Securing Windows XP with DEP

Data Execution Prevention (DEP) is a set of hardware and software technologies designed to prevent malicious code from running in memory. The majority of malware exploits buffer overruns in Windows or other software to run malicious code in memory. DEP prevents code in protected memory spaces from running.

There are 2 types of DEP - hardware and software. Most modern CPUs (2005 and later) from AMD and Intel have hardware DEP support. Software DEP is provided by Windows XP SP2 and Windows Vista.

Hardware DEP

To determine if your CPU has hardware DEP support, download Securable from Gibson Research Corporation. Run the program, it will inspect your processor's maximum bit length supported, hardware DEP and hardware virtualization support.

You can also determine if hardware DEP is available in Windows by using the Wmic command-line tool. Type in the following command into the command-line:

1. wmic OS Get DataExecutionPrevention_Available

If the value returned is TRUE, hardware-enforced DEP is available. To determine if hardware DEP is running enter the following command:

1. wmic OS Get DataExecutionPrevention_Drivers

If the value returned is TRUE, hardware DEP is running in Windows.

Software DEP

Right-click My Computer and select Properties. Click on the Advance tab and under Performance click Settings.

In the Performance Options windows click on the tab Data Execution Prevention. Here you can turn on DEP for Windows system processes or for all processes. By default it is set to Turn On DEP for essential Windows programs and services only.

Turning on DEP for all processes is a good idea to secure your system. However, some programs will crash with DEP turned on due to insecure programming practices.

To work around this problem, install Process Explorer from Sysinternals. Run the program and select View -> Select Columns, and check DEP Status. This will display whether DEP is enabled for each running program.

Now turn on DEP for all processes. For each process that Process Explorer shows with DEP disabled copy them down. Exclude all those programs from DEP. Then slowly select one or two programs at a time to allow DEP. Test it for a few hours or days. If everything runs fine, move on to the next set of programs. If any program with DEP enabled crashes, then disable DEP for the program permanently.

The steps outlined here are for Windows XP. Windows Vista also has DEP and the steps involved are nearly identical as that shown here.

Sources: Microsoft KB 875352, Microsoft KB 912923 and Windows Secret Newsletter.

Technorati tags: windows, microsoft, xp, vista, security, dep

Novell Security Penetration

by Net Battle Bot

This is an old guide we found lying around the hard disk. It may be old (circa 2004) but many of the principles underlined in the guide remains relevant. Have fun hacking Novell but beware the wrath of the network admin!

Technorati tags: novell, hacking, security, windows

Windows Vista: Direct Download Full

Our good friends at Redmond are pleased to announce that you can download for free the full installation files for Windows Vista, hosted by Microsoft. The links to the 3 files are as below:

1. 1. boot.wim (116 MB)
2. 2. install.wim (2.24 GB)
3. 3. X13-49120.exe (73.7 MB)

Make sure all 3 files are in the same folder. Just double click the X13-49120.exe file to install Windows Vista. Of course you still need a valid product key (*cough* Paradox). The files can be used to install all versions of Windows Vista (Home Basic to Ultimate), it just changes depending on the product key.

To burn to a DVD, first double click the X13-49120.exe file. Wait for all necessary setup files to be unpacked. Download CDimage 2.52. Extract it to the same folder and type in the following commands into dos:

cdimage.exe -lVISTA_EN_DVD -m -u2 -bC:\Vista\boot\etfsboot.com C:\Vista\ C:\Vistax86.iso

Burn with any DVD burning software. Enjoy Windows Vista!

Source: here and here

Is It Genuine?

Well, is it really genuine? Couldn't it be a pirated version filled with backdoors. At first I thought so too, until you dig a little deeper. Here is what I found.

The link points to a 'msft-dnl.digitalrivercontent.net'. A whois search showed that the domain is registered under Digital River. Digital River is a content service provider that provides digital downloads for software, music and movies to large corporations. If you search their site's news archive, you can read a press release titled Digital River Provides E-Commerce Services for the 2007 Microsoft Office System and Windows Vista.

Digging even deeper, when you download the file it is hosted on the domain 'http://diriver-msftdnl.vo.llnwd.net'. Again, a whois on the owner of the domain shows that it is registered by Limelight Networks. It is a leading digital content delivery provider for sites such as youtube, metacafe, and microsoft among others.

In conclusion, yes this download is genuine and not a pirated version. Have fun!

Check here for references to Limelight Networks:

• TechCrunch
• Wikipedia
• Forrester Research
• Board Reader
Technorati tags: microsoft, windows, vista, download