What is Data Execution Prevention (DEP)?

A Windows operating system requires a variety of services to hold everything together. These services work in coordination with one another so that we can know how to transfer files from PC to PC, or do pretty much everything else we are able to with a computer. One such service is Data Execution Prevention. It’s been around for a few years, but not many people know what it is. So, what exactly is it? And how does it work?

What is Data Execution Prevention (DEP)?

Data Execution Prevention (DEP) is a Microsoft security technology (for Windows operating systems) that prevents malicious code from being executed from system memory locations. By using a set of hardware and software technologies DEP is performing additional checks in memory to help protect against exploits.

Malware may be executing malicious code from memory locations that ought to only be utilized by Windows or other accepted programs. If DEP detects an application on your computer that is improperly utilizing memory, it will terminate the program and notify you.

How does DEP work?

Unlike a firewall or an antivirus suite, Data Execution Prevention can’t prevent malware from being installed on your computer. It’s only a security tool that monitors programs on the computer and ensures that they utilize the system memory safely. DEP achieves this by marking one or more memory locations as non-executable. A non-executable location means that code can’t be executed from that memory region, thus reducing the threat of malicious code exploits.

In case an application attempts to execute code from one of the protected memory regions, a memory access violation occurs, and the user is notified. If the user doesn’t handle the violation, the process is terminated. A downside of using DEP is that it may sometimes flag programs that rely on Microsoft Windows services. You’ll either have to disable DEP or create an exception for the program in your system settings to run such programs. However, this would make the program vulnerable to attacks that could then spread to other programs and files on your computer.

Types of Data Execution Prevention

DEP differs and varies according to computers. DEP is enforced by a blend of software and hardware in most consumer-level devices. However, sometimes they are enforced separately. So, the two types of DEP include:

• Hardware-Enforced Data Execution Prevention: The computer’s processor and BIOS must be DEP compatible.
• Software-Enforced Data Execution Prevention: This requires the memory protection protocol created by the Windows operating system. It’s found in all the Windows after Windows XP Service Pack 2.

These two types of DEP are the main way of implementing DEP. On top of that, it also requires a processor from Intel and AMD, which is DEP compatible. So, make sure you check whether DEP is available on your PC or not. But that shouldn’t be a problem as they have made DEP-compatible processors for many generations now.

Should you disable Data Execution Prevention?

It isn’t recommended to have DEP turned off, as this automatically monitors essential Windows programs and services.

You can increase your protection by having DEP monitor all programs, therefore you ought to keep in mind that disabling Data Execution Prevention or adding exclusions may allow malicious scripts to execute and cause severe damage to Windows which can leave your PC permanently unstable and/or unusable state.

If you switch off Data Execution Prevention for a particular program, it would become prone to attack. A successful attack could then spread to other programs on your computer, and to your contacts, and will damage your files. If you believe that a program doesn’t run correctly when DEP is turned on, check for a DEP-compatible version or update from the software publisher before you modify any Data Execution Prevention settings.

Conclusion

DEP is a default security feature enabled on the Windows operating system, and it is recommended not to play around with this feature until absolutely necessary. Its settings should only be changed when you are facing any of the errors mentioned in the above post. Data Execution Prevention (DEP) made it difficult for exploit development authors to write exploits and malware and hence is a great prevention technique to fail malware and memory-related exploits on our systems. For a successful attack, a disabled DEP is a must for any hacker, and it makes things a lot easier for exploit development.