- Worldstart's Tech Tips And Computer Help - http://www.worldstart.com -

Windows Data Execution Protection – Part 2

Posted By On January 27, 2006 @ 3:40 PM In Security Help | No Comments

Windows Data Execution Protection – Part 2

Last week, I discussed Windows Data Execution Protection (DEP) which is available in Windows XP. If you remember, there are two different versions of DEP. One being hardware based and dependant on the CPU compatibility, while the other is software based and is installed with Windows’s XP Service Pack 2. Last week’s article focused on hardware DEP and determining if you have the capability, along with how to enable/ disable the function. This week I’m going to focus on software based DEP including what options it has, and how to manage it.

Software DEP: This service was introduced to Windows XP with Service Pack 2. It performs security checks to help mitigate the execution of code in protected memory. Software DEP, unlike the hardware version does not rely on compatible processor technology and will run on any Chip that supports Windows XP with SP2.

Unlike antivirus programs, DEP does not stop malicious code from being installed on your system. Rather, what it does, is monitor protected areas of memory and it stops any attempt to execute code in this memory. If malicious code does attempt to execute in a protected area of memory, the DEP function will stop the offending program and warn the user.

The reason stopping any code from running in these protected areas of memory is so important is because this is a frequently used method that attackers use to run their buffer overflow attaches. A buffer overflow is a common way for attackers to lock up your system allowing them to install Worms and Trojans, completely unbeknown to the user. Security aside, programs should not be written to execute code in these protected areas of memory anyway, and if one does, chances are that it is a poorly written program.

Although this software based DEP improves the security of your system by default, it is only set to monitor Windows binaries. This means that it is only marking and monitoring the windows processes, ignoring all third party applications. Microsoft mentions on their site that it does this to ensure that there are no compatibility issues with any current programs users may have on their PC. Microsoft goes on to suggest that if you do have any programs that won’t run with the DEP enabled, you should go to the manufacturer’s site and look for updates. If the program is unsupported and there are no updates to fix a compatibility issue, you can add the program to the exception list and the DEP will ignore it.

So let’s take a look at how to enable DEP for all programs. After that, I’ll go over how to add a program to the exception list.

Two things you have to have in order for the following procedures to work:
1) You must be logged in with an administrator account.
2) You must have Windows XP with Service Pack 2 installed.

Enabling DEP for all programs:

1. Click Start, and then click Control Panel.
2. Under Pick a category, click Performance and Maintenance.
3. Under Pick a Control Panel icon, click System.
4. Click the Advanced tab.

5. In the Performance area, click Settings.

6. Click the Data Execution Prevention tab.

7. Select Turn on DEP for all programs and services except for those I select.
8. Click Apply, and then click OK. A dialog box appears and informs you that you must restart your computer for the setting to take effect. Click OK.


To verify DEP settings for all programs are applied:

1. Click Start, then click Control Panel.
2. Under Pick a category, click Performance and Maintenance.
3. Under Pick a Control Panel icon, click System.
4. Click the Advanced tab.
5. In the Performance area, click Settings and then click Data Execution Prevention.
6. Verify that Turn on DEP for all programs and services except for those I select is selected and then click OK to close Performance Settings.
7. Click OK to close System Properties then close Performance and Maintenance.

Stay safe out there,

~ Chad Stelnicki


Article printed from Worldstart's Tech Tips And Computer Help: http://www.worldstart.com

URL to article: http://www.worldstart.com/windows-data-execution-protection-part-2/