Subscribe to "TechnoSamrat" for FREE updates on Tech News, Mobile Tips, Software Reviews & Blogging Tips
Browsing » Home » Featured, Security

Data Execution Prevention

Written By Abhinab| 25 October 2011| No Comment

Data Execution Prevention (DEP) is a security add-on included with the almost all operating system to stop malicious applications from executing code from any non-executable insecure memory portion. This helps as a sandbox without any closed environment which can help tackle buffer overflow error and any of such cross platform vulnerability.

Data Execution Prevention History

It was first launched on the open source LINUX version in the year 2000. Similarly Microsoft adopted DEP to run for the first time in the year 2004 with the Windows XP operating system SP 2. Later on Apple was also convinced with this program and bundled it up in their Mac operating systems.

Common Errors Associated with DEP

There is a huge list of bugs arising due to incompatibility or security flaw. Here we have listed only the common ones:

1. Generic host process for win32 services encountered a problem and needed to close.
2. Generic host process for win32 services data execution prevention error.
3. To help protect your computer, Windows has closed this program.
4. To help protect your computer, Data Execution Prevention has closed Internet Explorer.

DEP Mode Of Working

Hardware Enforced Data Execution Prevention

“No execute”, is the technology which sets a defined boundary wall for non-execution memory usage unit for the processors. The processor will firmly deny executing any codes from such locations during working and hence no data outside the specified allocated region gets called on. Hence it increases the security level to a higher extent. This technology is implemented by it under Hardware abstraction protection.

It is undoubtedly a very good security protocol but sometimes it terminates execution of legitimate programs as well. This situation becomes very irritating and then the protection program seems to work like a bug which wont let you work peacefully. Its most irritating feature is when it closes Windows Explorer considering it as a part of the executing code.

The situation arises whenever the software allocates execution from areas which are not permitted by the DEP principle. You might think that this is a bad idea but most developers believe that if a software is blocked by DEP there might be chances that the program may itself be vulnerable to attacks from third party codes. It is always advisable to rebuild such programs for better security provisions.

But we all know in the end of the day the normal user is not bothered about what the word “Security” stands for and the only thing that he is bothered about is “why Data Execution Prevention closes windows explorer?”. If you still want to disable DEP read below for proper procedures.

Software Enforced Data Execution Prevention

Microsoft designed a binary protocol which they code named “Safe Exception Handlers” which was initially coded in c++ but later implemented in all the development version including VB and VS. SEH acts like guard on gate before anything goes for final call. It checks every possible defined exceptions (System + Manual) related to that error and then performs the required necessary action.

This simply means that if a developer has left any logical error in the program unattained it wont let the program to continue after that error is generated. The DEP will simply terminate that instance of the program and you need to restart the program to continue working.

The worst part about SEH is that it wont let you save any work related to the program. Once it comes under DEP all the unsaved data is lost and one see the frustration on the face while being a victim to this error.

Under such cases you might consider getting rid of this program. A complete guide is provided below on how to disable data execution prevention.

Limitations with DEP

Data Execution Prevention, is not a one man army and it only handles certain types of attacks or patches some fixed type of loopholes. One cannot rely on it completely as a stand alone guardian for their system. It works better when combined with other programs as an add-on feature for protection.

DEP can be bypassed by many compilers such as JIT and Buggle. It cannot handle codes which are executed during the run-time and hence those codes bypass the enforcement level of DEP. Also if a program stores the piece of code in the areas define as secure by DEP the program can easily call objects from these areas and can easily be used to compromise the system.

Adjustability With Older Programs

It has been found that DEP creates major problems with older version of programs which still has been utilizing memory locations which has been blocked in newer versions. The program is not a security threat but it has become outdated as per the new security protocols and hence considered as a threat to the system.

Microsoft argues such cases to be individually tackled and requests its users not to turn off DEP completely. The single opt out policy lets you execute such programs by making it out of reach of the program. The corporation then asks you to contact the developer for the newer version to work effectively in the mean time.

Issues With Windows Vista

As we all know Windows Vista was particularly affected by such policies. All programs that were designed for Vista are specifically now not allowed to be executed under Windows 7 for security flaws.

Issues with Internet Explorer

When we talk about problems in Windows Architecture, Internet Explorer has been an indispensable art of the bundle. With every few years Microsoft coming up with new versions has led to many loopholes with the third party support for such programs. It has no backward compatibility and every new version is a self sustaining version after IE 7. This means multiple standalone explorers for a single OS. DEP is trying hard to adopt to this program. But there is always some problem with the older versions of Internet explorer. The only way out that we have found so far is to add it to the exception list on the program’s control panel.

Data Execution Prevention Settings for Windows

DEP is listed under Performance option tab of the windows control panel. It provides four modes of execution for feasibility.

OptIn and OptOut

These two of the functions can be regulated via the aforesaid mentioned tab. let use see what each of the two function does.

OptIn is the default status function which consider to check only the default system programs and services before executing them. This is set for windows XP, Windows Vista and Windows 7. The upcoming Windows 8 is all set to have the same default status.

Since the check is not forced for all programs if a program wishes to be checked in this protocol, it must explicitly ask for the add in check. There is an exception to the rule in the 64 bit architecture where in all the programs directly fall under default OptIn mode and are automatically protected by it, unless there is an explicit OptOut request.

OptOut is the reverse of OptIn and is the default status for Windows Sever 2003 and 2008 Architecture since the require higher level of security for protecting professional data centers. Here in you can specify a list of programs to be excluded from the list in the control panel.

There a toolkit designed specifically for Network Admins. They can run this tool and prefer to opt in multiple programs in one go by simply submitting a request to the program.

AlwaysOn and AlwaysOff

These two settings can be edited with BCDEDIT.exe file via Command line mode.

AlwaysOn, as the name suggests is meant for full protection mode. All program and services has to pass through this process before execution. Enabling this option automatically disables any program listed in the exception list or request for exclusion.

AlwaysOff, similarly as the name suggests is all hibernate mode. No programs are scanned or processed via this program anymore. Even if there is an explicit request by an application to check for it, it is turned down by the program and it gets executed without being processed by DEP anymore.

How to Disable and Enable DEP for Windows

It should be already know to you that Always Off can automatically disable all programs from being processed by this program. Still it is advisable that you don not turn it off completely. Rather than you should include or exclude program with the options mentioned above.

Turn DEP On/Off for Specific Programs

From the DEP tab in the performance tab select Turn on DEP for essential programs and service. If you want to add a new program in the check list select the second option “Turn on DEP for all programs and services except those I select” and press the Add button to add the programs you want to monitor.

Completely Turn Off DEP

In order to completely turn off DEP you need to open the bcdedit.exe file with the command prompt and then execute the following code:

bcdedit /set {current} nx AlwaysOff

Turn On DEP

It is similar to the turning off procedure. The only difference is that you need to change the alwaysoff switch to alwaysOn. The command to do so is:

bcdedit /set {current} nx AlwaysOn

Suggestion From A Part Time Coder

The basic concept is why not make a list of trusted programs rather than asking permission to execute each and individual program from every single user. An online check list will at least free users who are continuously connected to Internet from this irritating message.
My request to Microsoft is to make an XML code. This will requires less time for transaction and authentication via servers and Internet connections, which can thereby solve this problem in seconds. If you make any such program, don’t forget to mention the source of idea which led to its creation.

If you have any other issues with this program you can leave back your issues in the comment section. Suggestions are also invited if any improvement can be made in the article.



Leave your response!




*