Spawn

Administrator
Verified
Staff member
Protecting your software (What is ASLR and DEP?) - http://www.microsoft.com/security/sir/strategy/default.aspx#!section_3_3
http://support.microsoft.com/kb/2909257

Wikipedia (ASLR) - http://en.wikipedia.org/wiki/Address_space_layout_randomization
"ASLR is a computer technique involved in protection from buffer overflow attacks..."

Developers/Programmers can add these mitigation technologies into their software, but most haven't (my assumption based on the existence of EMET by Microsoft). This is why some users have EMET installed, however it may break some software functionality. However, I believe EMET has a pre-configured list (ie. Skype, Office etc.) to offer maximum compatibility.

You can enable DEP within Windows, without the need for additional software.
Computer > System Properties > Advanced > Data Execution Prevention. By default, it's set as "Turn on DEP for essential Windows programs and services only". But you can also choose the option below, which with turn on DEP for all programs/services.

Untitled.png

Find out more about EMET - http://www.microsoft.com/emet
** EMET 5.0 supports Vista SP2 and higher.
 
  • Like
Reactions: phyniks

Spawn

Administrator
Verified
Staff member
@Tony Cole I've not had any problems with it so far with the programs I use, but if a certain software stops working, then I recommend excluding them. EMET 5.0 supports Vista SP2 and higher, which has a lot more control and security enhancements. (I haven't EMET installed, so I cannot provide any more information about it).
 
  • Like
Reactions: phyniks

Spawn

Administrator
Verified
Staff member
Try it, I use Windows Defender and haven't experience any issues. Let us know.
 

Tony Cole

Level 27
I have enabled it and will report back, I tried to exclude Kaspersky, but I was informed it could only run with DEP enabled
 

Cowpipe

New Member
DEP used to be pretty easily bypassed by chaining RETs together :p (See: Return Oriented Programming), I haven't done it for a couple of years though so not sure how relevant it is today. ASLR is tougher although I've used NOP spraying in the past to overcome it, though RET overwriting is more reliable ;)

Again I've not designed exploits for a few years so not sure how relevant these exploits are today but it just goes to show that you can't rely solely on built in Windows defences (at least in my opinion, it's unwise).
 
  • Like
Reactions: phyniks