What does "/noexecute=optin" mean in boot.ini file?

By dhart131 ·
/noexecute=optin is part of a line in a boot.ini file and I am wondering what it does.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

From the horse's mouth:

by seanferd In reply to What does "/noexecute=opt ...

"The /noexecute parameter enables Data Execution Prevention (DEP), a set of hardware and software technologies designed to prevent harmful code from running in protected memory locations."

Collapse -

thank you

by dhart131 In reply to From the horse's mouth:
Collapse -

Number 2 out of 4...

by TobiF In reply to What does "/noexecute=opt ...

Out of four possible states for data execution prevention, this is the second weakest.

DEP, Data execution prevention is hardware control, where the processor will not allow execution of some bytes, if they are in a location that was marked as DATA, rather than EXECUTABLE.

Whenever you read about a security patch for a "buffer overun", know that DEP could have helped to prevent this problem.

Unfortunately, many computer programs are poorly written and mix data and program instructions in such a way that one can't use this good security measure. (As far as I know, however, 64bit versions of windows enforce DEP to be on at all times.)

On 32-bit windows platforms, there are 4 possible policies that can be declared. They are, from weakest to strongest:

The default value is opt-in, where DEP will be applied only for those computer programs, which declare that DEP should be used.
Opt-out enables DEP, but allows the program to opt-out.
The other two options are self explanatory, I hope.

On my computer, I changed long time ago to OPTOUT, and (knock on wood), haven't noticed any misbehaving programs. This means that I managed to raise the security a lot.

Hope this helps.

Collapse -

Thank you

by dhart131 In reply to Number 2 out of 4...

Thanks for satisfying my curiousity. I was trying to figure out if it had anything to do with my safe mode login Post. Now I now it does not.

Related Discussions

Related Forums