Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>How DEP can protect your PC

Windows Secrets Newsletter • Issue 106 • 2007-05-03 • Circulation: over 400,000

Table of contents 
  • Top Story: How DEP can protect your PC
  • Known Issues: Readers contribute to the discount debate
  • Wacky Web Week: How many USB devices do you need?
  • Over the Horizon: Word 2000/XP flaw makes docs dangerous
  • Patch Watch: Fix for ‘Svchost’ is headed our way
 
Top Story

How DEP can protect your PC

Scott dunn By Scott Dunn

Newer processors, such as those from Intel and AMD, support a useful feature that Microsoft calls hardware Data Execution Prevention (DEP).

Unfortunately, it’s not enabled for all the software you may be running. Here’s how to remedy that situation.

How does Data Execution Prevention work?

Data Execution Prevention aims to protect your computer by making it harder for hackers to silently execute their programs in your PC.

As Windows runs, its Virtual Memory Manager maps addresses in RAM to locations on the hard disk (in the pagefile or swapfile). At the same time, hardware DEP inserts a special bit into the disk version of an address, marking it as non-executable.

If a hacker program attempts to write code to such a location and then execute it, a DEP-enabled processor detects the exploit and registers an error. If so, Windows can shut down the problem application or, if the hacked code is in an area used by Windows, halt a portion of the operating system itself.

Windows XP Service Pack 2 (SP2) has a software-only version of DEP, which is not as effective as the hardware version. Fortunately, Vista provides support for both software DEP and hardware DEP. In either case, you’ll want to turn on those DEP settings that you can benefit from. Vista users should read on, while XP users can skip down to the section entitled “Turning on DEP.”

Does my system support DEP?

Follow the steps below to find out if the processor in your Vista computer supports hardware DEP:

Step 1. In Vista’s Windows Explorer application, launch the System Properties dialog box by right-clicking Computer in Explorer’s folder list.

Step 2. Choose Properties, or launch the System icon in Control Panel’s System and Maintenance category.

Step 3. Click Advanced System Settings in the task bar on the left.

Step 4. Click Continue, if prompted by User Account Control.

Step 5. Under Performance, click Settings.

Step 6. In the Performance Options dialog box, click the Data Execution Prevention tab. If your processor supports this feature, a sentence to that effect appears in the lower part of the dialog box.

Here’s a fast way to get to the same dialog box using only the keyboard, with minimal mouse clicking:

Step 1. In Vista, press Win+R to open the Run dialog box.

Step 2. Type SystemPropertiesDataExecutionPrevention and press Enter.

Step 3. Click Continue, if prompted by User Account Control.

Are all of my applications using DEP?

As the Performance Options dialog box suggests, DEP is turned on by default for most Windows services and programs — but not all. Vista users can see which applications aren’t covered by taking these steps:

Step 1. Right-click an empty area of the taskbar and choose Task Manager (or press Ctrl+Shift+Esc).

Step 2. Click the Processes tab and choose View, Select Columns.

Step 3. Scroll to the bottom of the Select Process Page Columns dialog box and check Data Execution Prevention.

Step 4. Click OK.

The new column shows you which processes have DEP enabled (most of them) and which do not — notably Explorer (explorer.exe) and Internet Explorer (iexplore.exe). If you happen to have Windows Media Player (wmplayer.exe) or Outlook 2007 (outlook.exe) running, you’ll notice DEP is disabled for these applications as well. You may also see some IE plug-ins listed here, like Java (jusched.exe) or the Google toolbar (GoogleToolbarNotifier.exe).

Task manager showing dep status
Figure 1. Windows Task Manager can show you which applications are using DEP.

If DEP is so useful, why is it disabled for important applications like Outlook 2007 and IE 7? The answer is that many developers disable DEP to maintain backward compatibility with other products, such as add-ons or plug-ins. For example, although plug-ins such as Adobe’s Acrobat Reader and Flash Player now work with DEP enabled for IE, as of this writing, the Google toolbar and Sun Microsystem’s Java plug-in do not.

How to turn on DEP

Both Vista and XP let you turn on DEP globally, while allowing you to make exceptions for applications that have problems. To do that, you need to return to the Performance Options dialog:

In Vista, click Start, type SystemPropertiesDataExecutionPrevention, and press Enter. Click Continue in the User Account Control dialog box.

In XP, click Start, Run, then type sysdm.cpl and press Enter. Click the Advanced tab. In the Performance box, click Settings. Click the Data Execution Prevention tab.

