SOURCE: http://www.av-test.org/en/news/news-single-view/self-protection-for-antivirus-software/
AV-TEST has dealt the problem by conducting an interesting analysis. Attention: we are dealing with the security of antivirus software and not their validity in detecting malware. AV-TEST has been looking at a sample consisting of 32 software intended for the consumer world and the professional, continuing sessions different analysis of release a 32 and 64 bit.
The attention of AV-TEST has been given to verify how to implement security in software technologies and DEP, ASLR technology developed for the past ten years but still able to provide a first level of protection for specific problems.
ASLR-Address-Space Layout Randomization -is a technology that assigns resources to different portions of RAM to be used: this assignment is random so it's extremely difficult to know which code can be found in a specific piece of memory. This feature tends to prevent buffer overflow attacks and avoid all situations where the default access memory areas can become dangerous.
DEP- Data Execution Prevention-is a set of technologies implemented by Intel and AMD help protect against exploits and buffer overflow problems. DEP defines which memory regions can contain executable code or less so for example, if you attempt to run this code in a portion designated as not executable-this action is blocked. For completeness I report that DEP technologies have been improved and optimized over time from major brand IT.
Having now clear how they work in principle, DEP and ASLR back now to deal with the AV-TEST. The data collected showed that just 32 and 64 bit Eset Smart Security 8 and Symantec Endpoint Protection effectively use DEP and ASLR. In the case of Avira, Norton, G Data, McAfee and AVG DEP and ASLR are implemetati in 64-bit versions in a percentage above 90%.
The analysis of AV-TEST has covered the .exe, .dll, .sys and drv and on property of these elements has been verified using DEP and ASLR. So here's a summary table in which AV-TEST shows the data collected.
The results indicate that for about half of the security solutions covered DEP and ASLR are used for more than 90%, but there are also products for which the percentage of use of the technologies in question is decidedly low. The adoption rate also varies significantly by comparing versions at 32 or 64 bits of the same software solution but there are useful elements to justify this correlation.
The data in the table and about professional products show a situation better than that observed for the consumer sector. AV-TEST is exceeded in its analysis by sending data to individual software vendors and asking them details about the failure to adopt DEP and ASLR.
By the software house these potentially worrying values are justified in various ways: first indicated the incompatibility of DEP and ASLR with some libraries used, and indicate incompatibility with these technologies with regard to security technologies of owning type.
It seems difficult to assess the consistency of these claims and we are faced with a common situation that repeatedly has created important threads: DEP and ASLR are consolidated and open technologies that are not employed by choice or by necessity in favor of proprietary solutions. AV-TEST concludes its analysis by stressing as ASLR and DEP should be seen as additional options available, certainly not infallible but options can complicate the realization of specific attacks.
Regards
AV-TEST has dealt the problem by conducting an interesting analysis. Attention: we are dealing with the security of antivirus software and not their validity in detecting malware. AV-TEST has been looking at a sample consisting of 32 software intended for the consumer world and the professional, continuing sessions different analysis of release a 32 and 64 bit.
The attention of AV-TEST has been given to verify how to implement security in software technologies and DEP, ASLR technology developed for the past ten years but still able to provide a first level of protection for specific problems.
ASLR-Address-Space Layout Randomization -is a technology that assigns resources to different portions of RAM to be used: this assignment is random so it's extremely difficult to know which code can be found in a specific piece of memory. This feature tends to prevent buffer overflow attacks and avoid all situations where the default access memory areas can become dangerous.
DEP- Data Execution Prevention-is a set of technologies implemented by Intel and AMD help protect against exploits and buffer overflow problems. DEP defines which memory regions can contain executable code or less so for example, if you attempt to run this code in a portion designated as not executable-this action is blocked. For completeness I report that DEP technologies have been improved and optimized over time from major brand IT.
Having now clear how they work in principle, DEP and ASLR back now to deal with the AV-TEST. The data collected showed that just 32 and 64 bit Eset Smart Security 8 and Symantec Endpoint Protection effectively use DEP and ASLR. In the case of Avira, Norton, G Data, McAfee and AVG DEP and ASLR are implemetati in 64-bit versions in a percentage above 90%.
The analysis of AV-TEST has covered the .exe, .dll, .sys and drv and on property of these elements has been verified using DEP and ASLR. So here's a summary table in which AV-TEST shows the data collected.
The results indicate that for about half of the security solutions covered DEP and ASLR are used for more than 90%, but there are also products for which the percentage of use of the technologies in question is decidedly low. The adoption rate also varies significantly by comparing versions at 32 or 64 bits of the same software solution but there are useful elements to justify this correlation.
The data in the table and about professional products show a situation better than that observed for the consumer sector. AV-TEST is exceeded in its analysis by sending data to individual software vendors and asking them details about the failure to adopt DEP and ASLR.
By the software house these potentially worrying values are justified in various ways: first indicated the incompatibility of DEP and ASLR with some libraries used, and indicate incompatibility with these technologies with regard to security technologies of owning type.
It seems difficult to assess the consistency of these claims and we are faced with a common situation that repeatedly has created important threads: DEP and ASLR are consolidated and open technologies that are not employed by choice or by necessity in favor of proprietary solutions. AV-TEST concludes its analysis by stressing as ASLR and DEP should be seen as additional options available, certainly not infallible but options can complicate the realization of specific attacks.
Regards
