Data Execution Prevention (DEP) is represented by the set of hardware and software technologies that are performing additional checks towards memory to help protect against malicious code exploits.
DEP is what helps prevent damage from viruses and other security threats that may attack by executing malicious code from memory locations that ought to only be utilized by Windows or other accepted programs, meaning that damage is often caused by taking different memory locations, and so, be able to spread and harm other programs.

Types of DEP

Hardware-enforced DEP

This type of DEP marks all memory locations during a process as non-executable unless the placement explicitly contains executable code, therefore helping prevent specific attacks by intercepting them and raising an exception.
Relying on processor hardware to mark memory with an attribute that indicates that code shouldn’t be executed from that memory, it functions by changing a bit within the page table entry to create a mark on the particular memory page.
The actual hardware implementation of Data Execution Prevention and marking of the virtual memory page varies by processor architecture, but processors that support hardware-enforced DEP are capable of raising an exception when code is executed from a page marked with the suitable attribute set.

Software-enforced DEP

For this specific kind of DEP, Windows XP SP2 has added an extra set of data execution prevention security checks, also called software-enforced DEP, designed to mitigate exploits of exception handling mechanisms in Windows. Software-enforced DEP can run on any processor capable of running Windows XP SP2.

How Data Execution Prevention Works

DEP isn’t like a firewall or antivirus program and therefore doesn’t help prevent harmful programs from being installed on your computer. What Data Execution Prevention does is to carefully monitor your programs to see if they’re using the system memory safely, by marking specific memory locations as “non-executable”, and monitoring programs that are attempting to run malicious code from a protected location.

Let’s say that an application attempts to run a malicious code from a protected page. in this case, the application will receive an exception having the status code STATUS_ACCESS_VIOLATION, this can be happening because your application
DEP is configured to start at the system boot in line with the no-execute page protection policy setting within the boot configuration data and counting on the policy setting, a particular application can change the DEP setting for this process.

How can you control DEP on your computer?

If you switch off Data Execution Prevention for a particular program, it would become prone to attack. A successful attack could then spread to other programs on your computer, to your contacts, and will damage your files. If you believe that a program doesn’t run correctly when DEP is turned on, check for a DEP-compatible version or update from the software publisher before you modify any Data Execution Prevention settings.
You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.

  1. Open System Properties by clicking Start and going to Settings, then click on the control panel and double-click on System.
  2. Click the Advanced tab and click Settings.
  3. Click the Data Execution Prevention tab.
  4. In the turn-on DEP for all programs and services except those I choose list, you can turn off DEP for a program by selecting the check box next to the program name and clicking OK, or you can activate DEP for a program, by clearing the check box next to the program name, then clicking OK.

Is it dangerous to turn off DEP?

It isn’t recommended to turn off DEP, as this automatically monitors essential Windows programs and services. you can increase your protection by having DEP monitor all programs, therefore you ought to keep in mind that disabling Data Execution Prevention or adding exclusions may allow malicious scripts to execute and cause severe damage to Windows which can leave your PC permanently unstable and/or unusable state.

Wrapping It Up

Data execution prevention is one of the foremost basic protections a Windows-based system can have, and unless necessary, it must always remain active. If you’re using programs that are developed to be used on a 64-bit OS, most are created with DEP in mind and will be fine. However, if you’re required to use legacy code, you’ll need to create an exception for that specific program.
In any case, Data Execution Prevention should be treated with caution — keeping it at default unless there’s a very valid reason to alter it. While DEP is vital, it’s just one aspect of infosec for Windows 10.

Roadmapping Privilege Escalation in Windows Systems

How to Remove Malware from Your PC [Guide 2021]

Critical Vulnerabilities in Windows Leave Computers Exposed to New Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *