DEeP Protection or a Bit of a NiX? A closer look at Microsoft’s new memory protection offerings

Charles Renert Determina

Technical stream: Thursday 6 October 2005, 14:40 - 15:20.

Microsoft’s Data Execution Protection (DEP) is a new feature embedded in Windows operating systems that allows for the enforcement of access controls on system memory. Designed as a response to the outbreaks of network worms propagating through buffer overflows, the so-called ‘NX bit’ is used to designate whether a region of memory can execute code, and is intended to block the execution of malicious code from areas commonly exploited by worm writers (such as the stack and the heap). This paper will outline how DEP works, discuss the benefits and pitfalls of the approach, and assess the feature’s security coverage with an analysis of exploitation techniques in use by today’s most recent attacks.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘As always, VB is 'the' premier malware/anti-malware/spam conference.’

Poll

Will taking client-side security 'into the cloud' provide better security for the end user?

Leave a comment
View 1 comment

Virus Bulletin

In this month's magazine:

Co-operation is the only way
XXX racted
Your filters are bypassed: Rustock.C in the kernel
Family matters
The Ottawa rules
DriveSentry Desktop 3.1/3.2 & GoAnywhere 1.0.2/2.0
The problem of backscatter – part 3

Subscribe now!

Virus Bulletin currently has 142,681 registered users.

Fighting malware and spam