Can anyone tell me why Vmware player does not use any of these systems available within Windows 7?
I am refering to the processes:
All of these executables seems to run without making use of the above mentioned protection-systems available (atleast if I am to believe EMET 2.1 from Microsoft).
I look upon it as odd.
So I am alone in wondering about this?
Processes that already use DEP are shown in the EMET configuation list as using them. Those that do not can be added later.
So I had to add they and thus far I have not seen any ill effects.
That does not mean I ponder if there are indeed remifications I might run into later.
I have setup EMET to force the mentioned processes to use DEP/SEHOP and ASLR which might suggest these processes can be recompiled to use the additional available protection systems as is when they are get released to the public.
It does seem Vmware neglected to do so though. This is what I see as odd.
VLC is oss and it does use them for example.
Then again Cyberlink PowerDVD10 Ultra does not like to do so either... Guess it takes too much work.
Adobe recently began to adopt DEP/SEHOP and ASLR in their software after they become criminal number 1 in hackability//being explioted etc.
Do I really want to see that happening with products of VMware?
I rather not.
adobe + java are targets because of there browser plugin that alot of people have enabled when they browse vlc is targeted becasue its a mediaplayer and lots of people like watching video's and listening to music and it also has a browser plugin but not as much of a target as the adobe and java
vmware is primaraly used by software developers/businesses nowhere near as popular as adobe, java or vlc its unlikly that malware writers are going to try and write programs talking advantage of the lack of ASLR there better ways like shared folders copypaste/dragdrop lan network etc to exploit and if you want to use those features then enable them in the guest. the main threat with vmware are from hackers whitch DEP, SEHOP and ASLR won't protect you from
also EMET is supposed to be used to block 0-day exploits not to be forcably enabled on everything and enabling it on vmware-vmx.exe could result in errors it did for me
Populairity is a non-factor in any and all ways as I view it.
The systems are there so why not use it?
The fact the EMET worked against you is just that. An indication it might have remifications.
Duelly noted thanks for that. Care to elaborate though?
It's that feedback I hope to get so feel free to give the issue's you ran into.
Your statement of shared folders etc holds water but why concentrate on those.
My piont: if you have possibilties to secure a product use them even if more obvious gapes are there.
If a product already uses the securing options of the OS I have 1 less application I have to worry about. A fully installed computer is complex enough as it is so loose ends only add to more exploits.
i was doing some wu's for WCG on ubuntu and most of them errored out when EMET was enabled on it so i disabled it as i don't know if its effected anything else and what effect it would have on my windows guest's antivirus/firewall software
and shared folders are the easiest way to infiltrate a host OS as im sure there are people keeping them enabled and writable as its less hassle just like people disable UAC and ive seen people link folders to C:\ E:\ etc so you could extract info like emails passwords just by taking over the guest OS
then enable EMET on every program on your pc but you may end up making your pc less secure by doing so expecially when enabled on security programs and if your suffering from problems with malware i doubt EMET would help