Hi MasterTech,
There will be malware around that will disable DEP while attack, actually this malware has been demonstrated, and is around. Could not this mean that DEP actually comes down to DEPressive??? Read this:
http://radsoft.net/resources/rants/20051231,01.shtmlHere about the hole in DEP that Russian security found up half a year ago:
http://www.tunexp.com/news/windows-story-609.htmlLimitations
Unlike similar protection schemes available on other operating systems, DEP provides no address space layout randomization, which may allow return-to-libc attacks that could feasibly be used to disable DEP during an attack.
The possibility has now been demonstrated against Windows Hardware-enforced DEP by skape in. which relies on a return-to-libc style attack. This technique relies on directly pointing the EIP register to the known service-pack-dependant location which applies the OptIn/OptOut mechanism. It is reliant on the boottime option of OptOut/OptIn being available. If all pages are strictly enforced, then this attack will not succeed. The PaX documentation further elaborates on why ASLR is necessary. It may be possible to develop a successful attack if the address of prepared data such as corrupted images or MP3s can be known by the attacker.(is already done in QuickTime)
[source Wikipedia]
Software conflicts
DEP is occasionally the cause of software problems, usually with older software. It has exposed bugs in the Virtuozzo virtualization software that prevent certain programs from being virtualized correctly. In most cases, these problems may be solved by disabling the DEP features.
As a response to this, DEP can be turned off on a per-application basis, retaining compatibility for older programs. [source Wikipedia]
Well why use software DEP as hardware DEP is the only real solution?
polonus