Vista Forums - View Single Post - Data Execution Prevention with Windows Vista

08-05-2007

Hi Mickey,

I haven't heard of DEP causing really widespread problems, although
obviously you are seeing problems on your machine. The exact behaviour could
vary depending on whether your CPU supports hardware DEP (the NX bit) or
software DEP - which is actually a different form of operation. AMD and
Intel EM64T Processors support hardware DEP; many (most?) 32-bit Pentium IV
processors do not.

Well-behaved programs, which keep a strict separation of data and executable
code, should not be affected by DEP. Programs which are affected by DEP may
contain security vulnerabilities, because malicious code could be injected
into the data portions, and then executed.

But I'm curious when you say "programs that were closed due to the feature
still closed even when I turned the feature off through the run command". If
you have applications which are shutting down even with DEP disabled, then
DEP is probably not the culprit. How do you use the "run" command to disable
DEP? Did you do a:

"bcdedit.exe/set {current} nx AlwaysOff"

and then reboot? That would disable DEP globally, for all applications. If
your apps still close after this, the problem is not DEP. Are you still
getting the "DEP - Windows has closed this program" dialogue box?

You can verify whether Hardware DEP is actually available on your system by
running this command:

wmic OS Get DataExecutionPrevention_Available

If it returns TRUE, the CPU supports DEP. To find the current DEP policy
which is active, run the command:

wmic OS Get DataExecutionPrevention_SupportPolicy

The result will be one of:

0 AlwaysOff - DEP is not enabled for any processes
1 AlwaysOn - DEP is enabled for all processes
2 OptIn - Only Windows system components and services have DEP applied
3 OptOut - DEP is enabled for all processes. Administrators can manually
create a list of specific applications which do not have DEP applied.

"2" is the normal default setting. Apps which aren't part of Windows itself,
should not be affected.

You might want to run this to test if DEP is , indeed, active on your
system.

Overall, I don't think it's a problem which can be easily solved by an
update from Microsoft - apps which execute data are a security risk and need
to be re-written, or at least recompiled with a /GS flag. But Microsoft
might add compatibility shims for certain well-known applications - these
are updated via Windows Update as they are released.

--
Andrew McLaren
amclar (at) optusnet dot com dot au

08-05-2007	#2 (permalink)
Andrew McLaren Guest n/a posts	Re: Data Execution Prevention with Windows Vista Hi Mickey, I haven't heard of DEP causing really widespread problems, although obviously you are seeing problems on your machine. The exact behaviour could vary depending on whether your CPU supports hardware DEP (the NX bit) or software DEP - which is actually a different form of operation. AMD and Intel EM64T Processors support hardware DEP; many (most?) 32-bit Pentium IV processors do not. Well-behaved programs, which keep a strict separation of data and executable code, should not be affected by DEP. Programs which are affected by DEP may contain security vulnerabilities, because malicious code could be injected into the data portions, and then executed. But I'm curious when you say "programs that were closed due to the feature still closed even when I turned the feature off through the run command". If you have applications which are shutting down even with DEP disabled, then DEP is probably not the culprit. How do you use the "run" command to disable DEP? Did you do a: "bcdedit.exe/set {current} nx AlwaysOff" and then reboot? That would disable DEP globally, for all applications. If your apps still close after this, the problem is not DEP. Are you still getting the "DEP - Windows has closed this program" dialogue box? You can verify whether Hardware DEP is actually available on your system by running this command: wmic OS Get DataExecutionPrevention_Available If it returns TRUE, the CPU supports DEP. To find the current DEP policy which is active, run the command: wmic OS Get DataExecutionPrevention_SupportPolicy The result will be one of: 0 AlwaysOff - DEP is not enabled for any processes 1 AlwaysOn - DEP is enabled for all processes 2 OptIn - Only Windows system components and services have DEP applied 3 OptOut - DEP is enabled for all processes. Administrators can manually create a list of specific applications which do not have DEP applied. "2" is the normal default setting. Apps which aren't part of Windows itself, should not be affected. You might want to run this to test if DEP is , indeed, active on your system. Overall, I don't think it's a problem which can be easily solved by an update from Microsoft - apps which execute data are a security risk and need to be re-written, or at least recompiled with a /GS flag. But Microsoft might add compatibility shims for certain well-known applications - these are updated via Windows Update as they are released. -- Andrew McLaren amclar (at) optusnet dot com dot au
My System Specs