LUA, SRP, DEP, UAC...?

Discussion in 'other software & services' started by Luxeon, Apr 5, 2009.

Thread Status:
Not open for further replies.
  1. Luxeon

    Luxeon Registered Member

    Joined:
    Mar 20, 2007
    Posts:
    127
    I am finally beginning to understand the acronyms LUA, SRP, DEP and UAC...but, have a question or two.

    I have Vista x64 Home premium with UAC enabled. Currently using Defender with Spynet, NOD32, SAS (nice program), router, Windows Firewall, Firefox (soon to be equipped with NoScript and maybe AdBlock). Internet Explorer, on the rare occasion it is used, is in protected mode.

    We are also using LUA.

    Currently, DEP is set like this: "Turn DEP On for Essential Windows Vista Programs and Services Only"

    Should I set it to the higher level "Turn DEP On for All Programs and Services Except for the Ones you Select?"

    I find Software Restriction Policy to be a bit...confusing. I read this: http://www.mechbgon.com/srp/ , but apparently it doesn't apply to my system, and I admit that my understanding is still pretty...thin.

    Does SRP apply to my system? (It looks like UAC is a kind of SRP-for-dummies) If so, how can I optimize it?

    Man, there is a lot to learn about this stuff...
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Hi Luxeon, if your computer supports it then I'd recommend DEP for all yes*, you can then add an exception if one of your programs baulks. SRP in Vista as a Standard user is for the Business, Ultimate and Enterprise versions - have you read this thread.

    *btw DEP is always enabled for 64bit native programs in 64bit versions of Windows.

    To quickly tell if hardware DEP is available in Vista, as admin, enter wmic OS Get DataExecutionPrevention_Available in a command line. If TRUE is returned then it is available:) .
     
    Last edited: Apr 5, 2009
  3. Arup

    Arup Guest

    If you really want DEP to be effective then the system wide setting via boot.ini is the only way. The only thing is that certain programs might have issues with it, in my case I discovered Avast and Orbit having issues, I replaced them with Avira and FDM and it went away. Every other program installed have no issues.
     
  4. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,508
    Location:
    Slovakia
    If you play games, do not enable DEP for all, it will shut them down and mostly it does not even notify, that it is because of DEP. Otherwise no problem.
     
  5. Raza0007

    Raza0007 Registered Member

    Joined:
    Mar 30, 2009
    Posts:
    1,425
    Location:
    USA
    I use Vista 32 bit so I will only comment on UAC and DEP, I don't think LUA and SRP are applicable to 32 bit OS.

    UAC: I turned it off when I received my new computer and have not turned it back on since. You do not need it under ordinary circumstances. Keeping a good updated antivirus will provide you with adequate protection.

    DEP: There are two kinds software based and hardware based.

    Hardware based only has two settings enabled or disabled. You can only change it from your BIOS. It is only available if you processor supports it. Recommended setting is to leave it enabled. If it is causing problems for certain trusted software you may temporarily disable it.

    Software based has four setting Optin, Optout, Always on, Always off. Default is Optin. In this setting it provides protection for essential windows programs only. You should leave it at its default setting. If some program is conflicting with it then you may select Optout. Then it protects all programs but those you mention in the exclude list.
     
  6. Osaban

    Osaban Registered Member

    Joined:
    Apr 11, 2005
    Posts:
    4,214
    Exceptions don't always work, as an example UltimateDefrag 2008 won't work on my Vista Ultimate32 with DEP enabled (hardware), even when the .exe is added to the exceptions.
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    If you don't have hardware DEP you'll also get the warning in the exceptions window of the DEP tab telling you the processor does not support hardware DEP. (XPSP2-)

    To easily check on DEP policy you can enter in a command prompt :

    wmic OS Get DataExecutionPrevention_SupportPolicy

    the returned value would be 0-3

    0 AlwaysOff DEP is not enabled for any processes
    1 AlwaysOn DEP is enabled for all processes
    2 OptIn Only Windows system components and services
    3 OptOut DEP is enabled for all processes, but you can create an exception

    There is also Securable which will tell you if you have hardware DEP (and hardware virtualization.) It will also tell you if Hardware DEP is off in the BIOS.
     
    Last edited: Apr 8, 2009
Loading...
Thread Status:
Not open for further replies.