As detected and published in 2005 by skape and Skywing from www.uninformed.org, hardware DEP in its default settings (NoExecute=OptIn) and in “NoExecute=OptOut”- mode too can be bypassed with minimal effort. Tutorial videos exists in the World Wide Web, showing how to re-write an existing exploit in minutes in order to successfully bypass the hardware DEP protection.
Only in conjunction with the boot.ini / BCDEdit setting "NoExecute=AlwaysOn", the hardware DEP feature can’t be bypassed by that technique. It is not possible to enable “AlwaysOn”- mode using a graphical user interface. You have to tackle with boot.ini or BCDEdit.Exe on Vista.
However, this setting isn't the default setting in Windows and enabling it would cause many desktop applications not to work.
In "NoExecute=AlwaysOn"- mode, these malfunctioning applications cannot be excluded from the hardware DEP protection and as a result of this they cannot be used anymore.
Microsoft’s fix for this problem is really simple. They recommend users to upgrade to Windows Vista®, instead of enabling users to define a protection scope even in “NoExecute=AlwaysOn”- mode.
In contrary to Microsoft’s hardware DEP in “NoExecute”- mode, BufferShield’s software and hardware enforced NX protection protects your systems without the possibility to bypass its security mechanism and additionally allows the definition of applications, that shall not be protected by it. This enables the user to still use applications, that are normally incompatible with the hardware NX protection feature, because of the mentioned circumstances.
Please download our test application DEPTest, that is capable of successfully executing code within all memory areas, even if the system is hardware DEP protected with “NoExecute=OptIn”- or “NoExecute=Optout”- mode.