On Wed, 25 Apr 2007 02:02:01 -0700, nahn921
I have a Toshiba with Vista Home Premium. Windows Movie Maker and sometimes
Windows Explorer sometimes stop working and begin restarting because of DEP.
What's the history of this system? I'd suspect DEP is either doing
what it's supposed to do (i.e. foiling hidden malware that's trying to
get traction through an exploit) or you may have something like what
happened to me in XP, when a repair install to adapt it to a new
motherboard and processor appeared to fail to switch logic from a
non-DEP CPU to the new DEP-capable one.
The first thing I'd do is a set of formal malware scans from my Bart
CDR, or similar but using WinPE or the Vista DVD's Cmd boot.
The second thing I'd do (or possibly the first, if I didn't have
non-HD-based scanners etc.) would be to state chart these:
- Windows
- Windows with all peripherals unplugged
- Windows with ALL networking unplugged/disabled
- as above, but with all startup items disabled in MSConfig
- as above, but with all non-MS services disabled in MSConfig too
- Safe Mode
- Safe Mode Cmd Only (i.e. run MM but not the shell)
It's possible that a shell integration is causing trouble, or possibly
a codec. Nirsoft (
www.nirsoft.net) offers several free tools that
lets you reversibly disable such things for testing purposes, and I'd
use Shell Extensions Viewer and MMCompView to test these.
I have this problem mostly with the movie maker when I try to publish/save an
edited video to my computer. I tried to turn off DEP for the movie maker,
but it says that this program must run with DEP enabled and that I cannot
turn off DEP for this program. What can I do to fix this?
This is Vista, so I don't know what the equivalent to XP's Boot.ini
syntax might be, offhand. Vista doesn't use Boot.ini, and what it
uses instead will have to be managed by appropriate tools, rather than
direct editing in Notepad. Such tools are freely available and it is
documented; dunno if DEP is as manageable, though.
DEP isn't a program as such. It's a security feature of the OS that
harnesses a hardware feature found in modern processors; basically, it
detects attempts to run the contents of "data" memory as code.
This in turn blocks several code exploits, i.e. those that work by
placing code within "data" and then tricking the system into jumping
into it via buffer exploit or whatever.
This is worth doing, because these kind of exploits cut through
by-design logic like a train through tissue paper. Such methods
facilitated Lovesan/Blaster, Sasser and SQL Slammer's clickless
attacks; a firewall may stop the first two of three of these, but if
the same methods are used witrhin content (e.g. WMF or JPG exploits),
there's very little other defense until the defects get patched.
--------------- ----- ---- --- -- - - -
Never turn your back on an installer program
