Talk:Data Execution Prevention
|WikiProject Microsoft / Windows||(Rated B-class, Mid-importance)|
|WikiProject Computer Security / Computing||(Rated B-class, Mid-importance)|
- 1 Anti-DEP
- 2 Trust
- 3 No
- 4 Conflict with anti-hacking software
- 5 Badly written article
- 6 More significant issues
- 7 Reversion of edit regarding detection of hardware DEP capability
- 8 Importance for Computer security project
- 9 Why is the default OFF?
- 10 Early example? ;)
- 11 This is not a Windows article
This article seems to be somewhat anti-DEP; for example, DEP doesn't "cause software problems", it just forces a program to crash when it corrupts its memory instead of silently continuing and crashing later. The "correct" response to a DEP-related crash isn't to disable DEP, it's to fix the program. This article seems to spend more time explaining how to disable DEP globally or per-process, which is a Bad Idea. 126.96.36.199 (talk) 11:47, 15 December 2008 (UTC)
This article barely spends any time explaining how DEP can protect the system from many security problems using buffer overflow and etc. DEP is not something terrible and troublesome that this article makes it out to be. 188.8.131.52 (talk) 02:58, 22 January 2010 (UTC)
Isn't DEP just a form of Trusted Computing? --Nate3000 20:38, 18 December 2005 (UTC)
No, in TCPA the software must be digitaly signed in order to run. DEP only makes that the the data in the memory zones of the RAM can't be executed —The preceding unsigned comment was added by 184.108.40.206 (talk • contribs) .
And, very important to the end-users (consumers) of Microsoft products: Software Based DEP is a lie. It does not protect from what you described. Instead it protects from another type of attack (SEH handler overwrite) that occured only one time. We tested it, why do people still have to patch???? Here is a long list of exploits we have tested, Windows Software DEP was only one of the products tested: 
Conflict with anti-hacking software
It should be noted that DEP interferes with the operation of GameGuard, causing it to spew out some random-ish error if enabled, e.g. Invalid/Corrupted files in Rappelz and quiet exit in 2Moons. All you have to do is add the game launcher in DEP's exception list and it runs fine. This is also true for some other anti-hacking schemes. --M.A. 07:15, 23 August 2007 (UTC)
Badly written article
More significant issues
1) "If the x86 processor supports this feature in hardware, then the NX features are turned on automatically in Windows by default." That was true in a machine built in 2008 that I have seen, but in two machines built in 2005, it was not true. I don't know when the change was made to default on from default off, or if it varied by OEM, etc.
2) The "Configuration" section should make clear that it is referring only to sw DEP. Hw DEP is configured through the BIOS interface, which should be stated in the article. (Reboot, tap F2 during boot to get into Setup, scroll right to Advanced, scroll down to "Execute-bit disable capability" or something similar, if "disabled", the use +- or F7/F8 or whatever your BIOS says to use to toggle it to On, hit F10 or "save changes and exit", confirm "yes". But don't take my word for it, and I'm not responsible if you do.)
I could edit the article myself, but I'm sorry that I don't have the time to research and find the proper citations, as opposed to my own observations. Hoping that someone in the Computing project or otherwise motivated will do so, as this definitely could be an additional safety factor that could help anyone who comes to this page. Thanks. Unimaginative Username (talk) 05:23, 14 March 2009 (UTC)
Reversion of edit regarding detection of hardware DEP capability
Xpclient reverted my edit regarding a freeware tool to determine whether a given processor supports hardware DEP. :Since the OS can do that, this is an advert." I believe that the OS can show only software DEP (System Properties > Advanced > Performance > Settings > DEP). If you have a method to discover hw DEP from the OS, please advise. However, if there were such a facility, Gibson wouldn't have wasted his time writing the 23k tool in Assembler language. Since the tool is totally free (no nagware, no request for donations, no attempt to sell you anything else), it hardly seems to be an advert, and would seem to be of great interest and usefulness to readers. I think you might still be confusing hardware and software DEP detection. I would be very grateful to be proven wrong. I don't want to get in an edit war, so I'll wait a few days for a reply before attempting to re-edit. Regards, Unimaginative Username (talk) 00:00, 15 March 2009 (UTC)
- OK, I'm wrong. MS kb912923 describes two procedures for determining hardware DEP availability and status. One involves using the command line, a tool likely not familiar to non-tech users. The other is a graphic interface, a long, multiple-process query to various system components, which include many other variables to which a careless or accidental change might have serious consequences, and which might be intimidating to non-tech users. Gibson simplified this process immensely: Download, no installation required, double-click and you're done. No chance of messing up anything, either. How is this not of interest to non-techie users who don't know that the above processes exist and/or might not be comfortable with them? Contrary to popular belief among tech writers, most home users are not knowledgeable, or comfortable with, or willing to go through command-line or system-editing tools, or even understand the vocabulary.
- While there, I verified two other mistakes in the article. One is that the default setting is very limited "opt-in" protection, not the complete protection implied by the present version of the article. The other is that indeed, the manufacturer must have enabled hardware DEP capability in the BIOS, and it must either be on, or the user must activate it. Will edit the article accordingly and provide citations. In the meantime, if I agree to mention or refer to the complex procedures above for determining capability, do you still object to the mention of freeware that does this for you, quicker and safer? Regards, Unimaginative Username (talk) 03:43, 15 March 2009 (UTC)
- OK, we're done. Clarified the default status and requirements for determining support and status. "Securable" was in the external links already along with another similar tool; expanded the explanation. Hope no objection now. Thanks for the comment, Xpclient. I wish that you had given a more detailed explanation than "The OS can do that" (how?) rather than simply reverting without commenting here. Regards, Unimaginative Username (talk) 04:11, 15 March 2009 (UTC)
Importance for Computer security project
Core components or anything that fills in more specific information of certain areas (see Wikipedia:WikiProject_Computer_Security/Assessment#Importance
Why is the default OFF?
Why is the default setting for Windows 7 "Turn on DEP for essential Windows programs and services only"? Does it cause problems? Is it worthless? — Preceding unsigned comment added by 220.127.116.11 (talk) 09:05, 10 April 2012 (UTC)
- It's less compatible because programs can be designed to use memory tricks. Turning DEP on in this case would break those programs. Ham Pastrami (talk) 05:51, 18 June 2012 (UTC)
Early example? ;)
I'm not really going to add this, yet I just wonder if a source might be out there... does the scheme with the two types of punched cards, as shown in Analytical Engine, count as a type of DEP? Wnt (talk) 22:03, 14 June 2012 (UTC)
- IMO no, that example more precisely illustrates a difference in bus architecture, i.e. von Neumann architecture vs Harvard architecture. DEP essentially applies only to a von Neumann system, as data execution should be technically impossible if the instructions are physically separated. Consequently DEP isn't relevant to systems like the Analytical Engine. Ham Pastrami (talk) 05:45, 18 June 2012 (UTC)
This is not a Windows article
I disagree that this article is within the scope of the Wikiproject Microsoft.
I also assert that it should not be designated as an element in the "Microsoft Windows security technology" Category, nor the "Microsoft Windows Components" category. Data Execution Prevention is not specific to Windows or Microsoft products. Incorrectly labelling the article in this way makes it appear as advertising, and prevents a more general explanation of DEP. 18.104.22.168 (talk) 21:48, 20 December 2013 (UTC)RChase