'Re: DEP on Windows XP SP2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ms
Subject:    Re: DEP on Windows XP SP2
From:       Michael Vergoz <mv () binarysec ! com>
Date:       2005-06-08 7:28:28
Message-ID: 200506080928.28518.mv () binarysec ! com
[Download RAW message or body]

Hello,

the /gs is enabled in certain SP2 programs. The /gs compiler options allow you 
to make secure program during compilation. It protect against basic stack 
overflow. NXBit is a copy from Solar Designer, but it's implemented into the 
chipset/processor hardely. As Stackguard, PaX, the NXBit need a kernel 
upgrade. I don't really know (believe) if it's stable and you must know that 
you are not protected against high-level-overflow like the heap overflow 
exploitation by an indirect register callback. 


Le Mardi 7 Juin 2005 20:54, ray.bowler@gmail.com a écrit :
> I'm wondering if anyone has found any usefull information on XP SP2 and DEP
> (in conjunction with XD Bit/ NX Bit) ? I've been trying to track down
> anything other than the couple of Microsoft docs from their site, and
> articles written about it from a time period where the feature wasn't even
> yet supported. I've been seeing extremely inconsistant behavior from this
> feature, and little to no solid documentation about anything. I'va had Dell
> GX280's that do and dont' support this feature (Same Bios revision) , IBM
> M51's that fell into different production dates by a matter of a week that
> differ on supporting the feature or not. CA Unicenter remote control causes
> Explorer.exe to crash and pretty much brings down the GX280 when hardware
> DEP is enabled (with AlwaysOn). When The IBM M51 is set the same way
> (Without CA Unicenter) , it effectivly cripples the entire desktop (Cannot
> open IE, Windows Explorer, Control panel, etc etc etc...other 3rd part apps
> will not launch) CA Unicenter leaves the system essentially unusable as
> well (Albeit, resolved with CA RC SP1) Some of the issues are clearly
> caused by other Apps, but the lack of detail of what is happening in the OS
> makes troubleshooting difficult at best. In the case of CA, explorer.exe is
> the affected program.  In this situation, you do not add an exclusion to
> CA, but to explorer.exe, to me , having to take these measures start to
> make enabling this feature pointless anyway. Does anyone have any good/bad
> experiences with SP2 and DEP? Is there really that much of a reason to
> enable it? I'm looking at a deployment of SP2 on new DEP enabled equipment
> for a large install base that has 1500+ custom applications, all of which
> are already showing their age. The client wants this enabled because it
> "will make the machines more secure". All I envision is a major mess of
> application failures.....
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------

-- 
Michael Vergoz
BinarySEC - R&D.
http://www.binarysec.com/
mv@binarysec.com
Skype: descript


---------------------------------------------------------------------------
---------------------------------------------------------------------------


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic