main
Report a problem

Major OEMs to enable DEP/NX in Vista PC BIOSs by default

Steven Parker   on 06 December 2006 - 15:06 · 17 comments & 10611 views

Advertisement (Why?)
Activewin reports that Michael Howard mentions on his blog that recently MS had all the major OEMs on campus to discuss SDL (Security Development Lifecycle). MS asked the OEMs to enable DEP/NX in the BIOS by default on all their shipping PCs in time for Windows Vista.

The reason for this ask is pretty simple, for ASLR to be effective, DEP/NX must be enabled by default too.

Michael mentions that all the major OEMs (you know who they are) have agreed to not disable DEP/NX in their BIOSs by default.

View: Full Article @ Michael Howards Web Log

Share this Article

  • Technorati
  • Magnolia
  • Stumble upon it
  • Reddit
  • Blink List
  • Delicious
  • Slashdot
  • Furl
  • Facebook
  • Windows Live
  • Google
  • Newsvine
  • Yahoo
  • RawSugar
  • Netvouz

About the Author

Full name: Steven Parker
User name: Neobond
Contact: via forum PM
Submissions: View All
More: View Bio   New!

Related news

 

Post a comment · Send to friend Comments · There are 17 additional comments
#1 roadwarrior on 06 Dec 2006 - 15:19
Most computers that I've seen that had the capability already come with it enabled. Which OEM's were shipping it disabled?
(1 reply) #2 Express on 06 Dec 2006 - 15:49
My toshiba laptop did not have NX flag enabled.
For the longest time I was using software DEP not realizing that my hardware supported it.
#2.1 virtorio on 07 Dec 2006 - 04:17
Same with mine and all the Toshiba laptops we have here at work. The DELL laptops came with it turned on.
(3 replies) #3 Schnitzel on 06 Dec 2006 - 15:50
So ASLR will only work with 64bit CPUs?
#3.1 Express on 06 Dec 2006 - 15:52
ASLR is not dependent on whether the CPU is 64-bit or 32-bit.
It doesn't require any specific support from the CPU
#3.2 Schnitzel on 06 Dec 2006 - 15:54
Quote - Express said @ #3.1
ASLR is not dependent on whether the CPU is 64-bit or 32-bit.
It doesn't require any specific support from the CPU


I see ^^

So on my x86 P4 with 32Bit Vista, ASLR will be enabled by default?
I don't need to change any BIOS settings etc, I have nothing apertaining to NX in the BIOS anyway.

Cheers for your reply
#3.3 Express on 07 Dec 2006 - 04:49
Quote - Schnitzel said @ #3.2

So on my x86 P4 with 32Bit Vista, ASLR will be enabled by default?
I don't need to change any BIOS settings etc.


Correct.
(1 reply) #4 Trix on 06 Dec 2006 - 15:55
sorry for the noobish question.. but what the hell is it?!
#4.1 Schnitzel on 06 Dec 2006 - 15:59
Quote - Trix said @ #4
sorry for the noobish question.. but what the hell is it?!

http://en.wikipedia.org/wiki/ASLR

Basically, it will mean that malware, RPC attacks in particular cannot rely on certain Windows code being in the same address space.
Therefore they have something like a 99% chance to "guess" wrong and fail.
(4 replies) #5 shade88 on 06 Dec 2006 - 16:27
how many people that have DEP use it?

I disable it, I found it made some things buggy and I've never had a problem with anything it's supposed to cure.
#5.1 Stebet on 06 Dec 2006 - 16:49
It's not supposed to cure anything. It's supposed to prevent certain attacks by eliminating some attack vectors. If it made things buggy it's propably an indication that those buggy programs weren't all that well written and were doing stuff they weren't supposed to.
#5.2 BBinder on 06 Dec 2006 - 16:51
i had dep enabled once couldnt get anything to install so i disbaled it again
#5.3 franzon on 06 Dec 2006 - 18:08
DEP is enabled by default since Windows XP SP2. I also enabled it for all programs and I hadn't any issues with it enabled.
There are not reasons to disable it, except for people's stupidity

Last edited by franzon on 06 Dec 2006 - 18:15
#5.4 RealFduch on 06 Dec 2006 - 21:23
Quote -
i had dep enabled once couldnt get anything to install so i disbaled it again

Yeah. I understand you. It's really hard to install rootkits when this f*cking DEP is messing around...
#6 ana04 on 06 Dec 2006 - 19:40
And if some programs have problems witth it you can disable it for those..
#7 ShiZZa on 06 Dec 2006 - 20:17
The programs that have problems with it are using hacks basicly to get there program to do something. We had a issue with a new canon printer and they were trying to mess with socket stack to put in there printer protocal for there print server. By no means should any program try to do stuff the wrong way. They need to learn somehow. Just like developers had to learn not to program as administrator (points at Quickbooks).
#8 +vlsi0n on 07 Dec 2006 - 08:11
Sounds rather good, seems like a lot of people are happy about this .

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Advertisement (Why?)
News powered by Neowin Management System (Build - 5.0.1390) © 2000 - 2008 Neowin.net