DATA EXECUTION PREVENTION (DEP)

Have you ever seen something like this before?
i have , and it totally freaked me out. I got this message when i tried to open explore after installing real player. I couldn't open explorer or my computer.
Now , what exactly is this DEP...read on to know.




Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software.The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows.

Hardware-enforced DEP
Hardware-enforced DEP marks all memory locations in a process as non-executable unless the location explicitly contains executable code. There is a class of attacks that attempt to insert and execute code from non-executable memory locations. DEP helps prevent these attacks by intercepting them and raising an exception. Hardware-enforced DEP relies on processor hardware to mark memory with an attribute that indicates that code should not be executed from that memory. DEP functions on a per-virtual-memory-page basis, usually changing a bit in the page table entry (PTE) to mark the memory page.The actual hardware implementation of DEP and marking of the virtual memory page varies by processor architecture. However, processors that support hardware-enforced DEP are capable of raising an exception when code is executed from a page marked with the appropriate attribute set. Both Advanced Micro Devices (AMD) and Intel Corporation have defined and shipped Windows-compatible architectures that are compatible with DEP. 32-bit versions of Windows Server 2003 with Service Pack 1 utilize the no-execute page-protection (NX) processor feature as defined by AMD or the Execute Disable bit (XD) feature as defined by Intel. In order to use these processor features, the processor must be running in Physical Address Extension (PAE) mode. The 64-bit versions of Windows use the NX or XD processor feature on 64-bit extensions processors and certain values of the access rights page table entry (PTE) field on IPF processors.It is hoped that all future 32-bit and 64-bit processors will provide support for hardware-enforced DEP. Microsoft continues to work with processor vendors to encourage the adoption and development of DEP technologies.

Software-enforced DEP
An additional set of DEP security checks has been added to Windows Server 2003 with Service Pack 1. These checks, known as software-enforced DEP, are designed to mitigate exploits of exception handling mechanisms in Windows. Software-enforced DEP runs on any processor that is capable of running Windows Server 2003 with Service Pack 1. By default, software-enforced DEP protects only limited system binaries, regardless of the hardware-enforced DEP capabilities of the processor.The majority of applications will not encounter a problem with DEP. However, when an application does encounter a problem with DEP, a Data Execution Prevention message is presented to the user, alerting them to the problem. The Data Execution Prevention message indicates that a DEP problem occurred with the application and provides the ability for the user to learn more about DEP and optionally disable DEP for the application that was closed. The Data Execution Prevention message is presented immediately before a Windows Error Reporting window, which provides the opportunity to submit a report about the DEP problem to Microsoft. On Windows Server 2003 with Service Pack 1, the Data Execution Prevention message will be presented the next time an Administrator logs onto the system interactively. The behavior is changed on Windows Server 2003 with Service Pack 1 from Windows XP with Service Pack 2 because Windows Error Reporting is configured in queued mode by default. Queued mode causes error reporting messages to be queued until the next time an administrator interactively logs onto the system.

For further and in-depth analysis of what DEP is all about, do check out the following links: http://support.microsoft.com/kb/875352 http://www.tech-recipes.com/windows_tips566.html

Personal experience: I experienced this problem when i installed real player on my pc. This was on the eve of my sisters board computer practicals and i was caught cold by it. I could'nt open "my computer" or "explorer" etc etc.It totally freaked me out.So take my advice: DO NOT PANIC!!! After i read about it on the net (i was able to open firefox and use the net)...i understood what exactly this thing is and honestly was quite relieved that such a thing exists and keeps my pc safe.After that all i did was uninstalled real player completely (with all its additional features) and my pc was back to normal... Hoping you never encounter this problem, and even if you do well you wont be caught cold like i was... cheers!!!