Windows 10: Key Windows 10 defense is 'worthless' and dates back to Windows 8


  1. Posts : 29,388
    64-bit Windows 10 Pro build 17672
       20 Nov 2017 #1

    Key Windows 10 defense is 'worthless' and dates back to Windows 8




    Microsoft has been telling users to upgrade to Windows 10 because of its superior in-built defenses against attacks, compared with Windows 7. That advice would be true if it properly implemented the defense known as Address Space Layout Randomization (ASLR).

    ASLR is used by Android, Windows, Linux, iOS and macOS to prevent attacks that rely on code executing at predictable memory locations by loading programs at random addresses.

    It's been used by Microsoft since Windows Vista to counter memory-based attacks. However, Microsoft introduced an error in Windows 8 when implementing a feature known as Force ASLR or system-wide mandatory ASLR.

    This feature is meant to randomize executables even if an application hasn't enabled support for ASLR. It can be switched on through Microsoft's Enhanced Mitigation Experience Toolkit (EMET). As of the Windows 10 Fall Creators Update, EMET became part of Windows Defender Exploit Guard (WDEG).

    But as Will Dormann of Carnegie Mellon University's CERT/CC discovered, enabling system-wide ASLR in Windows 8 and newer only does half the job it's meant to, resulting in programs being relocated but to the same address every time.

    "Starting with Windows 8.0, system-wide mandatory ASLR (enabled via EMET) has zero entropy, essentially making it worthless. Windows Defender Exploit Guard for Windows 10 is in the same boat," Dormann wrote on Twitter...


    Read more: Key Windows 10 defense is 'worthless' and bug dates back to Windows 8 | ZDNet


    See also: Clarifying the behavior of mandatory ASLR - Defense
    Last edited by Brink; 21 Nov 2017 at 22:28.
      My ComputersSystem Spec

  2.    20 Nov 2017 #1

    Hi there.

    This is just basically "Fake News".

    Most Fraud is done with the purpose of scamming individuals and it's the way users open themselves to scamming has NOTHING WHATSOEVER TO DO with this type of security leak.

    Believe me if you need a Phd. in computer science to hack into some home computer with zero "Scam value" then it's just a waste of time.

    90% or more of computer Fraud comes from people opening emails with dubious attachments, opening Fake web sites, or giving away too much personal data on social media and elsewhere.

    Even if you download Music / Video from a Torrent site it's unlikely the virus if any could affect your machine (so long as files are NOT .exe,.zip,.rar etc.)

    Standard mkv/mp3/flac/mp4 etc just won't play if there's a "hidden payload".

    I'm not saying don't install AV software but worrying about this type of stuff brings Paranoia to a whole new level - especially for Home users -- what's a hacker got to gain by attempting a Dos (Denial of Service) attack say against a simple single user with a Slow internet speed.

    I agree for Enterprise servers and the like -- important here but it's a different ball game.

    For Home users - just ignore --especially since people like ZDNET don't have any decent provenance.

    Cheers
    jimbo
      My ComputerSystem Spec

  3.    20 Nov 2017 #2

    Zero entropy - what utter garbage. Any scientist or engineer know ms what entropy is, and that overall it inrxorably increases until the end of time when universe finally dies due to heat death!
      My ComputerSystem Spec

  4.   My ComputerSystem Spec


  5. Posts : 20,266
    Win10 Pro, Win10 Pro N, Win10 Home, Win10 Pro Insider Fast Ring, Windows 8.1 Pro, Ubuntu
       28 Nov 2017 #4

    To see what software in your install even uses ASLR(or other security stuff too), get Process Explorer64, right click the columns at the top, select columns you wish, like ASLR:
    Click image for larger version. 

Name:	Image 001.png 
Views:	48 
Size:	26.4 KB 
ID:	165885
    close, then click the ASLR column, and you can the have a look-see.
    (click screenshot to expand)
    Click image for larger version. 

Name:	image.png 
Views:	12 
Size:	211.7 KB 
ID:	165886
      My ComputersSystem Spec

  6.    28 Nov 2017 #5

    cereberus said: View Post
    Zero entropy - what utter garbage. Any scientist or engineer know ms what entropy is, and that overall it inrxorably increases until the end of time when universe finally dies due to heat death!
    You are thinking of the schoolboy concept of entropy. You should be thinking of this Entropic security - Wikipedia

    This is not the same thing at all - just the "random" number is always exactly the same in Win10 and was not in earlier EMET versions. Therefore (as it is always the same number) how would you define the entropy? Zero seems a pretty fair description.

    It isn't ASLR is wrong it was just incorporated wrong in Win 10 apparently.

    Just read the OP - it links to it.

    Actually, with Windows 7 and EMET System-wide ASLR, the loaded address for eqnedt32.exe is different on every reboot. But with Windows 10 with either EMET or WDEG, the base for eqnedt32.exe is 0x10000 EVERY TIME.
    Conclusion: Win10 cannot be enforce ASLR as well as Win7!
    Will Dormann on Twitter:
      My ComputerSystem Spec

  7.    28 Nov 2017 #6

    lx07 said: View Post
    You are thinking of the schoolboy concept of entropy. You should be thinking of this Entropic security - Wikipedia

    This is not the same thing at all - just the "random" number is always exactly the same in Win10 and was not in earlier EMET versions. Therefore (as it is always the same number) what is the entropic security? Clearly it is zero.

    It isn't ASLR is wrong it was just incorporated wrong in Win 10.

    Just read the OP - it links to it.

    Will Dormann on Twitter:
    Entropy is not a schoolboy concept! It underpins the whole of thermodynamics.

    It is bs using term for anything else.
      My ComputerSystem Spec

  8.    28 Nov 2017 #7

    cereberus said: View Post
    Entropy is not a schoolboy concept! It underpins the whole of thermodynamics.

    It is bs using term for anything else.
    Best you update Wikipedia then and make sure anyone using cryptography uses a different word.

    Best make sure there is not more than one meaning of the word "word" either. Word up!
      My ComputerSystem Spec


 

Related Threads
Windows insiders builds dates in Windows Insider
Hey guys, Is there any place that I can find the dates for new builds? I mean a central place (like a database) that I can write a script that will check the dates and send it to me or do some actions? (I know that the dates are...
Source: US Department of Defense Commits to Upgrade 4 Million Seats to Windows 10 | Windows Experience Blog
The calendar continues to wipe clean the previous months dates. It will retain things like government holidays but anything I input is erased. This is frustrating because I often need to look back to see when something happened and if the...
Comodo Defense + & Windows Defender are both off, won't turn on in AntiVirus, Firewalls and System Security
I have Comodo's free protection installed. Since I installed Windows 10, I keep getting a periodic pop-up message at the lower right of my screen telling me that both Comodo Defense + and Windows Defender are turned off. When I go to the Security...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:14.
Find Us