Would there be any problems with DEP turned off?

4

I recently moved to a fresh Windows 8 x64 system and I learned that my favourite firewall (JPF - Jetico Personal Firewall) doesn't get along with Win8x64 (CRITICAL_STRUCTURE_CORRUPTION errors), but I can not do without JPF, so I kind of tried everything I could think of (test mode, debugging, various system changes), but I was still getting blue screens because of the firewall driver/software.

I know for sure that it is the firewall that is causing the problems because I get blue screens as soon as I install it and they stop when I uninstall it. I Also tested it thoroughly on virtual computers.

Anyway, I have discovered that by completely turning DEP off by using this command:

bcdedit.exe /set {current} nx AlwaysOff

the firewall would not cause blue screens anymore.

So my question is, what could go wrong with DEP completely turned off?

Note: I do not care much about hardware/windows security, I keep myself secured by using sandboxes and virtual computers (and I also have backups), so I'm not concerned with viruses and root kits or whatever people are freaking out about.

IneedHelp

Posted 2012-10-19T16:04:31.313

Reputation: 195

1Note: Sandboxes and virtual computers use DEP to help enforce their security, and disabling it can make them weaker or useless. – Darth Android – 2012-10-19T16:06:49.703

1If you don't care about hardware/windows security, why are you installing a firewall? – Darth Android – 2012-10-19T16:15:11.617

@DarthAndroid I do not see how DEP would allow threats to escape a virtual machine, and Sandboxie certainly works fine without it. When I said that I'm not interested in hardware/windows security, I meant that I do not want to use windows or hardware based provided security measures. – IneedHelp – 2012-10-19T16:31:54.307

Find a version of Personal Firewall that supports Windows 7 and Windows 8. – Ramhound – 2012-10-19T16:46:55.607

Answers

4

DEP isn't about preventing a bad program from doing something bad, it's about preventing a bad program from exploiting bugs in good programs and doing something bad. (Address-Space Layout Randomization (ASLR) falls into the same category)

It functions by allowing a program to tell the system, "Hey, you see this memory section over here? This is data, not code. This should never be executed. If you catch me trying to execute it like code, terminate me immediately." This makes it safer for trusted programs to work with untrusted data, because the memory where untrusted data is stored can be flagged, and if malicious data tricks the host program into trying to run this protected memory, the CPU can immediately raise exception to the OS and the OS can terminate the program before it can be taken over.

Disabling DEP will allow malicious code to execute buffer overflows, heap overflows, and stack smashing attacks in both the kernel and application programs.

Your programs will continue to work, but they will be vulnerable to being taken over and exploited by malicious code. It would be possible to "break out" of a sandbox, or take control of your firewall by sending it a malicious stream of packets, or for a website to take control of your webbrowser.

Sandboxes and VMs work by using a trusted program to monitor and filter untrusted code, carefully ensuring that the untrusted code doesn't do malicious things. DEP is one of several important features which prevent the untrusted code from taking control of the trusted program, and doing things while masquerading around as said trusted program.

Moreover, DEP has been around for 6-8 years, so it's not something new. I would expect most applications under active development and especially anything billed as security to have supported it long ago, and I would have serious trouble trusting anything that doesn't. There's a reason Microsoft finally switched to forcing it on by default in consumer versions of their OS, and it's already been defaulted to 'On' in the server editions for some time.


Call JPF's support and complain about their terrible, out-dated security. The Windows Firewall isn't spectacular, but hopefully it'll get the job done until they can fix their product. Either you end up with the firewall you want, working properly, or you learn that you really shouldn't trust them with anything security related.

Darth Android

Posted 2012-10-19T16:04:31.313

Reputation: 35 133

Thank you for your explanation. I did contact them and they said that they will release a new version once Windows 8 is officially released, so I can not blame them much. – IneedHelp – 2012-10-19T16:48:58.483

-1

Note: I do not care much about hardware/windows security, I keep myself secured by using sandboxes and virtual computers (and I also have backups), so I'm not concerned with viruses and root kits or whatever people are freaking out about.

In that case, nothing. Turn it off.

Xyon

Posted 2012-10-19T16:04:31.313

Reputation: 1 499

1-1 Don't reinforce ignorance. Unless we're talking about disabling DEP for a virtualized system, then VMs and Sandboxes do not make up for DEP on the host system when talking about "viruses and root kits or whatever people are freaking out about." People "freak out" for a reason. – Darth Android – 2012-10-19T16:32:42.427

+1 I think Xyon precisely answered the question that was asked. The user said he did not want the added security features given by DEP. So in that case there is no "exta" ill effect. – Ganesh R. – 2012-10-19T16:46:27.527

@GaneshR. I would say that while he did answer the question asked, and within the scope of the answer it is correct, it is not complete (it explained the immediate problems, but not the security problems). I further believed that it gave a false sense of security by implicitly validating the OP's assumption that it's OK to ignore the security benefits of DEP, or that they are meaningless. – Darth Android – 2012-10-19T17:00:38.753

@Darth Android. A fair criticism, I suppose. – Xyon – 2012-10-20T20:37:21.320