Jump to content


Honorary Members
  • Content Count

  • Joined

  • Last visited

About hake

  • Rank
    True Member

Profile Information

  • Location
    Wigan, England
  • Interests
    Rugby League, Cricket

Recent Profile Visitors

6,949 profile views
  1. On further consideration, MBAE is better with Windows XP than MBAE 1.13 Build 60. I have noticed what seem to be intermittent 'pauses' while Mozllla Firefox ESR 45.9 is running with MBAE 1.13 Build 60.
  2. Hi Pedro. It's called enlightened self-interest. MBAE 1.13 Build 60 also works well with Windows XP (running on 17 year-old pre-SSE2 processor) but I do wonder whether or not an older version (I have been using might be more relevant to XP.
  3. The three month interval since the previous release of MBAE seems to have been well used. MBAE 1.13 Build 60 behaves very well with Windows 7 and Windows 10. Reading between the lines, I guess that a lot more work has been put into the latest MBAE than the brief summary information in the changelog would have us believe.
  4. Mozilla states that Firefox ESR will not block dll injections until 2020.
  5. https://borncity.com/win/2019/03/07/google-chrome-72-0-3626-121-closes-critical-vulnerability/#more-8824 Arrogant Google locks out MBAE and yet still perpetrates its own vulnerabilities. If ever there was evidence that a devil's advocate is needed for Chrome, this is it. Google cannot be trusted to ensure its unaided protection of the security of its own users. Google aids and abets hackers to do their insidious work silently and with impunity. Of course we cannot know if MBAE would have detected the exploits because Google excluded it.
  6. Previous aversion to https://www.dailymail.co.uk clickbait/scams (alleged) still present.
  7. I had to uninstall version 1.0.36 before successfully installing version 1.0.38. Now installed it seems no longer to assert its previous aversion to https://www.dailymail.co.uk.
  8. Why is it necessary to give permission for the Malware Firefox extension 1.0.38 to become active. Does this mean that until the user responds to the yellow alert over the three sausages (i.e. Open Menu) the extension is not protecting?
  9. @Amaroq_Starwind: After previous abortive attempts at getting WehnTrust 1.20 to work on my 15 year-old incarnation of Windows XP SP3, I made another attempt today and, blow-me-down, it works! In fact it works very well with only a small speed reduction. I notice that it is only said to detect stack overflows whereas Comodo Memory Firewall boasts that it also detects heap overflows. Does ASLR trump detections of heap overflows? WehnTrust does ASLR, SEH overwrite protection, stack overflow protection and format string protection. Comodo Memory Firewall does stack AND heap overflow detection, detection of ret2libc attacks and detection of corrupted/broken SEH chains. Note that WehnTrust uses the term 'protection' whereas Comodo Memory Firewall uses the term 'detection'. Which of the two products gives better protection? I would be grateful for your opinion. URGENT UPDATE: WehnTrust has incompatibilities with MBAE. Do not use WehnTrust or applications will be damaged. The problem lies in the effects on WehnTrust on the internal behaviour of older applications which causes MBAE to detect issues which were not detected when WehnTrust was not in use. This additionally breaks older applications such as Office 97, 2000 and 2003 which malfunction at attempted subsequent use such as losing dlls. The only way to regain their use appears to be their reinstallation. I don't think Windows XP itself is damaged as newer applications survive to run another day and Windows does not display any error message boxes Less common occurrences of similar issues happen when EMET 4.1 is used instead of MBAE. I managed to find out that WehnTrust ASLR only has 19bits of entropy. Enabling bottom-up ASLR does not of itself appear to create additional problems.
  10. From the studying that I have now undertaken, on a balance of probabilities it appears to be highly likely that XP does benefit from the enabling of bottom-up ASLR. For my very old XP systems without SSE2 enabled processors, I have reverted to using EMET 4.1(update1), Comodo Memory Firewall and a very fully enabled OSArmor 1.4.2 as a backstop which works a treat with my museum pieces. Sure it's not watertight but there are plenty of layers of defence and I have yet to experience even a single intrusion in almost 15 years of running these two venerable XP systems (both been running as the same incarnations since they were installed early in 2004). Agnitum Outpost Firewall Pro has figured continuously over than time. I would not be without MBAE on recent technology but it's nice to tinker with well backed-up stone-age systems which are not used for critical purposes. I am toying with the idea of increasing the steam pressure on them and am looking for a supply of better quality coal. An automatic stoker would be good.
  11. EMET 4.1 Uncovered (http://0xdabbad00.com/wp-content/uploads/2013/11/emet_4_1_uncovered.pdf, 2013-11-18) says "Bottom-up randomizes the heap by making a random number of allocations when the process starts up. This is effective for adding some randomization to the heap to old OS’s, but has no impact for newer operating systems." Each time a process starts up, new allocations are made. This why bottom-up ASLR is apparently so important for Windows 7. Bottom-up ASLR has only 8 bits of entropy but that additional entropy is a considerable strengthening of secuity for Windows 7. If it also applies to heap allocations in Windows, 8 bits of entropy is better than none. That is my take on bottom-up ASLR for what it's worth.
  12. Me? Correct?*!?*!? I have never been correct in my life. Hear my friends laugh when they read this thread. I just wanted to have the satisfaction of confirmation that my beloved XP enjoys some, even if limited, additional protection by bottom-up ASLR.
  13. Microsoft's EMET 4.1 appears to allow the enabling of bottom-up ASLR for Windows XP and also specifically excludes the option of enabling ASLR for Windows XP. I have assumed that this implies that bottom-up ASLR has some minimal effect with XP. Otherwise why would Microsoft have discriminated between ASLR and bottom-up ASLR for XP in EMET 4.1?
  14. This is a serious question and I am disappointed that no 'yes' or 'no' confirmation is forthcoming.
  15. Will someone please give me a single syllable response as to whether there is any beneficial use for bottom-up ASLR in Windows XP. I guess that any entropy in allocation of memory is better than none. Is that guess correct?
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.