Author Topic: ASLR/DEP disabled to AvastUI.exe  (Read 16494 times)

0 Members and 1 Guest are viewing this topic.

Offline dax123

  • Newbie
  • *
  • Posts: 4
ASLR/DEP disabled to AvastUI.exe
« on: July 19, 2010, 12:00:39 AM »
ASLR/DEP feature is not activated to AvastUI.exe
can't it be enabled?  ???


Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72282
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #1 on: July 24, 2010, 09:01:57 PM »
Got no answer..!!??
Try it here: http://www.avast.com/contacts
asyn
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0


Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85780
  • No support PMs thanks
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #3 on: August 04, 2010, 05:45:54 AM »
You have to be running process explorer (if that is what you are using) as an administrator group user to be able to see if DEP/ASLR is being used, there are by all accounts differences in what OS you are using, XP or Vista, etc.

See image example from process explorer, first part of the image if Vista and the second part is XP, the third part relates to ASLR for avast .dlls and is on Vista as I don't believe ASLR is available with XP.

So Vista avastUI doesn't appear to be running DEP, yet on my XP Pro system avastUI it is running under DEP, I don't know why this is as the Vista images have been captured from another location as I don't use Vista.
« Last Edit: August 04, 2010, 05:55:38 AM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9384
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #4 on: August 04, 2010, 06:55:51 AM »
Well, avastUI.exe is just an interface, so even if it's not protected, i don't think much can happen to it. But it might be something else.
Visit my webpage Angry Sheep Blog

crofty59

  • Guest
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #5 on: August 04, 2010, 08:06:36 AM »
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled

There is some other items with DEP enabled, etc 18 for microsoft and Firefox has DEP (Permanent)

Cheers

Offline Asyn

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 72282
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #6 on: August 04, 2010, 08:23:09 AM »
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled

Did you run it as admin..?
asyn
Win 8.1 [x64] - Avast PremSec 21.9.6675.IBC [UI.671] - EEK - Firefox ESR 78.15 [NS/uBO/PB] - TB 91.2.1
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

crofty59

  • Guest
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #7 on: August 04, 2010, 08:27:44 AM »
Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn't have DEP enabled

Did you run it as admin..?
asyn

Thanks for your reply
Yes

Thought i would ad a attachment
« Last Edit: August 04, 2010, 08:39:37 AM by crofty59 »

Offline zivilist

  • Full Member
  • ***
  • Posts: 126
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #8 on: August 04, 2010, 10:34:24 AM »
news from the h security "Anti-virus software does not make full use of Windows exploit protection features":
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?
« Last Edit: August 04, 2010, 10:36:44 AM by zivilist »
OS: Windows 7 Professional x64, OS X 10.8.3
Avast Free (for Mac and Windows)

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #9 on: August 04, 2010, 10:41:19 AM »
Did you plan to integrate this feature in future AVAST Home?
What version of Avast are you using?
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline zivilist

  • Full Member
  • ***
  • Posts: 126
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #10 on: August 04, 2010, 10:53:35 AM »
Did you plan to integrate this feature in future AVAST Home?
What version of Avast are you using?
Avast Home
OS: Windows 7 Professional x64, OS X 10.8.3
Avast Free (for Mac and Windows)

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #11 on: August 04, 2010, 10:55:05 AM »
I am referring to Avast 4.0 or 5.0.  Then, what version do you have?  Version 5.0.594 is the current version.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline zivilist

  • Full Member
  • ***
  • Posts: 126
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #12 on: August 04, 2010, 10:55:59 AM »
I am referring to Avast 4.0 or 5.0.  Then, what version do you have?  Version 5.0.594 is the current version.
Of cause the latest avast home version 5.0.594
OS: Windows 7 Professional x64, OS X 10.8.3
Avast Free (for Mac and Windows)

Offline SafeSurf

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5198
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #13 on: August 04, 2010, 11:19:56 AM »
To clarify for you, the version you have is now called the Avast Free version (5.0.594).  As for answering your question, there have been some responses above in the thread.  Should you want additional responses, you are welcome to contact Avast:  http://www.avast.com/contacts for further clarification if you are having a technical issue that requires a ticket.
Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/
Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 85780
  • No support PMs thanks
Re: ASLR/DEP disabled to AvastUI.exe
« Reply #14 on: August 04, 2010, 03:22:08 PM »
news from the h security "Anti-virus software does not make full use of Windows exploit protection features":
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?

Many of us suspect that the report relates to avast 4.8 Home and since avast 5.0 there is no avast Home, but avast Free, so the terminology is a key factor here as that is the only indication as to what version was used in the test.

If you expand the image I posted you will see that in the case of avast 5.0 on XP or Vista there are certainly areas where avast is using DEP and in some cases ASLR also.

There is however some disparity even between the same OS XP SP3 as some are showing DEP used yet others aren't. Now as far as I'm aware DEP is also hardware dependant and I don't know if AMD processors are fully DEP enabled. There is also that wrinkle about what analysis tool you are using (process explorer) and if you are running it as Admin, etc. So those may be other areas where there will be disparity between different user systems.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.8.2487 (build 21.8.6586.697) UI 1.0.666/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security