Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Anti-virus Products Mostly Ignore Windows Security Features


03 Aug 2010   #1
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Anti-virus Products Mostly Ignore Windows Security Features

Quote:

I recently highlighted a study which showed that most of the top software applications failed to take advantage of two major lines of defense built into Microsoft Windows that can help block attacks from hackers and viruses. As it turns out, a majority of anti-virus and security products made for Windows users also forgo these useful security protections.

As I wrote last month:
Attackers usually craft software exploits so that they write data or programs to very specific, static sections in the operating system’s memory. To counter this, Microsoft introduced with Windows Vista (and Windows 7) a feature called address space layout randomization or ASLR, which constantly moves these memory points to different positions. Another defensive feature called data execution prevention (DEP) — first introduced with Windows XP Service Pack 2 back in 2004 — attempts to make it so that even if an attacker succeeds in guessing the location of the memory point they’re seeking, the code placed there will not execute or run.
These protections are available to any applications built to run on top of the operating system, and they’re designed to make it difficult for attackers to develop reliable exploits for vulnerabilities in Windows applications. As we saw last month, few top apps invoke the protections, but many readers may be surprised to learn that few anti-virus products have adopted these technologies.

I installed the trial versions of a dozen top anti-virus and security suites on a virtual machine running Windows Vista, and then checked each product’s executable files using Microsoft’s excellent Process Explorer tool, which provides a mass of information about processes running on your Windows system, including whether or not those processes invoke DEP and/or ASLR.

Among the anti-virus products that used neither ASLR nor DEP were AVAST Home Edition, AVG Internet Security 9.0, BitDefender Internet Security 2010, ESET Smart Security, F-Secure Internet Security, Norton Internet Security 2010, Panda Internet Security 2010 and Trend Micro Internet Security 2010.

Microsoft Security Essentials was the only product that used both ASLR and DEP consistently on Windows Vista (although interestingly it does not invoke DEP on Windows XP). Other anti-virus suites I tested used either ASLR or DEP (or both), but only in some applications that make up the suite. For example, McAfee Internet Security’s “mcagent.exe” program runs both ASLR and DEP, while four other executable processes spawned by the program ran DEP but not ASLR (since these tests were run, McAfee has changed the trial version of MIS available on its site, and the company sent me a screen shot that shows DEP and ASLR on all running processes in that version).

More -
Anti-virus Products Mostly Ignore Windows Security Features — Krebs on Security

My System SpecsSystem Spec
.

Reply

 Anti-virus Products Mostly Ignore Windows Security Features




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:33 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33