In both XP and Vista, select Turn on DEP for all programs and services except those I select.

In Vista only, take time now to specify a few of the programs you saw listed in Task Manager earlier to keep DEP disabled for them. To do that, click Add and browse for the .exe file of a program you know normally does not use DEP (for example, explorer.exe, wmplayer.exe, outlook.exe). Select the filename and click Open. Click OK to acknowledge the risk of turning off DEP for that application. Repeat for each application that normally doesn’t use DEP.

The strategy here is to enable DEP for these applications one at a time over an extended period to see if they can live with this feature. Start by unchecking one of the boxes for an app you added to the exception list. Click OK (and OK again to acknowledge the restart prompt) and restart your system. If the unchecked application runs well for a few days, return to the Performance Options dialog box, and uncheck another app. Repeat until everything is running with DEP — or until you find one or more apps that need DEP disabled to run properly.

DEP on with exceptions
Figure 2. Use the Performance Options dialog to add exceptions to your DEP settings.

XP users have no way to spot applications that don’t use DEP by default, but they can start with Outlook 2007 and Windows Media Player 11. If Windows closes an application with a Data Execution Prevention error message (or any serious error on a regular basis), you can add that application to the exclusion list, as explained above. If you’re lucky, the error message will contain a Change Settings button to get you to the dialog box more quickly.

Note that the Data Execution Prevention tab of the Performance Options dialog box only lets you adjust DEP settings for 32-bit applications. If you have the 64-bit version of Vista installed (which can run both 32- and 64-bit apps), you’re covered: Windows applies DEP to all 64-bit services and programs. In fact, if you try to add a 64-bit application to the exclusion list, Vista displays an error telling you it can’t be done.

Working around the IE exception

Contrary to what you might expect, one type of program in particular ignores the settings in the Data Execution Prevention tab — namely, browsers such as Internet Explorer 7. The only way to enable DEP for IE 7 is in the Internet Options control panel in Vista. XP users apparently have no way to activate DEP for IE 7.

To get a DEP-enabled IE browser in Vista, begin by disabling most or all of your IE add-ons. From the IE command bar, choose Tools, Manage Add-ons, Enable or Disable Add-ons. In the Manage Add-ons dialog box, select a helper application in the list and click the Disable button below. Repeat for all items in the list, except those you know to be safe (such as Adobe Acrobat and Flash). Click OK.

Now let’s turn on DEP for Internet Explorer:

Step 1. Click Start, type inetcpl.cpl, and press Ctrl+Shift+Enter to open the dialog with administrative privileges. (If you don’t run this dialog as an administrator, the option in question will be greyed out.)

Step 2. Click Continue in the User Account Control prompt.

Step 3. Click the Advanced tab and scroll to the bottom of the Settings list.

Step 4. Check Enable memory protection to mitigate online attacks.

Step 5. Click OK.

Now, restart Internet Explorer (if it was running). If everything seems to go smoothly, return to the Manage Add-ons dialog box. Enable one of the plug-ins, click OK, and restart IE again.

As with the applications you specified earlier, you’ll want to use IE for a while to make sure everything works as desired. If IE won’t start or you see errors with some Web sites, you may need to disable the problem plug-in. If you can’t live without a DEP-intolerant plug-in, you may have to turn off DEP for IE altogether.

Other apps that are DEP exceptions

IE 7 is not the only program that ignores Windows global DEP settings. Even with DEP turned on globally, Task Manager shows that neither Mozilla Firefox nor Opera support DEP.

If DEP is important to your sense of Internet security, IE 7 is the only major browser that supports it — until the other applications provide support for this feature.

Managing installer and application problems

Although the DEP is supposed to display a message indicating when it has shut down an errant program, some sources claim that the messages don’t always appear, and that DEP can sometimes even prevent programs (especially installers) from launching. These sources go so far as to recommend turning off DEP entirely.

Such advice is like throwing out the proverbial baby with the bathwater. If you do have problems with applications that end abnormally or won’t run, you can always return to the Performance Options dialog to turn off DEP temporarily as a test. This can help you get your software installed, for example, if an installer won’t run.

Overall, you’re much better off making exceptions for a few problem programs (and reporting the difficulty to the manufacturer) than shutting down DEP entirely.

Finally, you should look at DEP as only one weapon in your security arsenal. DEP adds an important layer of protection, but it isn’t a reason to give up your other security tools.

