processor anti-execute protection from malicious code

ok..when u see this u'd be like..WHAT? but that was my reaction too..and i just found out by searching a weird option of my processor configuration on my BIOS..."execute disable bit" and had option to turn on-off..i found an article here but had no time to go through it as i am time short..so by that i mean i am not sure what it is-how it works but a cpu-like anti-executable should be DAMN NICE..if anyone has heard of it before and could shed some light over here it'd be great!

 

sorry..just a specification..NOT all the cpu's have this function..the link i forgot to post before showing everything is here http://www.hardwaresecrets.com/article/99

 

Well, technically you can replace this hardware tech with Comodo Memory Firewall. It does pretty much the same thing, just in software.

 

yep..that should be about the same.altho it got me a few BSODs and found it kinda sluggish for my taste.too bad my pentium 4 laptop does not have that :/

 

well never forget thats still based on software..AKA firmware.BIOS router built-in software,RAID controllers and the list goes on.but i agree that its much harder to compromise.

 

As far as I know it,s called DEP. It,s both hradware and software. For hardware DEP, ur processor must support it. Correct me if I am wrong.

 

avtually the software is like a OS built in driver for this hardware capability.if your hardware does not have this technology it won't work if you just enable it from your OS.

 

Here's a simple program that tells you if you have hardware DEP or not. http://www.grc.com/securable.htm

 

Anyone ever had a program add itself to DEP exclusion on its own after installation? I was under the impression I would get a pop up if a program could not run with DEP enabled and give me the option to exclude it as shown in the link provided by Eagle Creek. After installing DVDFab however this is what I found (see image) and I never received any popup about DEP whatsoever. So what's up with that?

 

OK, I found that this was a feature first added in an earlier version of DVDFab:

3.1.5.5 Beta (Aug 4, 2007)
- New: Added DVDFab to DEP exception list on Windows XP/Vista, to avoid crash problem at startup in certain cases.

So I guess my question now is if a program can add itself to the exclusion list with no input from me, then how is it any protection? Couldn't malware add itself also?

 

OK, nevermind, you have to excuse my ignorance. I am not very knowledgeable about DEP but I think I understand now. The programs in the exclusion list are not protected themselves by DEP but they are still not allowed to execute code from the data areas of other programs which are under DEP protection. I hope I got that right.

 

Yes, it wil be like this. I get this popup while trying some malware/ rootkits etc!

 

Thanks everyone for the information. I had read through some of the links for DEP before but still didn't quite have a handle on it.

I also didn't know before I installed DVDFab that some programs could add themselves to the exclusion list.

I understood that XP SP2 had DEP enabled for Windows operating system only by default but mine came with DEP enabled for all programs by default. Maybe that was a Dell factory setting?

Do most of you in the Wilders community have DEP set for all programs or do you prefer to just have it enabled for Windows OS? If you prefer to enable it for all programs which programs have you found that you need to exclude to get them to operate properly?

 

For all! never needed exclusion.

 

I agree with aigle: DEP enabled for all programs, no exceptions.

 

I have a Dell Pentium 4 with hardware DEP. I don't know why someone here said their Pentium 4 didn't have it. Mine came with DEP as OPT IN. I changed that to DEP as OPT OUT. I don't know of anyone who has been successful at using hardware DEP with the Always On option.

With DEP as Opt Out, I only had about three applications that had to be opted out. But when I was using KAV 2006, on an earlier Pentium 4 machine with Hardware DEP, suddenly Outlook Express opted itself out and it would not run if I opted it in again as long as KAV was running. There were threads about it in the KAV forum. I had to leave it opted out until I uninstalled Kaspersky and got another AV and then I could again opt OE in.

Everything ran fine for months on my older Dell Pentium 4 and then on my new Pentium 4 until about two months ago. Suddenly, Windows Explorer started opting itself out! I would go in and remove it from the opt out list and then it would crash and opt itself out again. I finally had to leave it opted out and there wasn't much point in using Hardware DEP if Explorer had to be opted out so I turned off Hardware DEP.

http://support.microsoft.com/kb/912923

 

I have DEP enabled only for essential windows programs. Always been that way since I got the pc and never had one single popup from it. Nothing excluded and it's never interfered with anything. Never succumbed to the temptation to switch to the 'all programs' option.

muf

 

that'd be me..and i specified it was absent on my laptop..well the option for -enable/disable was not in the BIOS settings.thats all..although that'd be especially usefull feature for my laptop since i use it on airports and other public wi-fi places.