what does DEP stand for or what is it?

Discussion in 'other anti-malware software' started by scott1256ca, Oct 19, 2009.

Thread Status:
Not open for further replies.
  1. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    Can't do 3 character searches, so my attempts to search for an explanation have not come up with anything.

    Can some explain, or point me to a post that explains?

    Thanks
     
  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,917
    Location:
    U.S.A.
  3. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    thank you
     
  4. scott1256ca

    scott1256ca Registered Member

    Joined:
    Aug 18, 2009
    Posts:
    144
    ok, from the bit of searching I have done, it appears that to use this you either set

    /noexecute=AlwaysOn or
    /noexecute=OptOut

    So, of those who use this, is there a list of legitimate software which fails to operate properly when this is used? I guess I'm looking more for
    "Not very much"
    or
    "Yes, quite a few problems"
    rather than titles. Unless there are a few VERY common titles (like firefox of something).

    Are there security issues if you use OptOut instead of AlwaysOn?

    I'd change the title of the thread if I knew how and had permission.

    Thanks some more.
     
  5. andyman35

    andyman35 Registered Member

    Joined:
    Nov 2, 2007
    Posts:
    2,336
    I use a great deal of widely different software and problems with DEP have been few and far between,pretty much the only one that comes to mind was a satellite card programmer.
     
  6. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
  7. trismegistos

    trismegistos Registered Member

    Joined:
    Jan 29, 2009
    Posts:
    365
    You are right. Hardware DEP is definitely better than Software DEP. I'm just trying to inform that Hardware DEP didn't stop most of the wmf test POC's I had tested as effective as one would have it as advertised before as a workaround. If it definitely did try to stop most of the buffer overflows, then, that be would be such a wonderful thing. An end to "most" of the malwares as you have said as somewhat the prevalence of those malwares using such exploits to those vulnerabilities. :)

    If we translate that to realworld, Hardware DEP, was only able to block only a few of them and not so much and definitely not all. But still useful, as I myself have it enabled on all of my system and it will catch a few once in a while.

    On your question, that's always a possibility. And the only people who can shed light are the experts or the POC authors themselves.

    There's a nifty little freeware called Slipfest which uses buffer overflows to test one's system defences. Unticking the option, "run on stack" will make all buffer overflows undetectable by comodo memory firewall, while all or most of the times a Classical HIPS will be able to detect the endpoint which is "the launching of the calculator". Some testings, Classical HIPS is a failure. For the simple reason, that HIPS are not designed to intercept the actual buffer overflows. While Hardware DEP didn't even give any notice or interception. Not even one and, thus, end up as a complete failure in all of the testings with Slipfest.
     
    Last edited: Oct 20, 2009
Loading...
Thread Status:
Not open for further replies.