Scott Dunn is associate editor of the Windows Secrets Newsletter. He is also a contributing editor of PC World Magazine, where he has written a monthly column since 1992, and co-author of 101 Windows Tips & Tricks (Peachpit) with Jesse Berst and Charles Bermant.
 
Known Issues

Readers contribute to the discount debate

By Scott Dunn

Following last week’s story on OEM software, readers raised legitimate concerns about OEM discounts and some crippled academic software.

Other readers offered even more ways and places to get software with a whopping educational discount.

OEM discounts: too good to be true?

A handful of readers expressed concern about the information in my article on OEM discounts. Windows Secrets contributing editor Susan Bradley sent her own take on this line of thought:
  • “Over the last couple of newsletters, several ways to cheaply upgrade to Vista have been discussed. However, the best and cheapest way to ‘upgrade’ or ‘buy’ Vista is still the way my sister bought her Vista operating system. She bought it preinstalled on a computer, with the proper drivers already included.

    “OEM licenses aren’t legal for the average computer user to purchase and use to install on existing computers. Most of us can’t legally buy or install this software on our computer systems because we aren’t system builders. OEM software by definition is ‘original equipment manufacturer’ software and is licensed to system builders to install and bundle on, typically, new systems.

    “You can read the EULA for the OEM software that I copied on my Web site. When you purchase OEM software, you are stating that you are a ‘system builder’ of computer devices, that is, you are a manufacturer of computer equipment. You also certify that you will provide all support for that system. And, you need to affix a Certificate of Authority to the system.

    “The bottom line is that unless your name is Michael Dell, chances are most of us aren’t system builders. Therefore, it’s not legal for us to buy OEM software and use that license to install it on our systems.”
The purpose of my story was to report on the savings advertised by a number of online retailers (including reputable dealers like Amazon.com) via OEM or System Builder software. As Susan points out, however, some retailers may be violating Microsoft’s OEM license when they fail to sell the product with a fully assembled computer system. Microsoft changed its OEM license in September 2005 to add this requirement, as described in a Microsoft blog post.

In addition, OEM versions of Microsoft software can only be sold by “authorized dealers”, found on a Microsoft list (this link requires IE), to “system builders,” who are required to register with the Microsoft Partner Program. This language leaves little room for a home user to take advantage of these discounts while still complying with the license agreement.

Let me be clear that I do not encourage anyone to break the law or behave unethically by violating software license agreements. My story reported the fact that a large number of online stores do sell OEM versions of software. These sales attract customers, some of whom may not understand the legal details or choose to ignore them.

Some academic software is different than retail

OEM discounts aren’t the only complicated subject in the software marketplace. A reader named David points out that not all academic software is created equal:
  • “Student versions of software vary widely in their restrictions. Macromedia, for example, used to limit the size of projects in Director and put a ‘bug’ [logo] on the output to indicate it was produced by a student version so it couldn’t be used for commercial projects.

    “Adobe, on the other hand, has been easier. I got my first copy of Photoshop as a ‘student OEM’ version with no handicaps and have not had any upgrade issues since. It was 25% of the cost of retail.

    “Other products may block professional output formats or limit the number of projects produced. So, do your research to see what your best value really is. Typically, upgrades are the same cost for everyone, so if offering a discounted version gets you started with them, vendors are happy to support it.”
Because Adobe acquired Macromedia in 2005, I wouldn’t expect to see these kinds of restrictions in Director anymore. But David’s point is still an excellent one: do your research on a particular discounted product before you buy it.

An educational way to get software gratis

Other readers wrote in with more ways and places to get software discounts. Karl Poehleman clues us in to another educational discount option:
  • “Your discounted software finds are all very nice, but you left out an alternative — free! As in free Microsoft software from Microsoft Academic Alliance. All one needs to do is take a computer-related class at a local community college (or other qualified educational outlet), and then voilà — free software!

    “Sure, you can buy it discounted there as well, but I picked up copies of Vista Business, XP Pro, Access 2007, Visio Pro, and more for nada, zip, zero. The software itself needs to be downloaded, or in some cases checked out for copy (so you need to have a burner, or in the case of Vista, a DVD burner). This is a great option that deserves mention.”
The program Karl identifies is formally known as the MSDN (Microsoft Developer Network) Academic Alliance. It makes software available to qualifying institutions and their faculty and students for instructional purposes or noncommercial research. The program’s EULA specifically rules out commercial use. The license has some other quirks, such as requiring that operating systems obtained under this program be installed only on computers that do not have an OS at the time of installation.

