Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: dax123 on July 19, 2010, 12:00:39 AM
-
ASLR/DEP feature is not activated to AvastUI.exe
can't it be enabled? ???
(http://img594.imageshack.us/img594/6899/58301583.png)
-
Got no answer..!!??
Try it here: http://www.avast.com/contacts
asyn
-
I would like to have ASLR/DEP in Avast too.
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html
-
You have to be running process explorer (if that is what you are using) as an administrator group user to be able to see if DEP/ASLR is being used, there are by all accounts differences in what OS you are using, XP or Vista, etc.
See image example from process explorer, first part of the image if Vista and the second part is XP, the third part relates to ASLR for avast .dlls and is on Vista as I don't believe ASLR is available with XP.
So Vista avastUI doesn't appear to be running DEP, yet on my XP Pro system avastUI it is running under DEP, I don't know why this is as the Vista images have been captured from another location as I don't use Vista.
-
Well, avastUI.exe is just an interface, so even if it's not protected, i don't think much can happen to it. But it might be something else.
-
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled
There is some other items with DEP enabled, etc 18 for microsoft and Firefox has DEP (Permanent)
Cheers
-
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled
Did you run it as admin..?
asyn
-
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled
Did you run it as admin..?
asyn
Thanks for your reply
Yes
Thought i would ad a attachment
-
news from the h security "Anti-virus software does not make full use of Windows exploit protection features":
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html
so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?
-
Did you plan to integrate this feature in future AVAST Home?
What version of Avast are you using?
-
Did you plan to integrate this feature in future AVAST Home?
What version of Avast are you using?
Avast Home
-
I am referring to Avast 4.0 or 5.0. Then, what version do you have? Version 5.0.594 is the current version.
-
I am referring to Avast 4.0 or 5.0. Then, what version do you have? Version 5.0.594 is the current version.
Of cause the latest avast home version 5.0.594
-
To clarify for you, the version you have is now called the Avast Free version (5.0.594). As for answering your question, there have been some responses above in the thread. Should you want additional responses, you are welcome to contact Avast: http://www.avast.com/contacts (http://www.avast.com/contacts) for further clarification if you are having a technical issue that requires a ticket.
-
news from the h security "Anti-virus software does not make full use of Windows exploit protection features":
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html
so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?
Many of us suspect that the report relates to avast 4.8 Home and since avast 5.0 there is no avast Home, but avast Free, so the terminology is a key factor here as that is the only indication as to what version was used in the test.
If you expand the image I posted you will see that in the case of avast 5.0 on XP or Vista there are certainly areas where avast is using DEP and in some cases ASLR also.
There is however some disparity even between the same OS XP SP3 as some are showing DEP used yet others aren't. Now as far as I'm aware DEP is also hardware dependant and I don't know if AMD processors are fully DEP enabled. There is also that wrinkle about what analysis tool you are using (process explorer) and if you are running it as Admin, etc. So those may be other areas where there will be disparity between different user systems.
-
<snip>
Thanks for your reply
Yes
Thought i would ad a attachment
Thanks for the 'small' attachment ;D
If you play with the Process Explorer, 'Process' column heading you will see some differences in the results as the column (my small image attachment), aside from changing the ordering it is also a toggle for different views.
So why my system with the same OS, XP Pro SP3 and avast 5.0 free shows DEP for both avastUI and avastSvc yet yours doesn't is beyond me.
-
Hi all....
Was there something you had to enable in Process Explorer to see this information? My copy doesn't and I'm running as an administrator. ???
Regards...
-
Only in the columns that are viewed if you don't have that category selected then there will be no corresponding column.
-
There is however some disparity even between the same OS XP SP3 as some are showing DEP used yet others aren't. Now as far as I'm aware DEP is also hardware dependant and I don't know if AMD processors are fully DEP enabled. There is also that wrinkle about what analysis tool you are using (process explorer) and if you are running it as Admin, etc. So those may be other areas where there will be disparity between different user systems.
There is a small utility available to determine hardware DEP capability.
http://www.grc.com/securable.htm (http://www.grc.com/securable.htm)
Modern processors incorporate features beneficial to
security. SecurAble displays the status of the three
most significant security-related processor features:
SecurAble probes the system's processor to determine the presence, absence and operational status of three modern processor features:
* 64-bit instruction extensions,
* Hardware support for detecting and preventing
the execution of code in program data areas, ... and
* Hardware support for system resource “virtualization.”
-
That's a pretty old tool just over two years old, ancient in terms of processor development so I though it wouldn't recognise the later AMD/Intel CPUs; though it does seem to do that.
-
My machine is older than the program. Perhaps someone with an I7 processor installed could test Securable and report if it's valid for newer processors.
-
Mine is less than two years and the intel Core2Duo E8300 is less than two years old I believe and it was able to detect that correctly and say that Hardware DEP is disabled on my system (I need to check out the BIOS settings), so only software DEP protection.
