topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday October 8, 2024, 9:16 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Data Execution Prevention notes  (Read 3461 times)

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Data Execution Prevention notes
« on: March 20, 2013, 10:44 AM »

Elsewhere I'd remarked that I was getting bad user experiences when DEP was kicking in. But what kept bothering me was "it didn't used to be that hard!" Turns out that some time back I installed EMET, which hooked into the DEP settings (and then greyed them out in the normal system properties area!)

So when a printer driver suite bounced today, I went over to EMET and turned DEP off. It's rarely/never caught any malware -the only programs that bounce are mostly legit, if maybe sloppily written.

So it is a total case of what was supposed to be security was making me miserable.  :(

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Data Execution Prevention notes
« Reply #1 on: March 20, 2013, 02:44 PM »
Hm, with EMET 3.0 you should be able to set your system DEP to "Always On", but configure individual apps to not have it - not sure if that'd work for a printer driver (would most likely be a DLL loaded into the printing process' address space?) - but should work for other stuff.

Don't think I've ever run into crashing apps because of EMET - I've got DEP always-on, SEHOP app opt-out and ASLR app opt-in. Haven't seen it protect me from malware either, but in case anything should ever slip by my panzered firefox, at least it's an extra layer of mitigation :)
- carpe noctem

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: Data Execution Prevention notes
« Reply #2 on: March 20, 2013, 03:06 PM »

Well, I have the "Tech preview of version 3.5.0" and I saw that option, but by this point I became so frustrated overall, that I just turned it off. Re: the printer, it's not just a printer driver, but printers come bundled with various apps and I didn't feel like getting too fancy trying to dance around the recommended normal install. (It's a Brother multi-function, and the whole design has this slightly sour mood of being inelegant in both software and hardware. Just an example: Every other printer in the world has the cable outlets on the side/back. This one has the USB jack *under the scanner bed*. Really?!)  So in the multi-chained install CD it crashed the install process.

So for DEP, the casualties are:
My sound card additional-functionality app
The printer install
The help file from my note taker app
A couple of lesser things I don't recall.



f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Data Execution Prevention notes
« Reply #3 on: March 20, 2013, 05:58 PM »
I don't think I've come across (official) printer driver software in a long time that wasn't extremely tacky, garish, and completely useless. I usually try to find a way to extract just the necessary driver files, as I can't stand that "value-added" crap :). Goes for my Pixma ip2600, but at least the printer works decently, and I didn't have to work too hard to get the non-crap files (found a clean Vista driver that works on Win7, rather than the überbloated Win7 driver).

It sucks that there's so much poorly programmed software that b0rks with DEP enabled - it's due to bugs or pesky compression/protection software that's trying to be a bit too sneaky for it's own good. With such a relatively short list, I'd personally add DEP exceptions and keep EMET installed, though.
- carpe noctem