Windows DatabaseebooksStatistical Information

LWE10092 : Howto enable Data Execution Prevention (DEP) in windows SP2 or windows 2003 Server

Symptom:

You want to be more secure and want to enable Data Execution Prevention

Cause:

Data Execution Prevention is activated automatically and can cause some problems

Solution:

Data Execution Prevention is a feature in Windows XP Service Pack 2, Windows XP Tablet PC and Windows Server 2003. For more information you should search for KB875352. This feature performs additional memory checks to prevent malicious code, especially prevention the execution of code from the data segment, the stack and heap. It does this by marking all memory from a process as non-executable unless it is marked as executable. It is enforced by hardware and by software and works with intel (XD = Execute Disable Bit) and AMD (NX = no execute page protection).

The configuration is done by the boot.ini file.

The following policy levels are defined:
AlwaysOn, AlwasyOff, OptIn and OptOut.

/EXECUTE -> DEP is deaktivated for the system, can be activated for certain applications

/NOEXECUTE -> DEP is activated for the system, can be deaktivated for certain applications.

/noexecute=OptIn -> DEP looks at System files and applications from the OptIn List

/noexecute=OptOut -> DEP looks at System files but not for files in the OptOut List

/NOEXECUTE=OptIn and /NOEXECUTE=OptOut can be configured from in windows. (Properties of the computer -> System Performance -> New Tab Data Execution Prevention)

/noexecute=AlwaysOn -> DEP is activated systemwide with no execeptions

/noexecute=AlwaysOff -> DEP is deaktivated systemwide

Here is an example of a boot.ini with /NoExecute=OptIn (which is standard)

[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!
Copyright © 2004-2011 Lubby (V3.0.10 Aug 2011)
Sponsored by Keskon.
Statistical information by Google Analytics