Search

Search for words used in entries on this website

Sponsors

Digg | 05 Apr '07 - 07:24 | | news source ~ Robert Hensing

DEP on Vista exposed

(Data Execution Prevention) is a slightly overloaded term that refers to a set of hardware and software technologies that we have implemented (with support from Intel / AMD) to make it harder to exploit security vulnerabilities on Windows. On - if your processor supports hardware enforced 'no execute' or 'execute disable' bits (i.e. 'NX' on AMD and 'XD' on Intel CPU's) you will have hardware DEP enabled by default for most Windows applications with a few notable exceptions. If your processor does not support the 'no execute' bit - you'll only get software DEP protections which is still better than nothing but not as good as hardware DEP and easier to bypass / defeat. (NOTE: This is essentially the same behavior that was introduced on XP Service Pack 2).

Hardware DEP works by setting a special bit in a PTE (page table entry) which is an object used by the (virtual memory manager) to map virtual memory addresses to physical memory addresses. If an attempt is made to execute code from a virtual memory page that has been marked as non-executable (via the bit being set in the PTE for that page), the processor will raise an exception and the OS can then end the application or bring down the entire OS (if the exception is raised in kernel mode code). Hardware DEP + ASLR is a good thing when used together as it signficantly raises the bar for those seeking to exploit security vulnerabilities like the recent ANI file 0-day.(more)



  
Remember personal info?

Emoticons / Textile

Before sending a comment, you have to correctly answer a simple question you know the answer to. This is a countermeasure against automated spam bots.
 

  ( Register your username / Log in )

Notify:
Hide email:

Small print: All html tags except <b> and <i> will be removed from your comment. You can make links by just typing the url or mail-address.