Because of the emphasis on software development, the program does not include products such as Microsoft Office, but it does include some Microsoft operating systems, as Karl mentions. Some schools may not include the software with the enrollment fee, so check with your local educational institution about policies and pricing.

Find academic discounts in Australia, too

To help academic readers in Australia, reader Sam McCleary chimes in with some sites that offer educational discounts in the land down under:
  • “After reading your article on academic pricing, I thought I’d add my two-cents worth and tell you where to get discounted educational software in Australia. SI Group sells discounted Microsoft and Adobe software to students of an accredited academic institution.”
Thanks for the tip, Sam!

 
Wacky Web Week

How many USB devices do you need?

Mouse jiggler Some days it seems like there’s an invention for everything. A case in point: The Mouse Jiggler, a USB device that keeps your pointer in motion so your screen saver never kicks in when you wander away from your computer.

The device is being marketed to computer forensics experts and IT professionals who don’t want a laptop to lock them out with a password-protected screen saver. There must be a lot of people out there who don’t know how to disable password protection on their screen savers! Maybe you need yet another USB gizmo, but wouldn’t it be a whole lot easier to just use the Display control panel? More info
 
Over the Horizon

Word 2000/XP flaw makes docs dangerous

Chris mosby By Chris Mosby

Although some missing patches are more important than others, and some have lain undiscovered for years, none of them should be ignored.

This week, flaws in MS Word and Internet Explorer could cause you trouble. Here’s how to avoid system upset.

Word flaw allows infected code execution

McAfee Avert Labs discovered in February a zero-day exploit in Microsoft Word 2000 that the company said had been used in a "very limited and targeted attack." This flaw was first believed to only cause a Denial of Service (DoS), but was later found to allow the execution of infected code as well.

Microsoft recently acknowledged this flaw in a security advisory and revealed that Word XP is also affected. The vulnerability is caused by a previously undisclosed error in the way Word parses documents. A user must open a hacked document for this flaw to be exploited, but if that occurs, infected code will be run with the same rights as the logged-on user.

What to do: Microsoft suggests that you not open or save Office files you receive from untrusted sources, or even those that that you receive unexpectedly from trusted sources. Though this is good advice to follow with any type of e-mail attachment, the vulnerability does not affect Office 2003 or Office 2007. Thus, it would make more sense to just upgrade Office to the latest version.

More information: CVE-2007-0870, US-CERT, ISS, SecurityTracker, SecurityFocus, FrSIRT, Secunia

IE ‘onunload’ flaw can trap users

A flaw in Internet Explorer (IE) 6 and 7 could allow a hacker to construct an infected Web page that would affect you. You could actually be trapped on the infected page, although it would appear that you had successfully navigated to another Web site.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Patch Watch

Fix for ‘Svchost’ is headed our way

Susan bradley By Susan Bradley

Issues with Microsoft Update have been slowing down computers for the last several months.

There are some things you can do now to help solve the problem, and a complete fix will be out soon.

‘Svchost’ repair is coming soon

For those who have been suffering from near-crippling speed issues, in which your computer comes to a near standstill when booting up or scanning for updates, help is on the way. Bobbie Harder announced the good news on the WSUS blog. An issue with the svchost.exe process, which runs Windows Update and Microsoft Update and can consume 100% of your computer’s CPU processing power, will be resolved over the next few months.

The problem affects Windows Server 2003 and Windows XP Pro (when XP is used with Office XP. To cope with the situation in the short term, first read Knowledge Base article 927891. This documents links to hotfixes for Server 2003 and XP and discusses a related problem with KB 927891.

For system admins, a new Windows Update Agent (WUA) will need to be installed on each workstation. The instructions for obtaining the new client are available on an MSDN page. I’ll be discussing this in more detail in my next column, to be published on May 10.

Thunderbird gets an update and a new look

For those of you who, like me, use Mozilla Thunderbird as an e-mail client, there’s a new version — version 2.0.

You can download the new version, which now includes support for Vista and 64-bit Windows (as per the bug fix information), from the Mozilla Web site. The biggest change is the new look, which I’m still getting used to.

Updating Apple for security issues

Apple announced on its site a bundle of updates that correct several security issues in the Macintosh platform. The worst of the issues are those in which attackers can gain access remotely, typically by using a malicious Web site to infect visiting computers.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • Beating back Duku and a plethora of other threats 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb