- Apr 25, 2013
- 5,355
An Internet security suite provides full system protection, employing all available protection technologies. But what about the self-protection of the system protectors? Do they use protection technologies such as DEP and ASLR for their own use? AV-TEST examined 32 applications to find out.
The experts from AV-TEST looked under the hood of 24 security suites and 8 corporate security solutions in October 2014 to see whether they are already using ASLR and DEP. For this check, 32- and 64-bit files were evaluated separately.
The somewhat cryptic terms ASLR and DEP stand for:
ASLR or Address Space Layout Randomization stands for a shuffling of memory sectors, making it more difficult to exploit security gaps in computer systems. Using ASLR, stack addresses are randomly allocated to applications. This is intended to prevent, or at least impede, attacks via a buffer overflow.
DEP or Data Execution Prevention is also referred to as NX-Bit (No eXecute). The protection is already based on the hardware. Chip producers AMD and Intel have already been implementing this technology for ten years under the proprietary names of EVP and XD-Bit in all their processors. It is intended to prevent programs from executing random data as programs and thus launching malicious code in this manner.
Consumer Products: not everyone uses additional protection
The laboratory performed the tests segregated according to products for consumers and for business. For the Internet security suites catering to consumers, a total of 24 products were examined and also listed separately according to 32 and 64 bits. The only products that use ASLR and DEP 100 percent are from ESET (consumer) and Symantec (business). Avira, G Data, McAfee and AVG (both products) deploy the additional protection 100 percent only in the 64-bit files of their product. For the 32-bit version, the value varies between 90 and nearly 100 percent.
In total, half of all security packages rely over 90 percent on the use of ASLR and DEP. Afterwards the use declines in steps of roughly 10 percent from product to product, down to the smallest value of some 5 percent. In one instance, involving Kingsoft, usage was even 0 percent for 64-bit files.
With many 64-bit files, regardless of ASLR or DEP, the use of the security technology is higher than for 32-bit files. But there was no apparent rule.
Business Products: high percentage of use
For corporate solutions, manufacturers rely much more heavily on the additional self-protection of ASLR and DEP. Only Symantec consistently uses the protection 100 percent. Sophos only for its 64-bit files. Sophos points out, however, that among its 32-bit files a large number of the unprotected files are DLLs, which only contain data and thus do not pose any risk. If we add together the 32- and 64-bit values for each product, the use in 6 out of 8 products is between 81.5 up to more than 97 percent. Trend Micro is the only one that doesn't rely on this technology and thus implements ASLR and DEP in just under 19 percent of its PE files.
Overall it is clear: the self-protection is used more often in 64-bit files than in 32-bit files. However, this is only a trend and not a rule.
Full Article
The experts from AV-TEST looked under the hood of 24 security suites and 8 corporate security solutions in October 2014 to see whether they are already using ASLR and DEP. For this check, 32- and 64-bit files were evaluated separately.
The somewhat cryptic terms ASLR and DEP stand for:
ASLR or Address Space Layout Randomization stands for a shuffling of memory sectors, making it more difficult to exploit security gaps in computer systems. Using ASLR, stack addresses are randomly allocated to applications. This is intended to prevent, or at least impede, attacks via a buffer overflow.
DEP or Data Execution Prevention is also referred to as NX-Bit (No eXecute). The protection is already based on the hardware. Chip producers AMD and Intel have already been implementing this technology for ten years under the proprietary names of EVP and XD-Bit in all their processors. It is intended to prevent programs from executing random data as programs and thus launching malicious code in this manner.
Consumer Products: not everyone uses additional protection
The laboratory performed the tests segregated according to products for consumers and for business. For the Internet security suites catering to consumers, a total of 24 products were examined and also listed separately according to 32 and 64 bits. The only products that use ASLR and DEP 100 percent are from ESET (consumer) and Symantec (business). Avira, G Data, McAfee and AVG (both products) deploy the additional protection 100 percent only in the 64-bit files of their product. For the 32-bit version, the value varies between 90 and nearly 100 percent.
In total, half of all security packages rely over 90 percent on the use of ASLR and DEP. Afterwards the use declines in steps of roughly 10 percent from product to product, down to the smallest value of some 5 percent. In one instance, involving Kingsoft, usage was even 0 percent for 64-bit files.
With many 64-bit files, regardless of ASLR or DEP, the use of the security technology is higher than for 32-bit files. But there was no apparent rule.
Business Products: high percentage of use
For corporate solutions, manufacturers rely much more heavily on the additional self-protection of ASLR and DEP. Only Symantec consistently uses the protection 100 percent. Sophos only for its 64-bit files. Sophos points out, however, that among its 32-bit files a large number of the unprotected files are DLLs, which only contain data and thus do not pose any risk. If we add together the 32- and 64-bit values for each product, the use in 6 out of 8 products is between 81.5 up to more than 97 percent. Trend Micro is the only one that doesn't rely on this technology and thus implements ASLR and DEP in just under 19 percent of its PE files.
Overall it is clear: the self-protection is used more often in 64-bit files than in 32-bit files. However, this is only a trend and not a rule.
Full Article
