Excuse my ignorance but what is "dep"
Data Execution Prevention (known on other systems as the NX bit) is a protective measure against buffer overflows. It works by marking privileged areas in memory with the NX marker (No eXecute) which prevents these memory areas from executing code from any account that is not part of the NT_AUTHORITY family of users (and it is near impossible to log into these accounts and have them do stuff). This prevents exploits based off of buffer overflows and stack smashing since the intended code the attacker needs to execute to do whatever will never execute because the OS is instructed at the hardware level to never let it happen. Poorly coded software that isn't malicious can often trigger false positives with this scheme.
The end result is that instead of being exploited, Windows will immediately kill the offending process and notify you of the incident. Under Linux, it will most likely appear as a violation under SE Linux and the front end application for that will notify you.
[Edited by Neo7, 3/13/2012 7:26:34 AM]
Excuse my ignorance but what is "dep"
Data Execution Prevention (known on other systems as the NX bit) is a protective measure against buffer overflows. It works by marking privileged areas in memory with the NX marker (No eXecute) which prevents these memory areas from executing code from any account that is not part of the NT_AUTHORITY family of users (and it is near impossible to log into these accounts and have them do stuff). This prevents exploits based off of buffer overflows and stack smashing since the intended code the attacker needs to execute to do whatever will never execute because the OS is instructed at the hardware level to never let it happen. Poorly coded software that isn't malicious can often trigger false positives with this scheme.
The end result is that instead of being exploited, Windows will immediately kill the offending process and notify you of the incident. Under Linux, it will most likely appear as a violation under SE Linux and the front end application for that will notify you.
[Edited by Neo7, 3/13/2012 7:26:34 AM]
Thanks for the detailed explanation, that was informative. If you have a good AV program and are very careful with what you allow would you still need something like this?
Absolutely. Anti-Viruses are actually not as helpful as you think they are and most damage comes fro zero-day malware (which AVs can't do anything to counter it). An outdated AV is also useless. It is more secure to run Windows Update and keep your programs and run-times up to date. My previous Windows installation had 4 java exploits for those fake AV things attempt to break into my computer and was stopped cold by the Java runtime since it was up-to-date (it exploited older Java runtime versions by exploiting a specific method that allowed arbitrary code to be executed at the administrator level bypassing any need for user interaction). AV didn't need to jump in at all.
They still lingered on my system afterwards since when it did try to exploit the specific point, it wound up crashing since it wasn't programmed to be able to handle that scenario (and the cleanup process to hide it's track never executed). One fresh install to Windows 8 (using backups) and found that those malware were still there (although dead at that point).
[Edited by Neo7, 3/13/2012 9:00:04 AM]
Might have to check it out then, thanks. I've never had any problems but you can't be too careful these days.
DEPEE.......sounds like your computer has issues
lol na its not got issues.
Important Board Topics
Trending Topics