Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Leveraging Data Execution Prevention (DEP) By Roger Halbheer, on January 15th, 2010 The recent IE attacks have show again that the current technology built in Windows Vista and Windows 7 could at least help to mitigate the attacks. One of these technologies which could be used more broadly is Data Execution Prevention (DEP). Here is how to switch DEP on (it is fairly well hidden).
- First, enable it in your BIOS. It might have different names in your system. Basically it enables the use of the NX flag in the processor. Most systems I know of today, have switched it on by default.
- Boot your OS and go to the System settings (right-click on Computer – Properties).
- On the following screen, choose System Protection
-
In the System Properties dialogue which follows, you have to select the Advanced tab and there in Performance click on Settings as shown here:
- And then choose Data Execution Prevention. The default is on Turn on DEP for essential Windows programs and services only which is good enough for most environments. I increased the security of my machine, but I have to manage it as well as I have to exclude (or de-install) applications which do not comply:
Now, this is on an OS-level for your applications in general. In IE, it is in the Internet Options:
This option is switched on by default in Internet Explorer 8 (in my case re-enforced through Group Policies and therefore gray). This might have an impact on usability as certain poorly written plug-ins will crash – something I can definitely live with. On the IE blogs, there is a post describing DEP in IE8: IE8 Security Part I: DEP/NX Memory Protection
Just use it!
Roger
Related posts:
- Vulnerability in Internet Explorer Could Allow Remote Code Execution
- Why it pays to be secure – Chapter 1 – Data Breaches
- Internet Explorer 8 Beta 2: New Features
Leave a Reply
|
|
|
[...] Update on the Internet Explorer Vulnerability Leveraging Data Execution Prevention (DEP) [...]