processor anti-execute protection from malicious code

Discussion in 'other anti-malware software' started by chris2busy, Jan 31, 2008.

Thread Status:
Not open for further replies.
  1. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    ok..when u see this u'd be like..WHAT? but that was my reaction too..and i just found out by searching a weird option of my processor configuration on my BIOS..."execute disable bit" and had option to turn on-off..i found an article here but had no time to go through it as i am time short..so by that i mean i am not sure what it is-how it works but a cpu-like anti-executable should be DAMN NICE..if anyone has heard of it before and could shed some light over here it'd be great!
     
  2. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
  3. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    Basically all modern processors support these technologies. When it's supported, it's enabled by default in XP SP2, Server 2003 en Vista.

    This screenshot (made with Everest Ultimate) shows the abilities of a new Intel Core2 Duo T7250.
     
  4. RejZoR

    RejZoR Registered Member

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, technically you can replace this hardware tech with Comodo Memory Firewall. It does pretty much the same thing, just in software.
     
  5. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    yep..that should be about the same.altho it got me a few BSODs and found it kinda sluggish for my taste.too bad my pentium 4 laptop does not have that :/
     
  6. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    I prefer hardware protection over software protection, cause it tends to be more reliable.
     
  7. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    well never forget thats still based on software..AKA firmware.BIOS router built-in software,RAID controllers and the list goes on.but i agree that its much harder to compromise.
     
  8. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    As far as I know it,s called DEP. It,s both hradware and software. For hardware DEP, ur processor must support it. Correct me if I am wrong.
     

    Attached Files:

  9. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    avtually the software is like a OS built in driver for this hardware capability.if your hardware does not have this technology it won't work if you just enable it from your OS.
     
  10. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
  11. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    It doesn't really matter. Be default DEP is always enabled in XP SP2, Server 2003 en Vista.
    When your CPU also supports DEP, Windows will become aware of it and also enable's hardware DEP support.

    You can always manually exclude programs from DEP-protection in case of a false positive (2).

    ====
    @innerpeace: Nice tool!
     
  12. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Anyone ever had a program add itself to DEP exclusion on its own after installation? I was under the impression I would get a pop up if a program could not run with DEP enabled and give me the option to exclude it as shown in the link provided by Eagle Creek. After installing DVDFab however this is what I found (see image) and I never received any popup about DEP whatsoever. So what's up with that? o_O
     

    Attached Files:

    • DEP.jpg
      DEP.jpg
      File size:
      44.9 KB
      Views:
      445
  13. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    OK, I found that this was a feature first added in an earlier version of DVDFab:

    3.1.5.5 Beta (Aug 4, 2007)
    - New: Added DVDFab to DEP exception list on Windows XP/Vista, to avoid crash problem at startup in certain cases.

    So I guess my question now is if a program can add itself to the exclusion list with no input from me, then how is it any protection? Couldn't malware add itself also?
     
  14. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    OK, nevermind, you have to excuse my ignorance. I am not very knowledgeable about DEP but I think I understand now. The programs in the exclusion list are not protected themselves by DEP but they are still not allowed to execute code from the data areas of other programs which are under DEP protection. I hope I got that right. :doubt:
     
  15. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
  16. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
  17. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    Yes, it wil be like this. I get this popup while trying some malware/ rootkits etc!
     
  18. Firebytes

    Firebytes Registered Member

    Joined:
    May 29, 2007
    Posts:
    903
    Thanks everyone for the information. I had read through some of the links for DEP before but still didn't quite have a handle on it.

    I also didn't know before I installed DVDFab that some programs could add themselves to the exclusion list.

    I understood that XP SP2 had DEP enabled for Windows operating system only by default but mine came with DEP enabled for all programs by default. Maybe that was a Dell factory setting?

    Do most of you in the Wilders community have DEP set for all programs or do you prefer to just have it enabled for Windows OS? If you prefer to enable it for all programs which programs have you found that you need to exclude to get them to operate properly?
     
  19. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    For all! never needed exclusion.
     
  20. ahriman

    ahriman Registered Member

    Joined:
    Sep 18, 2007
    Posts:
    124
    I agree with aigle: DEP enabled for all programs, no exceptions.
     
  21. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    I never changed the setting and I also never experienced any problems with DEP.

    I agree that it's a bit strange if a program could add itself to the DEP exception list. I'm pretty sure it only can be done with Administrator-rights, but people do accidentally install malware and this would mean the installer could disable or muck up your DEP protection.

    I'm going to look into that..
     
  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I have a Dell Pentium 4 with hardware DEP. I don't know why someone here said their Pentium 4 didn't have it. Mine came with DEP as OPT IN. I changed that to DEP as OPT OUT. I don't know of anyone who has been successful at using hardware DEP with the Always On option.

    With DEP as Opt Out, I only had about three applications that had to be opted out. But when I was using KAV 2006, on an earlier Pentium 4 machine with Hardware DEP, suddenly Outlook Express opted itself out and it would not run if I opted it in again as long as KAV was running. There were threads about it in the KAV forum. I had to leave it opted out until I uninstalled Kaspersky and got another AV and then I could again opt OE in.

    Everything ran fine for months on my older Dell Pentium 4 and then on my new Pentium 4 until about two months ago. Suddenly, Windows Explorer started opting itself out! I would go in and remove it from the opt out list and then it would crash and opt itself out again. I finally had to leave it opted out and there wasn't much point in using Hardware DEP if Explorer had to be opted out so I turned off Hardware DEP.

    http://support.microsoft.com/kb/912923
     
  23. Eagle Creek

    Eagle Creek Global Moderator

    Joined:
    Jul 27, 2004
    Posts:
    734
    Location:
    The Netherlands
    The "old" generation PIV's (47:cool: doesn't have DEP. The newer PIV's (775) do. And from there, the Pentium D and every CPU that followed.
     
    Last edited: Feb 1, 2008
  24. muf

    muf Registered Member

    Joined:
    Dec 30, 2003
    Posts:
    926
    Location:
    Manchester, England
    I have DEP enabled only for essential windows programs. Always been that way since I got the pc and never had one single popup from it. Nothing excluded and it's never interfered with anything. Never succumbed to the temptation to switch to the 'all programs' option.

    muf
     
  25. chris2busy

    chris2busy Registered Member

    Joined:
    Jun 14, 2007
    Posts:
    477
    that'd be me..and i specified it was absent on my laptop..well the option for -enable/disable was not in the BIOS settings.thats all..although that'd be especially usefull feature for my laptop since i use it on airports and other public wi-fi places.
     
Loading...
Thread Status:
Not open for further replies.