It probably would be a better security feature to clean bugs making the services and programs vulnerable.
This new feature only brings a new process which itself brings new vulnerabilities to the system.
How should such a process decide which code is harmful and which is not? A process monitoring the data similar to FAM on Linux would probably be a better solution.
Discussion on:
View:
Show:
DEP leverages the NX/XD (XD for Intel; NX for AMD) capability of modern processors that allows pages in memory to be marked as non-executable (there's also a "software DEP" in cases where the processor doesn't support NX/XD, but it protects against a different attack vector).
Marking pages in memory as non-executable is meant to prevent the exploitation of buffer overflow vulnerabilities (yielding a DOS--denial of service--against the target program/service, but without leading to arbitrary code execution in the event that a malware payload was passed into the memory buffer).
This feature in Windows was first made available in SP2 of WinXP (along w/ other security enhancements, like Windows Firewall).
I suspect we'll see more of these joint hardware-software enhancements in the future (NX/XD being an example; TPM chips are another example; Seagate's FDE.2 Momentus drive is yet another, as it includes on-board encryption). Leveraging hardware enhancements will likely make many software-based attacks less trivial to exploit, whether they involve data security (like encryption) or security within the context of a running system (protection from buffer overflows being an obvious example).
Finally, I strongly recommend applying DEP to "all programs and services" to maximize coverage and to protect against buffer overflow attacks on vulnerable programs/services. That suggestion is oddly left out of many "top 10" security lists for Windows users.
Marking pages in memory as non-executable is meant to prevent the exploitation of buffer overflow vulnerabilities (yielding a DOS--denial of service--against the target program/service, but without leading to arbitrary code execution in the event that a malware payload was passed into the memory buffer).
This feature in Windows was first made available in SP2 of WinXP (along w/ other security enhancements, like Windows Firewall).
I suspect we'll see more of these joint hardware-software enhancements in the future (NX/XD being an example; TPM chips are another example; Seagate's FDE.2 Momentus drive is yet another, as it includes on-board encryption). Leveraging hardware enhancements will likely make many software-based attacks less trivial to exploit, whether they involve data security (like encryption) or security within the context of a running system (protection from buffer overflows being an obvious example).
Finally, I strongly recommend applying DEP to "all programs and services" to maximize coverage and to protect against buffer overflow attacks on vulnerable programs/services. That suggestion is oddly left out of many "top 10" security lists for Windows users.
I agree with your recommendation with the exception of those programs that won't handle it. We had one at a previous site that wouldn't work unless we excepted it from the list. Fortunately the vendor was quick to provide and updated version, but we had many desktops to update after that.
It was added with SP2 (it is also in 2k3 SP1).
System Properties->Advanced>Performance Options->Data Execution
The Dialog is virtually identical to the Vista one.
System Properties->Advanced>Performance Options->Data Execution
The Dialog is virtually identical to the Vista one.
Yes, it's the same, just the different is: It shows on Vista regardless XP, so it's new features for VISTA,...(old feature in XP) If you read it carefully on the article title.
Beside, this is a useless features, since services crashed in XP or Vista, it just show up a box with "Report to Microsoft bla bla bla ..." if you treat that as notify, then this is a notify...
Beside, this is a useless features, since services crashed in XP or Vista, it just show up a box with "Report to Microsoft bla bla bla ..." if you treat that as notify, then this is a notify...
What would the typical symptoms of "not playing nicely" be for a program fighting with DEP?
This is available now using WinPatrol by BillP
WinPatrol is real time monitoring.....
WinPatrol is real time monitoring.....
It look to be the same as XPsp2
See link http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx
See link http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx
Anything else I should know? Just got a new laptop with Vista Home Pro. Have been researching how to lock it down. Any Suggestions? BTW, thanks for the advice about DEP!
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
