IE8 – DEP enabled by default?

W00t!!!  So I guess this is public now:

This is huge . . . DEP is a fairly complex process on Windows today . . . far less trivial than I would like.  By default on our client operating systems your program has to somehow opt-in to DEP protection and if it doesn't - even if your CPU supports it - you don't get DEP.  IE6 and IE7 don't opt-in to DEP by default - so this means you either have to change your system-wide DEP policy to "opt-out" (not the default) or you have to manually go and figure out how to opt IE6 and IE7 into DEP.  I've covered how to do this in this blog and so has MikeHow.  It's nice to see that IE8 will opt-in by default.  That said - there are also varying degress of 'DEP'.  There's DEP and DEP (Permanent) (as labeled by Process Explorer).  I'm planning on doing an in-depth write-up in the SWI blog on DEP in the coming weeks . . . in that post I'll briefly describe all the various ways a process can end up having DEP enabled, how the bad guys can try to have the process disable DEP, and what you can do to thwart that.  It should be a good post . . . if I can get the time finish up some research.  Maybe I should stop blogging and start working on that . . . 🙂

Comments (1)

  1. Anonymous says:

    You know I am all for securing windows but I just pray to the computer geek god that they do not get in my way. Vista for example I thought was a great operating system just super freaking annoying. It kept popping up asking me something stupid. I went back to XP only because I got sick and tired of being annoyed. Well that and the DRM stuff, that is also an added annoyance as a programmer this stuff has done nothing but get in my way. XP has it’s annoying features as well the dang balloon that pops up and says Hey I see you have unused Icons on your desktop. Click here to clean them up. With no way to shut this off. You have to hack the registry or use TweakUI to disable that but we as users seek that out to shut off that annoyance.

    I mean, look at IE 7 Phishing filter. It is the first thing disabled by every single person I know. I thought it was a great idea, but it was so annoying. So disabled it went. The mild little bar at the top of IE that tells you it blocked a pop up or stopped something from running is a nice features it is not obtrusive it gives you options and warnings but doesn’t get in your way the mild little bar should serve as a good example of when you need to send a message to users.

    Open, balloon pops up, hey this might be a phishing site click here to check. Go to balloon pops up. Go to any website, balloon pops up. Have they learned nothing from clippy? No I do not need help surfing the web, I just want you to protect me and not get in my way unless I am not safe.

    Vista and IE 7 security features reminded me of that nut job you see talking on his cell phone at the top of his voice to make himself sound important and like he is trying to impress everyone around him and make them think he is important when you really just wish the windbag would shut up. It was like Windows was catching a lot of flak for being insecure that the new stuff with all the pops ups was like Windows Standing up and screaming "LOOK AT ME I AM NOW SECURE" with customers screaming back yeah well shut the hell up and get out of our way.

    Security does not have to be annoying. Sorry Robert not meant to be a rant it is just that I am now very skeptical on IE 8. I really think the release of IE 8 is either going to make me love IE again or just going to make me finally give up and use firefox. I have been on the edge for a long time luckily a plugin IE7Pro has helped with me sticking with IE it finally added stuff I really wanted, Tab History, Crash Recovery, the ability to just enable and disable addons at will like Flash blocker is a great tool, it really improves surfing without all those flash adds auto form filler, a login manager and a download manager. I still can’t believe something as simple as a download manager still is not in IE, instead they are making a huge deal over the ability to watch just a small section of a web page without having to pull up the entire web page. I just do not find that useful at all. I would find a download manger more useful.

Skip to main content