Absence of ASLR in anti virus component, how grave can it be?

Asked By 60 points N/A Posted on -
qa-featured

what is the importance of ASLR in anti virus component? In a situation whereby ASLR is absent in some anti virus program components and a potential denial-of-service issue when scanning nested archives, how critical can these be to the overall security of the user? What is the best approach to an anti virus prog without ASLR?

SHARE
Answered By 0 points N/A #193168

Absence of ASLR in anti virus component, how grave can it be?

qa-featured

Usually virus software are written and specifically attack static sections in the operating system’s memory. Hence Microsoft developed the ASLR feature in Windows Vista and 7 to counter this kind of attack. ASLR moves memory points constantly to different positions giving the attacker a headache for coding. A lot of AV program but not all, failed to take advantage of this line of defense developed by Microsoft.

In an event of ASLR absence, some AV also uses the other major line of defense developed by Microsoft, DEP (Data Execution Prevention), if somehow the virus is able to locate the memory point, DEP will still stop the data to execute or run.

The best approach would be to use AV using one or both of these major line of defense but don’t limit there, it is still wise to be cautious, only download files from trusted source.

To know which AV invokes ASLR or DEP or both? you can use Windows useful utility tool, the Process Explorer

Answered By 5 points N/A #193170

Absence of ASLR in anti virus component, how grave can it be?

qa-featured

Hello,

 

The importance of ASLR stems from its ability to randomize and obscure the “holes” in memory that allow a computer criminal access. When a criminal attempts to attack, their efforts immediately fail if they guess wrong. This is followed by their presence and actions being revealed. ASLR makes it very difficult for criminals to guess such information. In the absence of ASLR, criminals will find a vulnerability and repeatedly exploit it. Systems will always be unstable. When attackers have that information, they can design powerful tools or do potentially devastating things. The best overall approach is to seek a software upgrade with this protection or another application with this feature.

Related Questions