How effectively does DEP ( Data Execution Prevention ) in windows protect us from hackers and RATS?

cyberfort

Level 2
May 18, 2017
86
How effectively does DEP ( Data Execution Prevention ) in windows protect us from hackers and RATS ( Remote Administration Tools)

What is DEP - Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs.

How to Enable / Disable DEP - How to: Enable / Disable Data Execution Protection in Windows 10 - Appuals.com
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Mar 1, 2014
1,709
Ok its a new thing for me
I wanted to know how effective it is?
It is effective in what it does. But it's not the panacea of preventing exploitation. In fact, it's one of the things that a skilled hacker can easily bypass. But nevertheless, in itself, it serves its purpose by preventing certain kinds of exploits. :)
 

cyberfort

Level 2
May 18, 2017
86
It is effective in what it does. But it's not the panacea of preventing exploitation. In fact, it's one of the things that a skilled hacker can easily bypass. But nevertheless, in itself, it serves its purpose by preventing certain kinds of exploits. :)
Thanks
 
  • Like
Reactions: XhenEd

Winter Soldier

Level 25
Feb 13, 2017
1,490
Keep in mind that the purpose of any exploit is the execution of arbitrary code, then the possibilities of the attacker (or malware) to run code on the target computer getting full control. The attacker needs the space in memory where he can store and run the injected code through a zero-day vulnerability (payload); typically, this space is identified in the areas of process memory used to store data. If the attacker manages to inject the payload in this area, redirecting the program flow to this area, he will have total control.

Thanks to the DEP, the program can be compiled to be immune from these attacks so that the memory areas containing data can not be used to contain executable code; in case you want to run code in this area, you get an error and a program block.
Protecting the memory data with DEP, the attacker, even if they manage to introduce a payload, it would still not be able to run.

This technique is powerful, but it can be circumvented because the development of malware and exploits that work in the real world is in dangerous evolution.
 
Top