DEP: the Windows Security Feature has been Cracked

This week is really bad for security in particular. First we have a crack for RSA coming up, next, the Ubisoft DRM gets cracked in a day and now, DEP meets its fate.

The protection feature in windows which allowed applications to run only in their own memory space has recently been cracked. The feature known as DEP was added to the Windows OS back in XP.

DEP is explained by Wikipedia as,

Data Execution Prevention (DEP) is a security feature included in modern Microsoft Windows operating systems that is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow, for example.

Berend-Jan Wever, a Google security software engineer has recently achieved this feat through a buffer overflow attack. A malicious piece of code is executed to take control of a certain part of the memory which then acts as the bot area to run malware codes. The exact nature of the exploit has been explained by Weaver and he has also remarked that it is a matter of days before a cracker takes advantage of this, now that he has laid out the complete process to the attack.

Weaver writes,

I am releasing this because I feel it helps explain why ASLR+DEP are not a mitigation to put a lot of faith in, especially on x86 platforms. 32-bits does not provide sufficient address space to randomize memory to the point where guessing addresses becomes impractical, considering heap spraying can allow an attacker to allocate memory across a considerable chunk of the address space and in a highly predictable location.

This means all 32 bit operating systems and hardwares are insecure! I tend to use Linux more than Windows. Even while connecting to the Internet, Linux works amazingly faster than Windows. And about security, Windows is not even in the league of Linux.

Which Operating System do you use currently? How secure do you feel using it? How often do you face virus problems? Share your views with me.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.

  • Stef Coulombe

    I’ve had DEP consistently (repeatedly) shut down legitimate programs–even MS Explorer on a brand new installation!–and once I found out how to completely disable DEP (/noexecute=AlwaysOff in the boot.ini), I’ve made a habit of doing so. I’ve never regretted it. ;p
    If the dummies at MS would even give an option on that stupid DEP dialog box–perhaps *asking* if they should kill the “offending” program instead of their arrogant “we know best–we have closed your program and there’s nothing you can do about it, foolish user” attitude– then the program might actually be of some use. Oh well.
    (If I had time, I’d convert completely to Linux.)