Talk:Data Execution Prevention

This is the talk page for discussing improvements to the Data Execution Prevention redirect. This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic. New to Wikipedia? Welcome! Learn to edit; get help. Assume good faith Be polite and avoid personal attacks Be welcoming to newcomers Seek dispute resolution if needed Article policies Neutral point of view No original research Verifiability

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

This redirect does not require a rating on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computer Security: Computing This redirect is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. This redirect is supported by WikiProject Computing. Things you can help WikiProject Computer Security with: Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Microsoft This redirect is within the scope of WikiProject Microsoft, a collaborative effort to improve the coverage of articles relating to Microsoft on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. Microsoft Windows: Computing This redirect is within the scope of WikiProject Microsoft Windows, a collaborative effort to improve the coverage of Microsoft Windows on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks. This redirect is supported by WikiProject Computing.

The contents of the Data Execution Prevention page were merged into Executable space protection on March 2016. For the contribution history and old versions of the merged article please see its history.

Anti-DEP

Latest comment: 14 years ago2 comments2 people in discussion

This article seems to be somewhat anti-DEP; for example, DEP doesn't "cause software problems", it just forces a program to crash when it corrupts its memory instead of silently continuing and crashing later. The "correct" response to a DEP-related crash isn't to disable DEP, it's to fix the program. This article seems to spend more time explaining how to disable DEP globally or per-process, which is a Bad Idea. 68.83.96.160 (talk) 11:47, 15 December 2008 (UTC)Reply

This article barely spends any time explaining how DEP can protect the system from many security problems using buffer overflow and etc. DEP is not something terrible and troublesome that this article makes it out to be. 69.158.31.105 (talk) 02:58, 22 January 2010 (UTC)Reply

Trust

Latest comment: 18 years ago1 comment1 person in discussion

Isn't DEP just a form of Trusted Computing? --Nate3000 20:38, 18 December 2005 (UTC)Reply

No

No, in TCPA the software must be digitaly signed in order to run. DEP only makes that the the data in the memory zones of the RAM can't be executed —The preceding unsigned comment was added by 62.15.234.153 (talk • contribs) .

And, very important to the end-users (consumers) of Microsoft products: Software Based DEP is a lie. It does not protect from what you described. Instead it protects from another type of attack (SEH handler overwrite) that occured only one time. We tested it, why do people still have to patch???? Here is a long list of exploits we have tested, Windows Software DEP was only one of the products tested: [1]

Let's keep wikipedia honest! —The preceding unsigned comment was added by 85.180.160.218 (talk • contribs) .

Conflict with anti-hacking software

Latest comment: 16 years ago1 comment1 person in discussion

It should be noted that DEP interferes with the operation of GameGuard, causing it to spew out some random-ish error if enabled, e.g. Invalid/Corrupted files in Rappelz and quiet exit in 2Moons. All you have to do is add the game launcher in DEP's exception list and it runs fine. This is also true for some other anti-hacking schemes. --M.A. 07:15, 23 August 2007 (UTC)Reply

Badly written article

Latest comment: 16 years ago1 comment1 person in discussion

I believe this article has been badly written. I am going to fix obvious errors. 81.133.223.60 (talk) 20:35, 12 February 2008 (UTC)Reply

More significant issues

Latest comment: 15 years ago1 comment1 person in discussion

1) "If the x86 processor supports this feature in hardware, then the NX features are turned on automatically in Windows by default." That was true in a machine built in 2008 that I have seen, but in two machines built in 2005, it was not true. I don't know when the change was made to default on from default off, or if it varied by OEM, etc.

2) The "Configuration" section should make clear that it is referring only to sw DEP. Hw DEP is configured through the BIOS interface, which should be stated in the article. (Reboot, tap F2 during boot to get into Setup, scroll right to Advanced, scroll down to "Execute-bit disable capability" or something similar, if "disabled", the use +- or F7/F8 or whatever your BIOS says to use to toggle it to On, hit F10 or "save changes and exit", confirm "yes". But don't take my word for it, and I'm not responsible if you do.)

I could edit the article myself, but I'm sorry that I don't have the time to research and find the proper citations, as opposed to my own observations. Hoping that someone in the Computing project or otherwise motivated will do so, as this definitely could be an additional safety factor that could help anyone who comes to this page. Thanks. Unimaginative Username (talk) 05:23, 14 March 2009 (UTC)Reply

Reversion of edit regarding detection of hardware DEP capability

Latest comment: 15 years ago3 comments1 person in discussion

Xpclient reverted my edit regarding a freeware tool to determine whether a given processor supports hardware DEP. :Since the OS can do that, this is an advert." I believe that the OS can show only software DEP (System Properties > Advanced > Performance > Settings > DEP). If you have a method to discover hw DEP from the OS, please advise. However, if there were such a facility, Gibson wouldn't have wasted his time writing the 23k tool in Assembler language. Since the tool is totally free (no nagware, no request for donations, no attempt to sell you anything else), it hardly seems to be an advert, and would seem to be of great interest and usefulness to readers. I think you might still be confusing hardware and software DEP detection. I would be very grateful to be proven wrong. I don't want to get in an edit war, so I'll wait a few days for a reply before attempting to re-edit. Regards, Unimaginative Username (talk) 00:00, 15 March 2009 (UTC)Reply

