eWeek Microsoft Watch
Advertisement
Advertisement
April 9, 2008 1:18 PM

Dapper DEP Drops In but Won't Leave



Joe Wilcox
Joe Wilcox

News Briefs. Some days I really love Twitter. My eWEEK colleague Ryan Naraine is tweeting from the RSA Conference.

Looks like Microsoft is ready to break more Web sites in the interest of making browsing safer for all. Ryan tweeted: "Microsoft is enabling DEP/NX by default for IE8 [Vista and Win2008]." (Ryan's Twitter and mine.)

From a usability perspective, I find DEP (Data Execution Prevention) to be a constant irritant. As I tweeted back to Ryan: "DEP by default oughta break a good many Web sites. I find DEP to be a constant source of IE 7 crashes."

Microsoft introduced DEP with Windows XP Service Pack 2 and Windows Server 2003. In Windows XP SP2, DEP is software enforced. The feature didn't really impact the market until the release of Windows Vista and the shipment of more computers with hardware-supported DEP. Hardware-enabled DEP seeks to block malware from running code in non-executable memory locations. Processors must support the NX (no-execute) bit for hardware-enabled DEP to work. AMD's supporting technology is NX (no-execute page-protection) and XD (Execute Disable Bit) from Intel.

NX bit support is common among modern operating systems, including Linux and Mac OS X (on Intel processors). On Windows Vista, Microsoft extended hardware-enabled DEP to Internet Explorer. In my testing, DEP-enabled IE 7 on Windows Vista leads to fairly frequent browser crashes, particularly with some plug-ins.

According to the MSDN information page on DEP:

"Some application functionality is incompatible with DEP. Applications that perform dynamic code generation (such as Just-In-Time code generation) and do not explicitly mark generated code with execute permission may have compatibility issues on computers that are using DEP. Applications written to the Active Template Library (ATL) version 7.1 and earlier can attempt to execute code on pages marked as non-executable, which triggers an NX fault and terminates the application...Most applications that perform actions incompatible with DEP must be updated to function properly."

Because of ongoing application and IE 7 crashes, I typically turn off DEP in the browser on most of my Vista PCs. I find that some OEMs ship computers with DEP enabled, while others do not. But, as Ryan indicated, Microsoft will make enabled the default for Internet Explorer 8. Presumably, there will be an off switch.

That said, disabling DEP in IE 7 can be surprisingly arduous. The simplest option—turning off the feature in the browser—isn't the best security choice. That means disabling DEP for offending programs as the best choice. I presume that most users wouldn't know what the DEP-troubled programs would be. Sometimes, IE 7's crash warnings indicate the offenders, and, of course, there is information in the system logs.

Right now, IE 8 is tracking for an early 2009 release. I've seen fewer DEP-related crashes now that there are more software that supports the security feature. But crashes are frequent enough for concern. The new browser and slowly-increasing Vista adoption are good reasons for more application developers to release DEP-supporting applications.

Create, Communicate, Collaborate with IT Professionals at Ziff Davis Enterprise IT Link.

Posted by Joe Wilcox on April 9, 2008 1:18 PM

| Comments (1) | del.icio.us | digg.com | Trackback | Post a Comment
TrackBack

TrackBack

http://www.microsoft-watch.com/cgi-bin/mte/mt-tb.cgi/13238

Comments (1)

Microsoft Bob :

I'm confused. Is this Microsoft-bashing, or isn't it?

Posted by Microsoft Bob | April 9, 2008 8:38 PM

Post a Comment

 
 


RSS Syndication
Advertisement

Advertising & Search

Business Applications

Channel

Corporate

Desktop & Mobile

Developer

Games & Consumer

Interoperability

Marketing

Messaging & Collaboration

Operating Systems

Podcasts

Security

Server

Storage

Vista

Web Services & Browser

Advertisement
Microsoft Watch     Contact Us | Advertise | Site Map
Ziff Davis Enterprise

Ziff Davis Enterprise Home | Contact Us | Advertise | Link to Us | Reprints | Magazine Subscriptions | Newsletters
RSS Feeds | White Papers | ROI Calculators | Tech Podcasts | Tech Video |

Baseline | Careers | Channel Insider | CIO Insight | DesktopLinux | DeviceForge | DevSource | eSeminars |
eWEEK | LinuxDevices | Linux Watch | Microsoft Watch | Mid-market | Networking | PDF Zone |
Publish | eWeek Security | Strategic Partner | Web Buyer's Guide | Windows for Devices

Developer Shed | Dev Shed | ASP Free | Dev Articles | Dev Hardware | SEO Chat | Tutorialized | Scripts |
Code Walkers | Web Hosters | Dev Mechanic | Dev Archives | IT Marketplace | igrep

Use of this site is governed by our Terms of Use and Privacy Policy

Copyright ©1996-2007 Ziff Davis Enterprise Inc. All Rights Reserved. Microsoft Watch is a trademark of Ziff Davis Enterprise, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
Ziff Davis Enterprise