FACTOID # 3: South Carolina has the highest rate of violent crimes and aggravated assaults per capita among US states.
 
 Home   Encyclopedia   Statistics   States A-Z   Flags   Maps   FAQ   About 
 
WHAT'S NEW
 

SEARCH ALL

FACTS & STATISTICS    Advanced view

Search encyclopedia, statistics and forums:

 

 

(* = Graphable)

 

 


Encyclopedia > Data Execution Prevention
DEP controls in Windows Vista
DEP controls in Windows Vista
DEP causing Windows XP to end a program
DEP causing Windows XP to end a program

Data Execution Prevention (DEP) is a security feature included in modern Microsoft Windows operating systems that is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example. DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support. Software-enforced DEP does not protect from execution of code in data pages, but instead from another type of attack (SEH overwrite). Image File history File links No higher resolution available. ... Image File history File links No higher resolution available. ... Image File history File links No higher resolution available. ... Image File history File links No higher resolution available. ... Windows redirects here. ... An operating system (OS) is the software that manages the sharing of the resources of a computer and provides programmers with an interface used to access those resources. ... Application software is a subclass of computer software that employs the capabilities of a computer directly and thoroughly to a task that the user wishes to perform. ... In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security. ... CPU redirects here. ...


DEP was introduced in Windows XP Service Pack 2 and is included in Windows XP Tablet PC Edition 2005, Windows Server 2003 Service Pack 1 and Windows Vista. Later versions of the operating systems support this feature as well. Windows XP is a line of operating systems developed by Microsoft for use on general-purpose computer systems, including home and business desktops, notebook computers, and media centers. ... Windows Server 2003 is a server operating system produced by Microsoft. ... Windows Vista is a line of graphical operating systems used on personal computers, including home and business desktops, notebook computers, Tablet PCs, and media centers. ...

Contents

Hardware protection

Hardware-enforced DEP enables the NX bit on compatible CPUs, through the automatic use of PAE kernel in 32-bit Windows and the native support on 64-bit kernels. Windows Vista DEP works by marking certain parts of memory as being intended to hold only data, which the NX or XD bit enabled processor then understands as non-executable. This helps prevent buffer overflow attacks from succeeding. The NX bit, which stands for No eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (or code) or for storage of data, a feature normally only found in Harvard architecture processors. ... In computing, Physical Address Extension (PAE) refers to a feature of x86 processors that allows for up to 64 gigabytes of physical memory to be used in 32-bit systems, given appropriate operating system support. ... A kernel connects the application software to the hardware of a computer. ... Windows Vista is a line of graphical operating systems used on personal computers, including home and business desktops, notebook computers, Tablet PCs, and media centers. ... In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security. ...


In some instances, Data Execution Prevention can have the unintended consequence of preventing legitimate software from executing. In these cases, the affected software needs to be flagged as being allowed to execute code in those parts of memory, but this itself leads to a possible attack if the application isn't rigorous in validating data that is passed into a region of memory that is marked as being executable.


If the x86 processor supports this feature in hardware, then the NX features are turned on automatically in Windows by default. If the feature is not supported by the x86 processor, then no protection is given. Outside of the x86 architecture, a version of NX also exists for Intel's IA-64 architecture that is supported by Windows. x86 or 80x86 is the generic name of a microprocessor architecture first developed and manufactured by Intel. ... x86 or 80x86 is the generic name of a microprocessor architecture first developed and manufactured by Intel. ... In computing, IA-64 (short for Intel Architecture-64) is a 64-bit processor architecture developed cooperatively by Intel Corporation and Hewlett-Packard (HP), and implemented in the Itanium and Itanium 2 processors. ...


Software protection

Software DEP, while unrelated to the NX bit, is what Microsoft calls their enforcement of "Safe Structured Exception Handling". Software DEP/SafeSEH simply checks when an exception is thrown to make sure that the exception is registered in a function table for the application, and requires the program to be built with it. However, even though it creates an impression that software DEP is related to the prevention of executing code in data pages, it is a separate form of protection.


Limitations

Unlike similar protection schemes available on other operating systems, DEP provides no address space layout randomization (ASLR, a feature now available in Windows Vista), which may allow return-to-libc attacks that could feasibly be used to disable DEP during an attack. Address space layout randomization (ASLR) is a computer security technique which involves arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, randomly in a process address space. ... There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release. ... A return-to-libc attack is a computer security attack usually starting with a buffer overflow, in which the return address on the stack is replaced by the address of another function in the program. ...


The possibility has now been demonstrated against Windows Hardware-enforced DEP by authors "skape & Skywing" in the following Uninformed article [1] which relies on a return-to-libc style attack. This technique relies on directly pointing the EIP register to the known service-pack-dependent location which applies the OptIn/OptOut mechanism. It is reliant on the boot-time option of OptOut/OptIn being available. If all pages are strictly enforced, then this attack will not succeed. The PaX documentation further elaborates on why ASLR is necessary. In computer security, PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. ...


