SSL | Register | Login Monday, March 27, 2017
 
 Search
 Hardware DEP comparison  

As detected and published in 2005 by skape and Skywing from www.uninformed.org, hardware DEP in its default settings (NoExecute=OptIn) and in “NoExecute=OptOut”- mode too can be bypassed with minimal effort. Tutorial videos exists in the World Wide Web, showing how to re-write an existing exploit in minutes in order to successfully bypass the hardware DEP protection.

Only in conjunction with the boot.ini / BCDEdit setting "NoExecute=AlwaysOn", the hardware DEP feature can’t be bypassed by that technique. It is not possible to enable “AlwaysOn”- mode using a graphical user interface. You have to tackle with boot.ini or BCDEdit.Exe on Vista.

However, this setting isn't the default setting in Windows and enabling it would cause many desktop applications not to work.

In "NoExecute=AlwaysOn"- mode, these malfunctioning applications cannot be excluded from the hardware DEP protection and as a result of this they cannot be used anymore.

Microsoft’s fix for this problem is really simple. They recommend users to upgrade to Windows Vista®, instead of enabling users to define a protection scope even in “NoExecute=AlwaysOn”- mode.

In contrary to Microsoft’s hardware DEP in “NoExecute”- mode, BufferShield’s software and hardware enforced NX protection protects your systems without the possibility to bypass its security mechanism and additionally allows the definition of applications, that shall not be protected by it. This enables the user to still use applications, that are normally incompatible with the hardware NX protection feature, because of the mentioned circumstances.

Please download our test application DEPTest, that is capable of successfully executing code within all memory areas, even if the system is hardware DEP protected with “NoExecute=OptIn”- or “NoExecute=Optout”- mode.

     
Download version 1.02
Download version 1.02
Please feel free to use our DEPTest tool to verify your computer’s current security settings regarding the mentioned pitfalls with MS software & hardware based NX protection.

Just click on the disc icon to download the file.

Please double click on the file DEPTest.Exe and start the test to see if your NX protection is working. In case your system is configured securely and data execution prevention (DEP) covers all executables, you should see a green checkmark for each test performed.

Note: Any Windows error message shown telling you that overflow.exe has stopped working is by design and indicates that DEP has detected and stopped code execution in a data area.
  
Copyright © Sys-Manage, 1998-2017. All Rights Reserved.

Privacy Statement
Terms Of Use