ASLR/DEP disabled to AvastUI.exe

ASLR/DEP feature is not activated to AvastUI.exe
can’t it be enabled? ???

http://img594.imageshack.us/img594/6899/58301583.png

Got no answer…???
Try it here: http://www.avast.com/contacts
asyn

I would like to have ASLR/DEP in Avast too.

http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

You have to be running process explorer (if that is what you are using) as an administrator group user to be able to see if DEP/ASLR is being used, there are by all accounts differences in what OS you are using, XP or Vista, etc.

See image example from process explorer, first part of the image if Vista and the second part is XP, the third part relates to ASLR for avast .dlls and is on Vista as I don’t believe ASLR is available with XP.

So Vista avastUI doesn’t appear to be running DEP, yet on my XP Pro system avastUI it is running under DEP, I don’t know why this is as the Vista images have been captured from another location as I don’t use Vista.

Well, avastUI.exe is just an interface, so even if it’s not protected, i don’t think much can happen to it. But it might be something else.

Hi
I have just checked with ProcessExplorer, and AvastSvc.exe doesn’t have DEP enabled

There is some other items with DEP enabled, etc 18 for microsoft and Firefox has DEP (Permanent)

Cheers

Did you run it as admin…?
asyn

Thanks for your reply
Yes

Thought i would ad a attachment

news from the h security “Anti-virus software does not make full use of Windows exploit protection features”:
http://www.h-online.com/security/news/item/Anti-virus-software-does-not-make-full-use-of-Windows-exploit-protection-features-1049714.html

so many antivirus programs did not use either DEP or ASLR, also AVAST Home Edition. Whats with other AVAST programs? Did you plan to integrate this feature in future AVAST Home?

What version of Avast are you using?

Avast Home

I am referring to Avast 4.0 or 5.0. Then, what version do you have? Version 5.0.594 is the current version.

Of cause the latest avast home version 5.0.594

To clarify for you, the version you have is now called the Avast Free version (5.0.594). As for answering your question, there have been some responses above in the thread. Should you want additional responses, you are welcome to contact Avast: http://www.avast.com/contacts for further clarification if you are having a technical issue that requires a ticket.

Many of us suspect that the report relates to avast 4.8 Home and since avast 5.0 there is no avast Home, but avast Free, so the terminology is a key factor here as that is the only indication as to what version was used in the test.

If you expand the image I posted you will see that in the case of avast 5.0 on XP or Vista there are certainly areas where avast is using DEP and in some cases ASLR also.

There is however some disparity even between the same OS XP SP3 as some are showing DEP used yet others aren’t. Now as far as I’m aware DEP is also hardware dependant and I don’t know if AMD processors are fully DEP enabled. There is also that wrinkle about what analysis tool you are using (process explorer) and if you are running it as Admin, etc. So those may be other areas where there will be disparity between different user systems.

Thanks for the ‘small’ attachment ;D

If you play with the Process Explorer, ‘Process’ column heading you will see some differences in the results as the column (my small image attachment), aside from changing the ordering it is also a toggle for different views.

So why my system with the same OS, XP Pro SP3 and avast 5.0 free shows DEP for both avastUI and avastSvc yet yours doesn’t is beyond me.

Hi all…

Was there something you had to enable in Process Explorer to see this information? My copy doesn’t and I’m running as an administrator. ???

Regards…

Only in the columns that are viewed if you don’t have that category selected then there will be no corresponding column.

There is a small utility available to determine hardware DEP capability.

http://www.grc.com/securable.htm

Modern processors incorporate features beneficial to security. SecurAble displays the status of the three most significant security-related processor features:

SecurAble probes the system’s processor to determine the presence, absence and operational status of three modern processor features:

* 64-bit instruction extensions,
* Hardware support for detecting and preventing
  the execution of code in program data areas, ... and
* Hardware support for system resource “virtualization.”</blockquote>

That’s a pretty old tool just over two years old, ancient in terms of processor development so I though it wouldn’t recognise the later AMD/Intel CPUs; though it does seem to do that.