Data Execution Prevention

Data Execution Prevention(DEP) merupakan teknologi pada hardware atau software yang melakukan pengecekan di memory untuk mencegah kode berbahaya berjalan di sistem. DEP bermanfaat untuk mencegah malware yang mencoba mengeksekusi kode dan memanipulasi heap atau memory pool pages. Oleh karena itu banyak malware yang berusaha mendisable DEP sehingga malware tsb dapat dengan leluasa menjalankan kodenya, misalnya melakukukan rutin seperti Remote Users Execute Arbitrary Code pada Office dsb. Default-nya pada XP SP2, DEP sudah aktif. Untuk melihat konfigurasi aktif DEP di properti My Computer – Advanced – Data Execution Prevention. Bagaimana mendisable atau mengenable Data Execution Prevention? Cara mudah / non-coding yaitu dengan memanipulasi boot.ini. Pada properti My Computer – Advanced – Startup and Recovery – Settings – Edit. Berikut contoh isi boot.ini : [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=optin /fastdetect Untuk memanipulasi DEP, yang harus diubah yaitu setelah /noexecute=konfigurasi /fastdetect Daftar konfigurasi : OptIn : hanya binary Windows yang akan diimplementasikan DEP OptOut : semua binary tapi dapat dilakukan pengecualian AlwaysOn : semua binary dan dapat dilakukan pengecualian AlwaysOff : DEP dimatikan Misal ingin mematikan DEP maka ubah boot.ini menjadi : [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=”Microsoft Windows XP Professional” /noexecute=AlwaysOff /fastdetect Jika memilih OptOut, untuk melakukan pengecualian dapat dilakukan pada properti My Computer – Advanced – Data Execution Prevention, pilih opsi kedua dan tombol Add untuk program yang akan dibypass oleh DEP. Silahkan cek konfigurasi DEP pada komputer Anda karena mungkin telah dimodifikasi oleh malware. Dengan adanya DEP maka sistem akan berjalan lebih aman.

You receive a “Data Execution Prevention” error message in Windows XP Service Pack 2 or in Windows XP Tablet PC Edition 2005

View products that this article applies to.

// Article ID     :        875351

Last Review :        June 13, 2006

Revision      :        5.5

SYMPTOMS

// When you run a program in Microsoft Windows XP Service Pack 2 (SP2) or in Windows XP Tablet PC Edition 2005, you may receive an error message that is similar to the following:


Data Execution Prevention – Microsoft Windows
To help protect your computer, Windows has closed this program.
Name: program name
Publisher: program publisher

Data Execution Prevention helps protect against damage from viruses or other threats. Some programs might not run correctly when it is turned on. For an updated version of this program, contact the publisher. What else should I do?

If you click Close Message, the program quits, and Windows Error Reporting gives you the option to send an error report.

Back to the top

CAUSE

// This behavior occurs because Microsoft Windows XP SP2 uses the Data Execution Prevention (DEP) feature to help prevent damage from viruses and from other security threats.

DEP works alone or with compatible microprocessors to mark some memory locations as “non-executable.” If a program tries to run code from a protected location, DEP closes the program and notifies you, whether the code is malicious or not.

Back to the top

RESOLUTION

// To avoid this behavior, contact your program vendor to see if an update is available that enables the program to work correctly with DEP.

Back to the top

WORKAROUND

// If your computer is set to apply DEP to all programs and services, the DEP error message will have a Change Settings button. If an update to the program is not available, follow these steps to add an exception for the program from the DEP error message:

1. When you receive the error message that is mentioned in the “Symptoms” section, click Change Settings.

2. Click to select the check box next to the program, and then click Apply.

3. When you are prompted to restart your computer, click OK two times, and then restart your system.
You can also add an exception for the program by using System Properties in Control Panel. To do this, follow these steps:

1. Click Start, click Run, type sysdm.cpl, and then click OK.

2. Click the Advanced tab, click Performance, and then click Settings.

3. In Performance Options, click the Data Execution Prevention tab, and then click Add.

4. In the Open dialog box, locate and then click the program.

5. Click Open, click Apply, and then click OK. When you are prompted to restart your computer, click OK.

Back to the top

STATUS

// This behavior is by design.

Back to the top

MORE INFORMATION

// If your computer is configured to turn on DEP for essential Windows programs and services only, the Change Settings button will not be available from the DEP error message.

You can view the DEP configuration for your computer in System in Control Panel. To do this, follow these steps:

1. Click Start, click Run, type sysdm.cpl, and then click OK.

2. Click the Advanced tab, and then under Performance, click Settings.

3. In the Performance Options dialog box, click the Data Execution Prevention tab.

4. Note if Turn on DEP for essential Windows programs and services only or Turn on DEP for all programs and services except those I select: is selected.

When your computer is configured to turn on DEP for essential Windows programs and services only, you cannot add an exception for a program. This is the behavior that is by design in Windows XP SP2.

If your computer is configured to turn on DEP for essential Windows programs and services only, and the DEP error message continues to appear, a program may be installed that extends Windows functionality. This program may be installed so that it causes a DEP problem in an important Windows program or service.

If this behavior is recent and has not occurred before, you may be able to prevent the DEP error message by removing recently installed programs.

Back to the top

REFERENCES

// For additional information about the DEP feature in Windows XP Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:

875352 (http://support.microsoft.com/kb/875352/) A detailed description of the Data Execution Prevention feature in Windows XP Service Pack 2

SOURCE :

1. http://anggiawan.web.id/

2. http://www.bmg.go.id/share/Dokumen/you%20receive.doc

Explore posts in the same categories: Tips

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: