Amaroq_Starwind

Awesome!

So, lately I've been starting to wonder if Ravioli Memory might also provide security benefits, on top of the more efficient and robust memory management.

I wonder if it will soon finally be possible again to install AMD graphics and HDMI audio drivers. My father's computer is absolutely desperate for this. Mobile Hotspots (and even the ability to use Wi-Fi at all) have also been horrifically broken lately.

I wonder if any of WehnTrust's features should be incorporated into Malwarebytes. It could potentially improve security with its SEH Overwrite Protection, its Format String Vulnerable preventions, and its own ASLR capabilities, especially on older versions of Windows. And it's open source, which is really nice and makes adapting its features seem a lot more viable to me. https://archive.codeplex.com/?p=wehntrust Another security feature which is similar to Bottom-Up ASLR which could be a good supplement is Library Load Order Randomization (though that might require changes to the OS on Microsoft's part). Further still, additional security measures such as Shadow Stacks and Random XOR Canaries could both also be used to compliment ASLR if they haven't already been worked on. https://en.wikipedia.org/wiki/Buffer_overflow_protection#Random_XOR_canaries https://en.wikipedia.org/wiki/Shadow_stack One way to offset the potential compatibility problems of using Shadow Stacks; you could notify the user every time a program encounters an error as a result of an exception or a longjmp. Also of note for ASLR; making the program and drivers PAE aware and allowing then to use large memory pages could be used augment ASLR on Windows XP and Windows Server 2003 on systems with at least 4 Gigabytes of RAM (even if most of the operating system is unable to use it in the case of the 32-bit version of XP). And while it wasn't explicitly designed for security, experimenting with a Ravioli Memory implementation (which I made a thread about in General Discussion) might possibly have ancillary security benefits on top of avoiding memory fragmentation and providing more robust management of system resources. Now in response to @exile360, I was merely trying to point out that you seemed omit XP SP2 on the list of supported operating system for DEP. I'd like to share some final thoughts on that subject; though Data Execution Prevention is great, better implementations do exist which allow even more flexibility, such as separating the bits for Write Access and Execution Access, and/or separating the bits for Privileged and Unpriviledged Execution, or even enforcing Sandboxed Execution. However, those various implementations are only supported in-hardware on non-x86 architectures, and even then, not all of those support the same features, and I'm not certain how viable software-based implementations could be without at least a partial rewrite of the operating system itself.

Data Execution Prevention was actually added in XP Service Pack 2:

Well, seems that Dark Mode is spreading even further now: It will take quite a bit of design work for a Dark Mode to actually look good though. In the meantime, use of a dyslexia-friendly typeface would be another great option for the UI.

Wow. I guess I'm losing my touch...

There's another issue, however, with taking offensive measures to deal with the threat. Besides the risk of possible collateral damage, there could also be severe legal repercussions... Anyways, here are some of the articles I was looking at: https://www.symantec.com/connect/articles/malicious-malware-attacking-attackers-part-1 https://www.symantec.com/connect/articles/malicious-malware-attacking-attackers-part-2 https://whatis.techtarget.com/definition/offensive-security

Oh crap! 😱 Maybe more offensive security measures have to be taken if infrastructure is actively being targeted, actively striking back at intruders... But there aren't any obviously practical solutions that I can readily think of. On the Symantec website, there are a couple old articles titled along the lines of "Malicious Malware: Attacking the Attackers, but it is from 2006 and I don't know if those ideas are even viable anymore now that we have to worry about things like Ransomware, Botnets, and victim computers being hijacked as proxies. I posted a thread about D-Wave Systems very recently, so perhaps it might also be time for security providers to get on the horn with them about possibly using their resources to tackle infrastructure-wide cyberdefense.

Actually, they have q whole bunch of neat documentation stuff now, and even an SDK sort of thing. https://docs.dwavesys.com/docs/latest/index.html

Turns out D-Wave systems actually developed an API so that you can utilize their quantum computing resources through a remote connection. https://docs.dwavesys.com/docs/latest/doc_rest_api.html Before anyone asks... Yes, D-Wave is the real deal, I've been following them for years. They've even got a contract with Lockheed Martin, IIRC. So, does anyone here have ideas on what they'd use a quantum computer for~?

Well with payment information at the very least, there's a new thing called privacy.com. It's basically a financial proxy so that you can use throwaway payment credentials on online websites.

Well... I recently found out that OpenACC also runs on the integrated graphics on Intel CPUs and AMD APUs, and is compatible with conventional C language. Rad! Unfortunately, I am still not sure if MS Visual Studio can be made into an OpenACC compatible compiler or not (I mean, maybe it can through plug-ins?), or if OpenACC can run on ARM64. Additionally, it also seems like the demand for Malwarebytes on OpenACC is still extremely low, and this there is a negligible probability that it will happen any time soon...

So, here's a series of blog posts that I feel like would be worth a read~ https://www.reenigne.org/blog/rethinking-memory/ l The short version: Basically, this is intended to give bare metal languages like C++ and Assembly the benefits of a Garbage Collected language, sans most of the associated downsides. Everything is explained in depth, and there's also a link on the blog to the source code. @exile360 I bet you'd be intrigued by this!

Attempting to edit the HOSTS file on Windows 10 will actually screw up Microsoft services (such as Windows Update) royally... Or even screw up your ability to connect to the internet. I learned this the hard way with the hpHosts files.