Software conflicts

DEP is occasionally the cause of software problems, usually with older software. However, it also fixes problems with some games, like Age of Mythology.


Users have experienced problems using Tcl/Tk for Windows distribution from ActiveState when using the Expect extension to spawn Telnet sessions. DEP kills the Telnet session child process, giving an error: "child process terminated abnormally". Tcl (originally from Tool Command Language, but nonetheless conventionally rendered as Tcl rather than TCL; and pronounced tickle) is a scripting language created by John Ousterhout. ... Expect is a Unix automation and testing tool, written by Don Libes, for interactive applications such as telnet, ftp, passwd, fsck, rlogin, tip, ssh, and others. ... For the packet switched network, see Telenet. ...


In most cases, these problems may be solved by disabling the DEP features. DEP can be turned off on a per-application basis, or turned off entirely for all non-essential Windows programs and services. [1]


However, it is recommended that DEP *not* be disabled. Instead, the author or vendor of the offending software be contacted and asked to fix their software to not violate DEP.


The "COM surrogate has stopped working" error that is sometimes received in Windows Vista while viewing media folders can be corrected by turning off DEP for the dllhost.exe. This error surfaces in Windows Vista because many video and audio codecs are not completely compatible with the new Operating System. This problem can also generally be resolved by updating any installed codecs to their latest versions.


Software configuration

DEP configuration for the system is controlled through switches in the Boot.ini file. DEP can be configured by using the System dialog box in Control Panel.


The Boot.ini file settings are as follows: /noexecute= policy_level Note policy_level is defined as AlwaysOn, AlwaysOff, OptIn, or OptOut.


OptIn: This setting is the default configuration for Windows XP. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that "opt-in." With this option, only Windows system binaries are covered by DEP by default.


OptOut: This setting is the default configuration for Windows 2003 SP1. DEP is enabled by default for all processes. A list of specific programs that should not have DEP applied can be entered using the System dialog box in Control Panel. Network administrators can use the Application Compatibility Toolkit to "opt-out" one or more programs from DEP protection. System compatibility fixes, or shims, for DEP do take effect. Also note that Windows silently disables DEP for certain executables, such as those packaged with ASPack. [2]


AlwaysOn: This setting provides full DEP coverage for the whole system. All processes always run with DEP applied. The exceptions list to exempt specific programs from DEP protection is not available. System compatibility fixes for DEP do not take effect. Programs that have been opted-out by using the Application Compatibility Toolkit run with DEP applied.


AlwaysOff: This setting does not provide any DEP coverage for any part of the system, regardless of hardware DEP support. (except in Windows Vista Ultimate)


See also

  • NX bit
  • Executable space protection
  • Buffer overflow
  • Heap overflow
  • Stack buffer overflow
  • Stack-smashing protection

The NX bit, which stands for No eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (or code) or for storage of data, a feature normally only found in Harvard architecture processors. ... In computer security, executable space protection is the marking of memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. ... In computer security and programming, a buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security. ... A heap overflow is another type of buffer overflow that occurs in the heap data area. ... This article is about the specifics of stack-based buffer overflows. ... Stack-smashing protection refers to various techniques for detecting buffer overflows on stack-allocated variables as they occur and preventing them from becoming serious security vulnerabilities. ...

References

  1. ^ Marc Liron. Adding Software Exceptions In Data Execution Prevention (DEP). Windows XP Update. Retrieved on June 8, 2006.
  2. ^ Fabrice Roux. Hardware DEP has a backdoor. Retrieved on March 22, 2007.

is the 159th day of the year (160th in leap years) in the Gregorian calendar. ... Year 2006 (MMVI) was a common year starting on Sunday of the Gregorian calendar. ... is the 81st day of the year (82nd in leap years) in the Gregorian calendar. ... Year 2007 (MMVII) is the current year, a common year starting on Monday of the Gregorian calendar and the AD/CE era in the 21st century. ...

External links


  Results from FactBites:
 
Data Execution Prevention - Wikipedia, the free encyclopedia (885 words)
Data Execution Prevention (DEP) is a feature included in modern Microsoft Windows operating systems that is intended to prevent an application or service from executing code from a non-executable memory region.
DEP runs in two modes: hardware-enforced DEP for CPUs that can mark memory pages as nonexecutable, and software-enforced DEP with a limited prevention for CPUs that do not have hardware support.
Windows Vista DEP works by marking certain parts of memory as being intended to hold only data, which the NX or XD bit enabled processor then understands to not be executable.
Rick Selby's DEP (1282 words)
DEP enables Windows to test whether pages of memory in the exception handlers are marked to enable code execution or not.
Data Execution Prevention (DEP) is a system-level memory protection feature that is built into the Windows XP and Windows Server 2003 operating systems.
DEP is not intended to be a comprehensive defense against all exploits; it is intended to be another tool that you can use in secure your application.
  More results at FactBites »

 
 

COMMENTARY     


Share your thoughts, questions and commentary here
Your name
Your comments

Want to know more?
Search encyclopedia, statistics and forums:

 


Press Releases |  Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms, 1022, m