How effectively does DEP ( Data Execution Prevention ) in windows protect us from hackers and RATS?

cyberfort

Level 2
Thread author
Verified
May 18, 2017
86
How effectively does DEP ( Data Execution Prevention ) in windows protect us from hackers and RATS ( Remote Administration Tools)

What is DEP - Data Execution Prevention (DEP) is a security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs.

How to Enable / Disable DEP - How to: Enable / Disable Data Execution Protection in Windows 10 - Appuals.com
 

XhenEd

Level 28
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Mar 1, 2014
1,708
Ok its a new thing for me
I wanted to know how effective it is?
It is effective in what it does. But it's not the panacea of preventing exploitation. In fact, it's one of the things that a skilled hacker can easily bypass. But nevertheless, in itself, it serves its purpose by preventing certain kinds of exploits. :)
 

cyberfort

Level 2
Thread author
Verified
May 18, 2017
86
It is effective in what it does. But it's not the panacea of preventing exploitation. In fact, it's one of the things that a skilled hacker can easily bypass. But nevertheless, in itself, it serves its purpose by preventing certain kinds of exploits. :)
Thanks
 
  • Like
Reactions: XhenEd

Winter Soldier

Level 25
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
Keep in mind that the purpose of any exploit is the execution of arbitrary code, then the possibilities of the attacker (or malware) to run code on the target computer getting full control. The attacker needs the space in memory where he can store and run the injected code through a zero-day vulnerability (payload); typically, this space is identified in the areas of process memory used to store data. If the attacker manages to inject the payload in this area, redirecting the program flow to this area, he will have total control.

Thanks to the DEP, the program can be compiled to be immune from these attacks so that the memory areas containing data can not be used to contain executable code; in case you want to run code in this area, you get an error and a program block.
Protecting the memory data with DEP, the attacker, even if they manage to introduce a payload, it would still not be able to run.

This technique is powerful, but it can be circumvented because the development of malware and exploits that work in the real world is in dangerous evolution.
 

Kuttz

Level 13
Verified
Top Poster
Well-known
May 9, 2015
625
DEP is a hardware feature first appeared with Athlon X64 CPUs and is supported by Windows since XP SP2 days. Whether malware developers now really bothered about this decade old security feature or not is not clear.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top