re:
Source? AFAIK EPM is a 64bit only feature. It inherently blocks all 32bit ActiveX which is a massive win for security as well as sandboxing IE processes.
Unless I'm misunderstanding you, I think the source you provided already says pretty much everything:
Protection Mode (PM) in IE7 integrates these security features:
- User Account Control
- Mandatory Integrity Control (MIC)
- User Interface Privilege Isolation (UIPI)
All of the above is identical on 32bit and 64bit versions of Windows. Enhanced Protection Mode (EPM) in IE10 includes all of the above, and ads to that the following:
- Protecting your personal information
- Protecting your corporate assets
- 64-bit processes
Of those additional three, only the last one is specific to 64bit versions of Windows, which is basically 64 bit ASLR. I don't see anything else on that list which is specific to 64bit Windows, which I take to mean that EPM is not a 64 bit only "feature". I can even compile IE extensions for EPM compatibility on 32 bit and 64 bit versions of Windows.
EDIT: The fact that I can enable EPM in IE on 32 bit versions of Windows also suggests it's not specific to 64 bit Windows.
Source? AFAIK only 64bit has a high entropy ASLR.
Yes, it has high entropy ASLR. My question to you is how relevant is that? None of the real ASLR exploits (outside of university settings) I've heard of were ever specifically written to attack 32 bit Windows only, or in other words, none of those exploits used brute force as their primary method of attack.
Maybe you'd say those brute force attacks don't exist because 64 bit ASLR is so successful. I'd believe that, but then again, if they don't exist, what disadvantage does 32bit Windows have exactly? IMHO none.
After saying that, it kind or reminds of vaccination, where you don't need a 100% immunity level to protect the entire herd.