Comments

# Doug said on December 12, 2006 1:23 PM:

Is this DEP option available only on Vista IE7?

# Dragan Pleskonjic said on December 12, 2006 2:39 PM:

Just as info: above link to Adobe in sentence "So jump on over to the Adobe site, download the latest versions of Flash Player and Acrobat Reader, and enable DEP in IE7!" doesn't work. It points to http://blogs.msdn.com/controlpanel/blogs/www.adobe.com. It is not so important, but may confuse some people.

Another topic: couple of times I experienced problems when DEP shut down IE with message that mentions memory violation attempt. Unfortunately, I didn't take screenshot or details. Can you, please, advise on reasons for this?

# Kurbli said on December 12, 2006 2:53 PM:

Because browsers can host plug-in extensibility, security settings within the browser can make plug-ins

# An IE guy said on December 13, 2006 4:59 PM:

Have you tried it with Java? Don't think we can work around it needing to JIT on the heap.

# Rosyna said on December 15, 2006 4:38 PM:

Not sure where to post this comment, the most relevant post now has comments disabled (age).

Anywho, I was under the impression that if DLLs in Windows didn't load at the same location every time, there would be a huge speed hit when looking up symbols and such. Is this still true in vista or does vista do some kind of kinky magic twiddling to address this when ASLR is on?

# michael_HOWARD said on December 16, 2006 12:15 AM:

Doug

DEP is also available in Windows XPSP2 and Windows Server 2003 SP1.

# michael_HOWARD said on December 16, 2006 12:21 AM:

Dragan

If you get an error in IE when DEP is enabled, the best solution is to use WinDbg. The error appears to come from IE, but it's probably not, it's probably some component. Best bet is to start by disabling all the Ax controls, and then adding them in one-by-one and testing them. Or just use WinDbg! Start WinDBG, spawn a new IE, and when IE fails, type !analyze in the debugger. It should point to the component that died. Also, kb will yield a stack trace. send it to me.

# michael_HOWARD said on December 16, 2006 12:21 AM:

IE Guy

>>Have you tried it with Java

We haven't tried all JVMs. The Sun JVM does fail when DEP is enabled.

# Scott Marlowe said on December 18, 2006 10:42 AM:

I don't even see that option in IE7...

# Robert Burke's Weblog said on December 19, 2006 10:51 AM:

[Default] Spotlight on: Visual Studio Team System for Database Professionals Visual Studio 2005 Team

# michael_HOWARD said on December 19, 2006 10:55 PM:

Scott - this is an option in IE7 on Windows Vista.

# pvmurty said on December 26, 2006 11:37 AM:

Thanks

# Michael Myrt said on December 28, 2006 7:35 PM:

18 mths ago at the age 65 I retired and I decided that before I kicked the bucket or gone completely senile it was my duty to get to know that COMPUTER THING that had taking the World over the last part

of my life. I rushed to the biggest bookshop and

among the thousands of books I chose VB6.I see you

are laughing already! My excuse is I thought Basic

meant just that and Net,I wasn't thinking of using

the internet.Armed with my new computer my VB6 books and plenty determination I locked myself in my back-yard shed, away of all possible interruptions (the

wife) for a couple of weeks.When I re-emerged I had

my first program and a dreadful thought.I WAS BORN

TOO EARLY. Firstly that was the reason I was old and

secondly I would have loved to live a life with computers. My first program was a Dictionary of Bass Chords, simple but effective, one click for the Key a second for the Chord and an Image of the required

Chord appeared on the screen. With the exception of

a program for the WORLD CUP I have a Dictionary of

Keyboard Chords, of Guitar Chords (almost 2,500 guitar fingerings) and a Dictionary of Scales of 53 types of music (Mongolian, Hungarian-Gypsy and/or Persian included) in all 12 Keys each. I striked

trouble with transferring and adding sound with VB6

so I took a break from programing and I relieved my

ENTIRE LIFE through transforming it from Analog to Digital. Photos,VHS's, and a lot of music mine or

my children's were all re-mastered and put on CD's.

That out of the way I returned to my programing. Now

I knew that Internet was essential and I connected

for Assistance and/or Suport just in time to learn

that VB6 is no more and I will have to learn NET or

thereabouts.VB 2005 promised easier Transferring,

with NET 2 possibility for Sounds and what about the

ImageList!! So I rushed to my bookshop I bought two

books then two more and then two more again and although I am well informed of IntelliSense,Snippets

and Upgrade Warnings, I found it impossible to Upgrate or at least understand the connection which

most probably is something ease. