Larry is right here. DEP is pretty much turned off by default for everything except some critical system processes. All your applications including IE have it turned off by default. You have to manually turn DEP on for all programs and then make some manual exceptions for the few applications (like Microsoft Live Meeting) that aren't compatible with DEP. Vista isn't much better with DEP settings though I've noticed they've made it much harder to make DEP exception entries because you now need to do it manually instead of being prompted to insert a quick exception on the fly.
George -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Larry Seltzer Sent: Monday, April 02, 2007 7:53 AM To: Thierry Zoller Cc: [email protected] Subject: Re: [Full-disclosure] Windows .ANI LoadAniIcon Stack Overflow >>That's where you are wrong larry, if you have an NX capable CPU ("hardware enforced") DEP is turned on by default on all and every process. Software DEP is not really DEP it's more like SafeSEH... See http://support.microsoft.com/default.aspx/kb/875352 ("A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2...") "OptIn - This setting is the default configuration. On systems with processors that can implement hardware-enforced DEP, DEP is enabled by default for limited system binaries and programs that "opt-in." With this option, only Windows system binaries are covered by DEP by default. " I'm almost positive that the limited system binaries do not include Internet Explorer. At the time they made this configuration decision too many controls were broken by turning on DEP by default. And the policy is the same in Vista. For now. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blog.eweek.com/blogs/larry%5Fseltzer/ Contributing Editor, PC Magazine [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
