Data Execution Prevention with Windows Vista

So it appears that many of us are having issues with the Data Execution
Prevention (DEP) feature with Windows Vista. I have found that programs that
were closed due to the feature still closed even when I turned the feature
off through the run command. Does anyone have any updates regarding this
problem which will work for all or even most programs? It is very time
consuming to deal with this issue on a program by program basis as Microsoft
has suggested...especially when all my programs are Vista compatible and even
Internet Explorer sometimes closes due to the feature. Any information other
than turning the feature off, adding it to the dep-exception file, and
physical violence against my pc would be greatly appreciated.
www.mikeyllo.com

Hi Mickey,

I haven't heard of DEP causing really widespread problems, although
obviously you are seeing problems on your machine. The exact behaviour could
vary depending on whether your CPU supports hardware DEP (the NX bit) or
software DEP - which is actually a different form of operation. AMD and
Intel EM64T Processors support hardware DEP; many (most?) 32-bit Pentium IV
processors do not.

Well-behaved programs, which keep a strict separation of data and executable
code, should not be affected by DEP. Programs which are affected by DEP may
contain security vulnerabilities, because malicious code could be injected
into the data portions, and then executed.

But I'm curious when you say "programs that were closed due to the feature
still closed even when I turned the feature off through the run command". If
you have applications which are shutting down even with DEP disabled, then
DEP is probably not the culprit. How do you use the "run" command to disable
DEP? Did you do a:

"bcdedit.exe/set {current} nx AlwaysOff"

and then reboot? That would disable DEP globally, for all applications. If
your apps still close after this, the problem is not DEP. Are you still
getting the "DEP - Windows has closed this program" dialogue box?

You can verify whether Hardware DEP is actually available on your system by
running this command:

wmic OS Get DataExecutionPrevention_Available

If it returns TRUE, the CPU supports DEP. To find the current DEP policy
which is active, run the command:

wmic OS Get DataExecutionPrevention_SupportPolicy

The result will be one of:

0 AlwaysOff - DEP is not enabled for any processes
1 AlwaysOn - DEP is enabled for all processes
2 OptIn - Only Windows system components and services have DEP applied
3 OptOut - DEP is enabled for all processes. Administrators can manually
create a list of specific applications which do not have DEP applied.

"2" is the normal default setting. Apps which aren't part of Windows itself,
should not be affected.

You might want to run this to test if DEP is , indeed, active on your
system.

Overall, I don't think it's a problem which can be easily solved by an
update from Microsoft - apps which execute data are a security risk and need
to be re-written, or at least recompiled with a /GS flag. But Microsoft
might add compatibility shims for certain well-known applications - these
are updated via Windows Update as they are released.

--
Andrew McLaren
amclar (at) optusnet dot com dot au

"Andrew McLaren" <> wrote in message
news:85B0C64B-54D1-4388-98B6-...
> Hi Mickey,
>
> I haven't heard of DEP causing really widespread problems, although
> obviously you are seeing problems on your machine. The exact behaviour
> could vary depending on whether your CPU supports hardware DEP (the NX
> bit) or software DEP - which is actually a different form of operation.
> AMD and Intel EM64T Processors support hardware DEP; many (most?) 32-bit
> Pentium IV processors do not.
>
> Well-behaved programs, which keep a strict separation of data and
> executable code, should not be affected by DEP. Programs which are
> affected by DEP may contain security vulnerabilities, because malicious
> code could be injected into the data portions, and then executed.
>
> But I'm curious when you say "programs that were closed due to the feature
> still closed even when I turned the feature off through the run command".
> If you have applications which are shutting down even with DEP disabled,
> then DEP is probably not the culprit. How do you use the "run" command to
> disable DEP? Did you do a:
>
> "bcdedit.exe/set {current} nx AlwaysOff"
>
> and then reboot? That would disable DEP globally, for all applications. If
> your apps still close after this, the problem is not DEP. Are you still
> getting the "DEP - Windows has closed this program" dialogue box?
>
> You can verify whether Hardware DEP is actually available on your system
> by running this command:
>
> wmic OS Get DataExecutionPrevention_Available
>
> If it returns TRUE, the CPU supports DEP. To find the current DEP policy
> which is active, run the command:
>
> wmic OS Get DataExecutionPrevention_SupportPolicy
>
> The result will be one of:
>
> 0 AlwaysOff - DEP is not enabled for any processes
> 1 AlwaysOn - DEP is enabled for all processes
> 2 OptIn - Only Windows system components and services have DEP applied
> 3 OptOut - DEP is enabled for all processes. Administrators can manually
> create a list of specific applications which do not have DEP applied.
>
> "2" is the normal default setting. Apps which aren't part of Windows
> itself, should not be affected.
>
> You might want to run this to test if DEP is , indeed, active on your
> system.
>
> Overall, I don't think it's a problem which can be easily solved by an
> update from Microsoft - apps which execute data are a security risk and
> need to be re-written, or at least recompiled with a /GS flag. But
> Microsoft might add compatibility shims for certain well-known
> applications - these are updated via Windows Update as they are released.
>
> --
> Andrew McLaren
> amclar (at) optusnet dot com dot au
>
>
I am always surprised when people use the command line to change settings,
when Vista has an easy system built in. In Advance System Settings. Here you
can turn DEP off on all programs or just those you choose to run without
protection.

I find it worth looking at only when I find a consistent problem with a
program.







--
Ian

"Ian Betts" <> wrote ...
> I am always surprised when people use the command line to change settings,
> when Vista has an easy system built in. In Advance System Settings. Here
> you can turn DEP off on all programs or just those you choose to run
> without protection.

Hi Ian,

With respect, I have to disagree with you. The Advanced Systen Settings GUI
provides 2 options:

a) Turn on DEP for essential Windows Programs and services only
or
b) Turn on DEP for all programs and services, except those I select:

In other words, this allows you to select DEP Policies 2 & 3 from the list
of 4 possible policies (0-3). If you want to turn DEP off altogether, you
*must* use the command line - there is no GUI option for that.

I was suggestiing the OP could disable DEP completely, and verify that his
applications run reliably in that environment. If they still encounter
problems then DEP is not a factor.

Regards,
--
Andrew McLaren
amclar (at) optusnet dot com dot au

"Andrew McLaren" <> wrote in message
news:5789298C-CA9C-476D-B624-...
> "Ian Betts" <> wrote ...
>> I am always surprised when people use the command line to change
>> settings, when Vista has an easy system built in. In Advance System
>> Settings. Here you can turn DEP off on all programs or just those you
>> choose to run without protection.
>
> Hi Ian,
>
> With respect, I have to disagree with you. The Advanced Systen Settings
> GUI provides 2 options:
>
> a) Turn on DEP for essential Windows Programs and services only
> or
> b) Turn on DEP for all programs and services, except those I select:
>
> In other words, this allows you to select DEP Policies 2 & 3 from the list
> of 4 possible policies (0-3). If you want to turn DEP off altogether, you
> *must* use the command line - there is no GUI option for that.
>
> I was suggestiing the OP could disable DEP completely, and verify that his
> applications run reliably in that environment. If they still encounter
> problems then DEP is not a factor.
>
> Regards,
> --
> Andrew McLaren
> amclar (at) optusnet dot com dot au
>
>
Sorry Andrew I was not disagreeing with you only suggesting a different non
CL way.
Is it not correct if I select All the programs not to be protected, I
emphasis All, does that not tell DEP not to protect anything?

--
Ian

With patience there is aways a way.

Please Reply to Newsgroup so all can read.
Requests for assistance by email can not and will be deleted.

"Ian Betts" <> wrote in message
news:CF8DB05D-EB61-4ACB-ADFD-...
>>
>>
> Sorry Andrew I was not disagreeing with you only suggesting a different
> non CL way.
> Is it not correct if I select All the programs not to be protected, I
> emphasis All, does that not tell DEP not to protect anything?
>

In Vista even more than XP, using the command prompt is the only way to do
certain things.

There are only options to protect all programs except ones specified, or
just essential Windows programs and services only, in the GUI interface you
describe.

AM was talking about turning it off completely, which is the only way to run
certain programs with this problem.

I have found that Get Right crashed on Vista because of DEP, but they most
probably have sorted this problem out by now. I think it is best to just
wait for program updates, as any program still in development will be
updated to run on Vista.

ss.

Ian and Andrew...thanks for your responses. I actually have feedback for
both of you.

Ian: Yes, the options you stated in the Advance System Settings appear to
be easier. However, I added the exe files for the two programs and still had
the same problems. In fact, messing with those options also caused my
Internet Explorer to start closing down due to the DEP problem. So, yes, I
did try those steps prior to going straight to the command prompt.

Andrew: You are correct about the command line I used to turn DEP off
altogether. I agree with you that it would seem that turning the DEP feature
off would eleviate the problem or would mean that the closure of the program
would be unrelated...however, I don't feel that it is just irony that both
progams still close at the same exact step in the process even thought I
don't get the error stating its DEP related. And if it is a new issue or
another security feature...what is it? With DEP on, it has stated closing
the programs at start-up. With DEP off, the program closes when I open the
folder containing my video files...I don't even have the chance to select a
file or convert anything...I just simply open the folder where the files are
located. I'm at my wits end here because both programs worked fine with XP
and I don't see any derrogatory reports out there about Cucusoft or Replay
A/V. I'm not sure what to do at this point.

>> AMD and Intel EM64T Processors support hardware DEP; many (most?) 32-bit
>> Pentium IV
processors do not.


Andrew:
http://techreport.com/reviews/2005q1...0/index.x?pg=1
"Execute Disable Bit support - Like the 500J series processors, the new
Intel core [6xx series] includes support for the Execute Disable Bit, also
called the No Execute (NX) bit by AMD"

My P4 630 CPU supports DEP

"CZ" <> wrote in message
news:%...
>>> AMD and Intel EM64T Processors support hardware DEP; many (most?) 32-bit
>>> Pentium IV
> processors do not.
>
>
> Andrew:
> http://techreport.com/reviews/2005q1...0/index.x?pg=1
> "Execute Disable Bit support - Like the 500J series processors, the new
> Intel core [6xx series] includes support for the Execute Disable Bit, also
> called the No Execute (NX) bit by AMD"
>
> My P4 630 CPU supports DEP

Yes, as he said. Only the later versions of the Prescott core, which was
the last Pentium 4 core, had the NX bit.

ss.

> Andrew:
> http://techreport.com/reviews/2005q1...0/index.x?pg=1
> "Execute Disable Bit support - Like the 500J series processors, the new
> Intel core [6xx series] includes support for the Execute Disable Bit, also
> called the No Execute (NX) bit by AMD"

Yep. Like I said, "many (most?) 32-bit Pentium IV processors do not [support
the NX bit]".

I did not say "NO 32 bit Pentium IV processors" ... that would be incorrect!
:-)

As Synapse kindly pointed out, the NX bit (or technically, on Intel the XD
bit, NX is an AMD term) was introduced in the Prescott series, approx middle
of 2004. Williamette, Northwood, Gallatin, and Mobile Pentium 4s do not have
a XD/NX bit. Collectively, these pre-Prescott chips constititue the
numerical bulk of the running 32-bit Pentium IV population.
--
Andrew McLaren
amclar (at) optusnet dot com dot au