Major OEMs to enable DEP/NX in Vista PC BIOSs by default

Activewin reports that Michael Howard mentions on his blog that recently MS had all the major OEMs on campus to discuss SDL (Security Development Lifecycle). MS asked the OEMs to enable DEP/NX in the BIOS by default on all their shipping PCs in time for Windows Vista.

The reason for this ask is pretty simple, for ASLR to be effective, DEP/NX must be enabled by default too.

Michael mentions that all the major OEMs (you know who they are) have agreed to not disable DEP/NX in their BIOSs by default.

View: Full Article @ Michael Howards Web Log

Report a problem with article
Previous Story

Potential pirates, not Vista, get cracked

Next Story

Western Australian Daylight Savings Changes for Windows

17 Comments

Commenting is disabled on this article.

The programs that have problems with it are using hacks basicly to get there program to do something. We had a issue with a new canon printer and they were trying to mess with socket stack to put in there printer protocal for there print server. By no means should any program try to do stuff the wrong way. They need to learn somehow. Just like developers had to learn not to program as administrator (points at Quickbooks).

how many people that have DEP use it?

I disable it, I found it made some things buggy and I've never had a problem with anything it's supposed to cure.

It's not supposed to cure anything. It's supposed to prevent certain attacks by eliminating some attack vectors. If it made things buggy it's propably an indication that those buggy programs weren't all that well written and were doing stuff they weren't supposed to.

DEP is enabled by default since Windows XP SP2. I also enabled it for all programs and I hadn't any issues with it enabled.
There are not reasons to disable it, except for people's stupidity

i had dep enabled once couldnt get anything to install so i disbaled it again

Yeah. I understand you. It's really hard to install rootkits when this f*cking DEP is messing around...

Quote - Trix said @ #4
sorry for the noobish question.. but what the hell is it?! :blink:

http://en.wikipedia.org/wiki/ASLR

Basically, it will mean that malware, RPC attacks in particular cannot rely on certain Windows code being in the same address space.
Therefore they have something like a 99% chance to "guess" wrong and fail.

Quote - Express said @ #3.1
ASLR is not dependent on whether the CPU is 64-bit or 32-bit.
It doesn't require any specific support from the CPU

I see ^^

So on my x86 P4 with 32Bit Vista, ASLR will be enabled by default?
I don't need to change any BIOS settings etc, I have nothing apertaining to NX in the BIOS anyway.

Cheers for your reply

Quote - Schnitzel said @ #3.2

So on my x86 P4 with 32Bit Vista, ASLR will be enabled by default?
I don't need to change any BIOS settings etc.

Correct.

My toshiba laptop did not have NX flag enabled.
For the longest time I was using software DEP not realizing that my hardware supported it.