What is Data Execution Prevention (DEP)
The malware attacks that exploit software vulnerabilities is the most important element of automatic updates. But Windows offers a second way of preventing such attacks. It’s called Data Execution Prevention (DEP).
Many malware attacks use a technique called buffer overflow (or buffer overrun) to sneak code (program instructions) into areas of memory that only the Windows operating system should be using. Those areas of memory have direct access to everything on your computer. So, any bad code that sneaks into that area can do great damage.
Some malware techniques rely on well-known memory locations to exploit system vulnerabilities. Windows 10 has a surprise for those programs. It doesn’t load essential programs to well-known, predictable locations. Instead, it uses Address Space Layout Randomization (ASLR) to load programs in a random location each time you start your computer. So, malware writers can’t know in advance where a particular exploit resides in memory, making it much more difficult to exploit those memory addresses.
DEP is a security antidote to such attacks. It monitors programs to make sure they use only safe and appropriate memory locations. If DEP notices a program trying to do something sneaky, it shuts down that program before it can do any harm.
By default, DEP is enabled for essential Windows programs and services only. When coupled with antivirus protection, that setting is usually adequate. You can crank it up to monitor all programs and services. But if you do, you may also have to individually choose programs that are allowed to bypass DEP. Knowing when that’s okay requires technical expertise that goes beyond the scope of this tutorial.
To get to options for DEP, follow these steps:
1. Open Control Panel --> System.
2. In the left column, click Advanced System Settings. The System Properties dialog box opens.
3. Select the Advanced tab, click the Settings button on the Performance heading, and then select the Data Execution Prevention tab.
4. By default, the option to apply DEP only to essential Windows programs and services is selected. For stronger protection, you can turn on DEP for all programs and services. If you choose that option, DEP sometimes may shut down a program to prevent it from running.
If DEP shuts down a program you need, you have two choices:
Did you find this tutorial helpful? Don’t forget to share your views with us.
Many malware attacks use a technique called buffer overflow (or buffer overrun) to sneak code (program instructions) into areas of memory that only the Windows operating system should be using. Those areas of memory have direct access to everything on your computer. So, any bad code that sneaks into that area can do great damage.
Some malware techniques rely on well-known memory locations to exploit system vulnerabilities. Windows 10 has a surprise for those programs. It doesn’t load essential programs to well-known, predictable locations. Instead, it uses Address Space Layout Randomization (ASLR) to load programs in a random location each time you start your computer. So, malware writers can’t know in advance where a particular exploit resides in memory, making it much more difficult to exploit those memory addresses.
DEP is a security antidote to such attacks. It monitors programs to make sure they use only safe and appropriate memory locations. If DEP notices a program trying to do something sneaky, it shuts down that program before it can do any harm.
By default, DEP is enabled for essential Windows programs and services only. When coupled with antivirus protection, that setting is usually adequate. You can crank it up to monitor all programs and services. But if you do, you may also have to individually choose programs that are allowed to bypass DEP. Knowing when that’s okay requires technical expertise that goes beyond the scope of this tutorial.
To get to options for DEP, follow these steps:
1. Open Control Panel --> System.
2. In the left column, click Advanced System Settings. The System Properties dialog box opens.
3. Select the Advanced tab, click the Settings button on the Performance heading, and then select the Data Execution Prevention tab.
4. By default, the option to apply DEP only to essential Windows programs and services is selected. For stronger protection, you can turn on DEP for all programs and services. If you choose that option, DEP sometimes may shut down a program to prevent it from running.
Information
Many modern processors offer NX technologies, which prevent buffer overflows at the hardware level. For processors that don’t have hardware DEP, Windows uses DEP software to achieve the same result.
If DEP shuts down a program you need, you have two choices:
- Contact the program manufacturer to find out whether a different version of the program runs under DEP.
- If you trust the program, you can add it to the list of programs that are allowed to bypass DEP. To accomplish that, click the Add button and then navigate to and double-click the executable file (typically, such a file has the extension .exe) that DEP is shutting down.
Did you find this tutorial helpful? Don’t forget to share your views with us.