-
Look for some feature with NX bit or No-execute bit in the BIOS.
Are you sure that DEP is in opt-in mode on your system? I ask because I do remember looking at Avast in procexp and it did not see it use DEP and because I highly doubt that the guy that programmed ClocX would bother to use DEP...
-
I I did opt-in on the software DEP in the OS some time ago (see image) as virtually all of the processes in my process explorer list are DEP, the exceptions are the ones that aren't only 3 of them.
I have only 2 that are DEP (permanent) Firefox and the Plugin Container for Firefox.
-
Ah, there it is. That is why Avast shows as using DEP. I guess as long as apps do not act badly with this setting it's certainly worth keeping it that way.
-
Well I don't have any BSODs or any unexplained behaviour.
-
Thanks DavidR
Sorry for the large attachment.
it is also a mystery to me, why DEP doesn't show on my system for Avast.
Cheers
-
Well if you read the last few posts, it may be that I'm forcing it to be used by my selection of the software DEP protection for all applications (my last image posted).
-
Well if you read the last few posts, it may be that I'm forcing it to be used by my selection of the software DEP protection for all applications (my last image posted).
Thanks DavidR
I did read the last few posts, but i am not the "sharpest tool in the shed".
I will go and check it out.
Cheers
Edit: Took me a couple of minutes on Google to find where to go to change (dep) settings. :-[
So now dep is showing on (AvastSvc.exe and also AvastUI.exe.)
Thanks once again DavidR
Cheers
-
Only in the columns that are viewed if you don't have that category selected then there will be no corresponding column.
Hi David...
Got it, thank you! :)
Regards...
-
Took me a couple of minutes on Google to find where to go to change (dep) settings. :-[
So now dep is showing on (AvastSvc.exe and also AvastUI.exe.)
Since others, I'm sure will be wanting to know how to do this, perhaps you can share your knowledge with others who need their shears sharpened. ;) Thanks.
-
Took me a couple of minutes on Google to find where to go to change (dep) settings. :-[
So now dep is showing on (AvastSvc.exe and also AvastUI.exe.)
Since others, I'm sure will be wanting to know how to do this, perhaps you can share your knowledge with others who need their shears sharpened. ;) Thanks.
I find a whetstone is good for my shears ;)
Here is a link to the site i went to:
http://techblissonline.com/enable-disable-dep-in-windows-xp-vista/ (http://techblissonline.com/enable-disable-dep-in-windows-xp-vista/)
I just changed it from (Turn on DEP for essential Windows programs and services only) to “Turn on DEP for all programs and services except those I select:”
Then i rebooted the computer:
Cheers :)
-
Thanks Crofty for the information. ;)
-
Well if you read the last few posts, it may be that I'm forcing it to be used by my selection of the software DEP protection for all applications (my last image posted).
Thanks DavidR
<snip>
Edit: Took me a couple of minutes on Google to find where to go to change (dep) settings. :-[
So now dep is showing on (AvastSvc.exe and also AvastUI.exe.)
Thanks once again DavidR
You're welcome, so now you have a little more reassurance, though I have to admit I haven't a clue as to how this really impacts on avast.
Only in the columns that are viewed if you don't have that category selected then there will be no corresponding column.
Hi David...
Got it, thank you! :)
You're welcome.
-
Mine is less than two years and the intel Core2Duo E8300 is less than two years old I believe and it was able to detect that correctly and say that Hardware DEP is disabled on my system (I need to check out the BIOS settings), so only software DEP protection.
Is your WinXP ProSP3 64bit? See the Securable site near the bottom of the page. Some processors are able to 'mask' their capabilities. Shortened quote below.
So if SecurAble displays “OFF?” it believes that the system may have hardware DEP capabilities that are being suppressed by the BIOS or the operating system, but that it is unable to verify this due to the limitations of the environment in which is it running.
-
No it is 32 bit, XP Pro SP3 can't be 64bit as the XP Pro 64bit version is bases on windows server 2003 and only has up to SP2 released.
-
No it is 32 bit, XP Pro SP3 can't be 64bit as the XP Pro 64bit version is bases on windows server 2003 and only has up to SP2 released.
The sad thing is that I knew this, having had to check in a different forum just a few days ago. Not enough coffee yet, I guess. :-[
-
I have been off the coffee for a long time and decaff when I do ;D
-
Here is a link to the site i went to:
http://techblissonline.com/enable-disable-dep-in-windows-xp-vista/ (http://techblissonline.com/enable-disable-dep-in-windows-xp-vista/)
I just changed it from (Turn on DEP for essential Windows programs and services only) to “Turn on DEP for all programs and services except those I select:”
Then i rebooted the computer:
Cheers :)
That works for Windows 7 as well :)
-
You're welcome, so now you have a little more reassurance, though I have to admit I haven't a clue as to how this really impacts on avast.
True, but I also needed it enabled for another security product that does use it. Upon checking, it actually was enabled, so I was all set anyway. Good to know. Thanks. ;)