Can Anyone Tell me What this Article is about

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Protecting your software (What is ASLR and DEP?) - http://www.microsoft.com/security/sir/strategy/default.aspx#!section_3_3
http://support.microsoft.com/kb/2909257

Wikipedia (ASLR) - http://en.wikipedia.org/wiki/Address_space_layout_randomization
"ASLR is a computer technique involved in protection from buffer overflow attacks..."

Developers/Programmers can add these mitigation technologies into their software, but most haven't (my assumption based on the existence of EMET by Microsoft). This is why some users have EMET installed, however it may break some software functionality. However, I believe EMET has a pre-configured list (ie. Skype, Office etc.) to offer maximum compatibility.

You can enable DEP within Windows, without the need for additional software.
Computer > System Properties > Advanced > Data Execution Prevention. By default, it's set as "Turn on DEP for essential Windows programs and services only". But you can also choose the option below, which with turn on DEP for all programs/services.

Untitled.png

Find out more about EMET - http://www.microsoft.com/emet
** EMET 5.0 supports Vista SP2 and higher.
 
  • Like
Reactions: phyniks

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
@Tony Cole I've not had any problems with it so far with the programs I use, but if a certain software stops working, then I recommend excluding them. EMET 5.0 supports Vista SP2 and higher, which has a lot more control and security enhancements. (I haven't EMET installed, so I cannot provide any more information about it).
 
  • Like
Reactions: phyniks

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Thank you Huracan for the advice! Sorry to ask another question, would it affect Kaspersky?
 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Try it, I use Windows Defender and haven't experience any issues. Let us know.
 

Tony Cole

Level 27
Verified
May 11, 2014
1,639
I have enabled it and will report back, I tried to exclude Kaspersky, but I was informed it could only run with DEP enabled
 

Cowpipe

Level 16
Verified
Well-known
Jun 16, 2014
781
DEP used to be pretty easily bypassed by chaining RETs together :p (See: Return Oriented Programming), I haven't done it for a couple of years though so not sure how relevant it is today. ASLR is tougher although I've used NOP spraying in the past to overcome it, though RET overwriting is more reliable ;)

Again I've not designed exploits for a few years so not sure how relevant these exploits are today but it just goes to show that you can't rely solely on built in Windows defences (at least in my opinion, it's unwise).
 
  • Like
Reactions: phyniks

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top