• OK, I'm wrong. MS kb912923 describes two procedures for determining hardware DEP availability and status. One involves using the command line, a tool likely not familiar to non-tech users. The other is a graphic interface, a long, multiple-process query to various system components, which include many other variables to which a careless or accidental change might have serious consequences, and which might be intimidating to non-tech users. Gibson simplified this process immensely: Download, no installation required, double-click and you're done. No chance of messing up anything, either. How is this not of interest to non-techie users who don't know that the above processes exist and/or might not be comfortable with them? Contrary to popular belief among tech writers, most home users are not knowledgeable, or comfortable with, or willing to go through command-line or system-editing tools, or even understand the vocabulary.

• While there, I verified two other mistakes in the article. One is that the default setting is very limited "opt-in" protection, not the complete protection implied by the present version of the article. The other is that indeed, the manufacturer must have enabled hardware DEP capability in the BIOS, and it must either be on, or the user must activate it. Will edit the article accordingly and provide citations. In the meantime, if I agree to mention or refer to the complex procedures above for determining capability, do you still object to the mention of freeware that does this for you, quicker and safer? Regards, Unimaginative Username (talk) 03:43, 15 March 2009 (UTC)Reply

OK, we're done. Clarified the default status and requirements for determining support and status. "Securable" was in the external links already along with another similar tool; expanded the explanation. Hope no objection now. Thanks for the comment, Xpclient. I wish that you had given a more detailed explanation than "The OS can do that" (how?) rather than simply reverting without commenting here. Regards, Unimaginative Username (talk) 04:11, 15 March 2009 (UTC)Reply

Importance for Computer security project

Latest comment: 13 years ago1 comment1 person in discussion

Core components or anything that fills in more specific information of certain areas (see Wikipedia:WikiProject_Computer_Security/Assessment#Importance

--Pastore Italy (talk) 12:54, 20 December 2010 (UTC)Reply

Why is the default OFF?

Latest comment: 11 years ago3 comments3 people in discussion

Why is the default setting for Windows 7 "Turn on DEP for essential Windows programs and services only"? Does it cause problems? Is it worthless? — Preceding unsigned comment added by 203.206.162.148 (talk) 09:05, 10 April 2012 (UTC)Reply

It's less compatible because programs can be designed to use memory tricks. Turning DEP on in this case would break those programs. Ham Pastrami (talk) 05:51, 18 June 2012 (UTC)Reply

One of these memory tricks is just-in-time compilation used by Flash, Java, and JavaScript virtual machines. Anything using JIT needs to be made DEP-aware before it will run under DEP. This involves making calls to the memory manager to flip memory areas from writable to executable. --Damian Yerrick (talk | stalk) 17:21, 23 August 2012 (UTC)Reply

Early example? ;)

Latest comment: 11 years ago2 comments2 people in discussion

I'm not really going to add this, yet I just wonder if a source might be out there... does the scheme with the two types of punched cards, as shown in Analytical Engine, count as a type of DEP? Wnt (talk) 22:03, 14 June 2012 (UTC)Reply

IMO no, that example more precisely illustrates a difference in bus architecture, i.e. von Neumann architecture vs Harvard architecture. DEP essentially applies only to a von Neumann system, as data execution should be technically impossible if the instructions are physically separated. Consequently DEP isn't relevant to systems like the Analytical Engine. Ham Pastrami (talk) 05:45, 18 June 2012 (UTC)Reply

This is not a Windows article

Latest comment: 10 years ago1 comment1 person in discussion

I disagree that this article is within the scope of the Wikiproject Microsoft.

I also assert that it should not be designated as an element in the "Microsoft Windows security technology" Category, nor the "Microsoft Windows Components" category. Data Execution Prevention is not specific to Windows or Microsoft products. Incorrectly labelling the article in this way makes it appear as advertising, and prevents a more general explanation of DEP. 24.152.174.190 (talk) 21:48, 20 December 2013 (UTC)RChaseReply

Disambiguation with Data Encryption Peripheral

Latest comment: 8 years ago2 comments2 people in discussion

I came to this page looking for a Data Encryption Peripheral (also acronymed DEP). I think this page should add a disambiguation to Hardware security module, but I don't know how that works. --212.159.214.132 (talk) 08:02, 10 June 2015 (UTC)Reply

Why would you go to this page looking for anything other than Data Execution Prevention? You could go to DEP, which is a disambiguation page for a number of things using the initialism "DEP", and that page should perhaps have an entry saying something such as

• Data Encryption Peripheral, another term for a hardware security module

but this page doesn't need to point users to hardware security module, as somebody looking for a Data Encryption Peripheral should either have searched for "Data Encryption Peripheral" or for "DEP", and a search for "DEP" would have taken them to the DEP disambiguation page. Guy Harris (talk) 23:23, 10 June 2015 (UTC)Reply