I was checking Spybot S&D in Process Explorer, and it lacks ASLR support. This obviously includes the dll file SDHelper.dll, which is loaded to IE and Explorer.

Is there any technical reason why Spybot lacks ASLR?


thanks

No reply from Safer-Networking?
Do you know that you're making the system vulnerable by loading DLL's that don't support ASLR into processes that are exploited like explorer.exe and browsers?
http://blog.didierstevens.com/2011/01/17/quickpost-it-does-no-harm-or-does-it/
http://www.scriptjunkie.us/2011/06/bypassing-dep-aslr-in-browser-exploits-with-mcafee-symantec/
I did a quick test with the latest beta and checked IE and explorer.exe, the DLL in explorer.exe doesn't support ASLR.

No reply from Safer-Networking?


What's the news? :wink:

Is it just that Spybot doesn't use ASLR by default (like most apps) or that it (like Safari) fails to work when EMET or a similar tool is used to force Spybot to use ASLR?

Also it might be a good idea to see whether the beta of Spybot 2 does support ASLR; perhaps it was only added in this time because of increased support across the operating systems in the user-base.