As I mentioned in a previous series of posts, we recently had all the major OEMs on campus to discuss SDL and how we can work together. My big ask of the OEMs (actually, I grovelled, it was pathetic) was to enable DEP/NX in the BIOS by default on all their shipping PCs in time for Windows Vista.

The reason for this ask is pretty simple, for ASLR to be effective, DEP/NX must be enabled by default too.

Here's the good news, I found out yesterday that all the major OEMs (you know who they are!) have agreed to not disable DEP/NX in their BIOSs by default.

This is huge!

If you're an OEM reading this - THANKS!

Note, you can verify if your PC has DEP enabled by following these steps.

  1. Open the Control Panel
  2. Select System & Maintenance
  3. Click System
  4. Click Advanced system Settings
  5. Click the Advanced tab
  6. Click Performance Settings
  7. Click the Data Execution Prevention tab

You should see the dialog box below. If not, check your BIOS and make sure your CPU is capable of DEP/NX, most CPUs these days support DEP/NX.