IE8 - DEP enabled by default?

W00t!!!  So I guess this is public now: https://www.eweek.com/c/a/Security/Microsoft-Details-IE-8-Security-Default-Change/

This is huge . . . DEP is a fairly complex process on Windows today . . . far less trivial than I would like.  By default on our client operating systems your program has to somehow opt-in to DEP protection and if it doesn't - even if your CPU supports it - you don't get DEP.  IE6 and IE7 don't opt-in to DEP by default - so this means you either have to change your system-wide DEP policy to "opt-out" (not the default) or you have to manually go and figure out how to opt IE6 and IE7 into DEP.  I've covered how to do this in this blog and so has MikeHow.  It's nice to see that IE8 will opt-in by default.  That said - there are also varying degress of 'DEP'.  There's DEP and DEP (Permanent) (as labeled by Process Explorer).  I'm planning on doing an in-depth write-up in the SWI blog on DEP in the coming weeks . . . in that post I'll briefly describe all the various ways a process can end up having DEP enabled, how the bad guys can try to have the process disable DEP, and what you can do to thwart that.  It should be a good post . . . if I can get the time finish up some research.  Maybe I should stop blogging and start working on that . . . :)