Author Topic: ASLR/DEP disabled to AvastUI.exe  (Read 15398 times)

0 Members and 1 Guest are viewing this topic.

Offline dax123

  • Newbie
  • *
  • Posts: 4
ASLR/DEP disabled to AvastUI.exe
« on: July 19, 2010, 12:00:39 AM »
ASLR/DEP feature is not activated to AvastUI.exe
can't it be enabled?  ???


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 62945
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #1 on: July 24, 2010, 09:01:57 PM »
Got no answer..!!??
Try it here: http://www.avast.com/contacts
asyn
Windows 8.1 [x64] - Avast PremSec 20.1.2397.BC [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82573
  • No support PMs thanks
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #3 on: August 04, 2010, 05:45:54 AM »
You have to be running process explorer (if that is what you are using) as an administrator group user to be able to see if DEP/ASLR is being used, there are by all accounts differences in what OS you are using, XP or Vista, etc.

See image example from process explorer, first part of the image if Vista and the second part is XP, the third part relates to ASLR for avast .dlls and is on Vista as I don't believe ASLR is available with XP.

So Vista avastUI doesn't appear to be running DEP, yet on my XP Pro system avastUI it is running under DEP, I don't know why this is as the Vista images have been captured from another location as I don't use Vista.
« Last Edit: August 04, 2010, 05:55:38 AM by DavidR »
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4257.552) UI-1.0.440/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9303
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #4 on: August 04, 2010, 06:55:51 AM »
Well, avastUI.exe is just an interface, so even if it's not protected, i don't think much can happen to it. But it might be something else.
Visit my webpage RejZoR's Flock of Sheep

crofty59

  • Guest
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #5 on: August 04, 2010, 08:06:36 AM »
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled

There is some other items with DEP enabled, etc 18 for microsoft and Firefox has DEP (Permanent)

Cheers

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 62945
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #6 on: August 04, 2010, 08:23:09 AM »
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled

Did you run it as admin..?
asyn
Windows 8.1 [x64] - Avast PremSec 20.1.2397.BC [UI.460] - CC 5.63 - EEK - Firefox ESR 68.5 [NS/AOS/uBO/PB] - TB 68.5 - ASB/ASL.B
Deutschsprachiger Bereich -> Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

crofty59

  • Guest
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #7 on: August 04, 2010, 08:27:44 AM »
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled

Did you run it as admin..?
asyn

Thanks for your reply
Yes

Thought i would ad a attachment
« Last Edit: August 04, 2010, 08:39:37 AM by crofty59 »

Offline zivilist

  • Full Member
  • ***
  • Posts: 126
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #8 on: August 04, 2010, 10:34:24 AM »
news from the h security "Anti-virus software does not make full use of Windows exploit protection features":
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?
« Last Edit: August 04, 2010, 10:36:44 AM by zivilist »
OS: Windows 7 Professional x64, OS X 10.8.3
Avast Free (for Mac and Windows)

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5203
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #9 on: August 04, 2010, 10:41:19 AM »
Did you plan to integrate this feature in future AVAST Home?
What version of Avast are you using?
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline zivilist

  • Full Member
  • ***
  • Posts: 126
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #10 on: August 04, 2010, 10:53:35 AM »
Did you plan to integrate this feature in future AVAST Home?
What version of Avast are you using?
Avast Home
OS: Windows 7 Professional x64, OS X 10.8.3
Avast Free (for Mac and Windows)

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5203
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #11 on: August 04, 2010, 10:55:05 AM »
I am referring to Avast 4.0 or 5.0.  Then, what version do you have?  Version 5.0.594 is the current version.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline zivilist

  • Full Member
  • ***
  • Posts: 126
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #12 on: August 04, 2010, 10:55:59 AM »
I am referring to Avast 4.0 or 5.0.  Then, what version do you have?  Version 5.0.594 is the current version.
Of cause the latest avast home version 5.0.594
OS: Windows 7 Professional x64, OS X 10.8.3
Avast Free (for Mac and Windows)

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5203
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #13 on: August 04, 2010, 11:19:56 AM »
To clarify for you, the version you have is now called the Avast Free version (5.0.594).  As for answering your question, there have been some responses above in the thread.  Should you want additional responses, you are welcome to contact Avast:  http://www.avast.com/contacts for further clarification if you are having a technical issue that requires a ticket.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 82573
  • No support PMs thanks
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #14 on: August 04, 2010, 03:22:08 PM »
news from the h security "Anti-virus software does not make full use of Windows exploit protection features":
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?

Many of us suspect that the report relates to avast 4.8 Home and since avast 5.0 there is no avast Home, but avast Free, so the terminology is a key factor here as that is the only indication as to what version was used in the test.

If you expand the image I posted you will see that in the case of avast 5.0 on XP or Vista there are certainly areas where avast is using DEP and in some cases ASLR also.

There is however some disparity even between the same OS XP SP3 as some are showing DEP used yet others aren't. Now as far as I'm aware DEP is also hardware dependant and I don't know if AMD processors are fully DEP enabled. There is also that wrinkle about what analysis tool you are using (process explorer) and if you are running it as Admin, etc. So those may be other areas where there will be disparity between different user systems.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 1909 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.8.2393 (build 19.8.4257.552) UI-1.0.440/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/