|
Posted by Matt Thompson on December 29, 2005, 8:52 pm
If you were Registered and logged in, you could reply and use other advanced thread options
be stopped.
Windows 2003 Server defaults for hardware or software DEP to be on for all
software, but can be changed.
Windows XP defaults to having DEP on just system services, which does not
protect against this threat.
McAfee VirusScan 8.0i and Entercept Buffer Overflow protection also stop
this threat.
> ~Robear: Are you using DEP for ALL programs?
>
> Tom
> | In fact, there are various recent posts elsewhere stating that DEP
> blocked
> | the exploit. YMMV.
> | --
> | ~PA Bear
> |
> | jacecarter@gmail.com wrote:
> | > Data Execution Prevention?
> | > What happened to DEP in XP SP2?
> | >
> | > If this is a buffer overflow exploit, why then isn't DEP in XP SP2
> | > shutting down the malicious code before it can run?
> | >
> | > I would think that an image file would be marked as "data" in memory,
> | > not as an executable image, although WMF might be different than say a
> | > jpg or bmp, does anyone know for sure?
> | >
> | > I keep my DEP setting on "Turn on DEP for all programs and services
> | > except those I select"
> | >
> | >
> http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx
> | >
> | > "Microsoft Windows XP Service Pack 2 (SP2) helps protect your computer
> | > against the insertion of malicious code into areas of computer memory
> | > reserved for non-executable code by implementing a set of hardware and
> | > software-enforced technologies called Data Execution Prevention (DEP).
> | > Hardware-enforced DEP is a feature of certain processors that prevents
> | > the execution of code in memory regions that are marked as data
> | > storage. This feature is also known as No-Execute and Execution
> | > Protection. Windows XP SP2 also includes software-enforced DEP that is
> | > designed to reduce exploits of exception handling mechanisms in
> | > Windows.
> | >
> | > Unlike an antivirus program, hardware and software-enforced DEP
> | > technologies are not designed to prevent harmful programs from being
> | > installed on your computer. Instead, they monitor your installed
> | > programs to help determine if they are using system memory safely. To
> | > monitor your programs, hardware-enforced DEP tracks memory locations
> | > declared as "non-executable". To help prevent malicious code, when
> | > memory is declared "non-executable" and a program tries to execute
> code
> | > from the memory, Windows will close that program. This occurs whether
> | > the code is malicious or not."
> |
>
>
| 
XML site map