DEP

  • Thread starter Thread starter slippy4s
  • Start date Start date
S

slippy4s

I was trying to figure out what if any DEP included running prosesses can
be removed without comprimising the computer.

Any Help
Thank You
Slippy
 
Could you rephrase the question?

Data Execution Prevention addresses an inherent shortcoming in the
architecture of most modern microprocessors - that they will treat data like
program memory, and may try to "execute" it. This shortcoming is sometimes
deliberately exploited by malware, but also happens with badly written
software (which you probably don't want on your machine anyway).

So, DEP protects against some types of malware, and protects against some
types of crashes caused by badly written software.

By default DEP is enabled for all the Vista operating system files. You
would be advised to enable it for all programs, although some simply won't
run with DEP enabled (Omnipage Pro 15 is an example on my computer). In
that case, you can add the troublesome executables to the exceptions list.

I'm not sure if this addresses your question. If not, perhaps you could
express it more clearly?

SteveT
 
Thank you very very much. im sorry I was abit vague .But you answered my
question to a T.
Thank You
 
Steve Thackery said:
Could you rephrase the question?

Data Execution Prevention addresses an inherent shortcoming in the
architecture of most modern microprocessors - that they will treat data like
program memory, and may try to "execute" it. This shortcoming is sometimes
deliberately exploited by malware, but also happens with badly written
software (which you probably don't want on your machine anyway).

So, DEP protects against some types of malware, and protects against some
types of crashes caused by badly written software.

By default DEP is enabled for all the Vista operating system files. You
would be advised to enable it for all programs, although some simply won't
run with DEP enabled (Omnipage Pro 15 is an example on my computer). In
that case, you can add the troublesome executables to the exceptions list.

I'm not sure if this addresses your question. If not, perhaps you could
express it more clearly?

SteveT

I'm afraid you're wrong, Steve. When I checked my Vista Home Premium, I found that it was disabled. And a little research uncovered that by default settings
at least in this version, are disabled.
 
I'm afraid you're wrong, Steve. When I checked my Vista Home Premium, I
That's funny, I could have sworn that my pristine Vista installation had DEP
enabled for the core Windows files.

In fact, I've just checked the Windows Help and Support page, and it implies
the same thing:

"DEP automatically monitors essential Windows programs and services. You
can increase your protection by having DEP monitor all programs."

Anyway, the rest of what I wrote was correct: DEP is a GOOD THING, and if a
program gets caught by DEP then it is badly written and a potential security
hazard.

Of course, sometimes you've no choice but to run it anyway, but having been
in the electronics and computing field for over 30 years I strongly suggest
that you enable DEP for everything, and then switch it off on an
application-by-application basis if you find you have to.

SteveT
 
In fact, I think it's you that's wrong, hermit.

I've just looked at the DEP settings on my PC (Vista Home Premium), and it
appears not to be possible to switch DEP off altogether. The top radio
button says "Turn on DEP for essential Windows programs and services only".

I don't know where you did your research, but did you actually look at the
settings box in your own machine? I can't believe it's different from mine.

SteveT
 
Steve apparently your system hardware supports DEP as shown on the bottom of
the DEP screen
And it is possible that hermit's does not which means he would get a
different dialog screen.
 
And it is possible that hermit's does not which means he would get a
different dialog screen.

Ah yes, that's possible. Perhaps he'll let us know.

SteveT
 
Steve Thackery said:
In fact, I think it's you that's wrong, hermit.

I've just looked at the DEP settings on my PC (Vista Home Premium), and it
appears not to be possible to switch DEP off altogether. The top radio
button says "Turn on DEP for essential Windows programs and services only".

I don't know where you did your research, but did you actually look at the
settings box in your own machine? I can't believe it's different from mine.

SteveT

Thank you for your replies, Steve and JW. I could have been clearer, so I'll restate: Under Internet Options > Advanced tab >in the Security section there is an option to check a box marked 'Enable memory protection to help mitigate online attacks.' This is greyed out & I can't check to enable it, even though I've right clicked to 'Run as Admin.' Been told to right click on IE7 exe. but can't find it.
When I right click on Internet Explorer, I am redirected / connected to
'hp-desktop.aol.com.' This is one of two DEP locations & is not checked in
my OS.
Can you help me get this section turned on, or does it really matter???
2)
The second location where there are two options, I can change. However,
when I made the change to 'Turn on DEP for all or all programs & services
except those I select,' I get an Error Msg that server can't be found when
using IE or Firefox regardless how many refresh attempts. So I've gone back
to the original setting. I'm concerned that in that setting my comp. isn't
as secure as it could be, but it seems I have no choice.
I hope this clears up my vagueness.
 
......there is an option to check a box marked 'Enable memory protection to
help mitigate online attacks.' This is greyed out & I can't check to enable
it, even though I've right clicked to 'Run as Admin.'
<<

Hey, that's fascinating. I've never noticed it before, and it is greyed out
on my machine, too. The Help for it is useless, so I don't know whether
this is another "button" for switching DEP on and off, or something else.
The second location where there are two options, I can change. However,
when I made the change to 'Turn on DEP for all or all programs & services
except those I select,' I get an Error Msg that server can't be found when
using IE or Firefox regardless how many refresh attempts.

That's strange, because both work fine on my machine, with DEP switched on
for everything. I wonder if you've got any plug-ins for the browsers. They
can definitely cause this kind of problem. If you can isolate it to a
plug-in, I'd disable it and inform the author.

It occurs to me that you could, for now, simply add IE and Firefox to the
"Except..." list.

Sorry I can't be of more help. Perhaps someone who knows more about it
might join in....

SteveT
 
Steve Thackery said:
......there is an option to check a box marked 'Enable memory protection to
help mitigate online attacks.' This is greyed out & I can't check to enable
it, even though I've right clicked to 'Run as Admin.'
<<

Hey, that's fascinating. I've never noticed it before, and it is greyed out
on my machine, too. The Help for it is useless, so I don't know whether
this is another "button" for switching DEP on and off, or something else.


That's strange, because both work fine on my machine, with DEP switched on
for everything. I wonder if you've got any plug-ins for the browsers. They
can definitely cause this kind of problem. If you can isolate it to a
plug-in, I'd disable it and inform the author.

It occurs to me that you could, for now, simply add IE and Firefox to the
"Except..." list.

Sorry I can't be of more help. Perhaps someone who knows more about it
might join in....

SteveT

Thanks for your thoughts, Steve. Can you tell the dummy how to find & determine if browser plug-in is the problem? Secondly, would you address the security issue of no DEP enabled in IE? and only enabled for Windows programs?
Leaktest results show all 1000+ ports are stealthed, and Win Defender is
supposed to stop all incoming crap, backed up with BOClean.
 
Secondly, would you address the security issue of no DEP enabled in IE?
<<

In order to "un-grey" the memory protection box in IE, you have to right
click on the IE icon in the start menu (or on the desktop) and select "Run
as Administrator". I'm not sure why that didn't work for you, but I suggest
you try it again. You should see the UAC prompt, and then when IE starts go
to Tools | Internet Options | Advanced. I'm sure it will work.

A quick look around the web suggests memory protection is disabled by
default in IE7 because Microsoft knows many add-ons get caught by DEP.

I don't think you are taking a big risk by leaving it disabled, to be
honest, although I'm no expert. Having said that, I personally would
probably find and disable the add-on that caused DEP problems, unless it was
something very important to me. A program which tries to execute from its
data space is badly written, and it suggests it may be of questionable
quality. I'm probably being a bit anal about it. :-)

When homing in on the culprit, don't do the usual thing of
enabling/disabling add-ons one at a time. It takes ages. Instead, do what
is called a "binary chop". Enable half of the add-ons, and disable the
other half. By checking for DEP errors you immediately know which half of
the add-ons has the problematic one. Split the half with the dodgy add-on
into half again, and so forth. You will home in on the faulty add-on very
quickly.

If, after this process, you still find DEP errors, it simply means more than
one add-on is faulty. Simply repeat the process to find the next culprit.

To enable and disable add-ons in IE7, use the menu option Tools | Manage
Add-ons.

To enable and disable add-ons in Firefox, use the menu option Tools |
Add-ons.

Or, as I reckon you're already pretty secure anyway, you could forget about
it! At least for now.

SteveT
 
Back
Top