesn't make Sandboxie support ASLR...

After all, Sandboxie does inject DLL (SbieDLL.dll) into processes, including the web browser.

One of the reasons why I no longer sandbox Chromium. Low IL suffices.

 

Eh, no point asking. If I really really care about security and attack surface I'd move to linux, which would move all security to the kernel for me.

 

LOL just do it, you know you want to

 

I'm not sure how it would help - if at all with the driver. I don't know enough abuot what the driver does.

 

LOL Hungry I wasn't serious although but it is an option. I already have my reasons why I don't use Linux but that's another issue.

 

Oh I certainly have my reasons for it =p I hate most linux-based OS's

 

LMAO Hungry. Hate is a strong word

 

I never said explorer.exe is IE, I said I added explorer.exe, IE and FF in EMET(meaning I added explorer.exe, iexplore.exe and firefox.exe)

btw, if the DLL is loaded into explorer.exe or other process by the 3rd party security product, wouldn't you need to add the 3rd party's process that loads that DLL into explorer.exe into EMET in order to protect that DLL?

 

No. Only the target program that has been injected needs to be added to EMET. I'm not sure why you'd add explorer.exe, does that even work?

 

Re - EMET & ASLR

You might like to take a look at these

*

*

 

Yeah I'd read those. Great articles.

 

Because all these 3rd party security programs are also loading DLL's without ASLR into explorer.exe. No crashes so far after adding explorer.exe.

 

Thanks for the info.

 

Perhaps instead of using EMET to add more to explorer.exe you should cut the problem off at the source and stop those programs from touching it to begin with?

 

Look in the mirror sir..or more like at your own pc.

 

I don't know any programs that I use that also load .dll's up into explorer.exe.

 

Do you use something like 7-zip, etc? Did you install with the option (if given, at all) to add context menu? If so, then it loads a dll to explorer.exe.

Let's face it, context menu makes it convenient for us to work with it.

 

If you say so.

 

Ah, I do have 7zip.

Like I said, I didn't know of any =p

But if I were worried about the security issues of that I'd probably just remove it. But everyone has their own methods.

 

Then your previous statement to BoerenkoolMetWorst should apply to not only the person you are stating to but you as well, otherwise whats the point then?

 

It does apply to me.

 

Then according to you, you should cut off the problem at the source. Then you should be removing any program that does this. Thats why I don't get your statement.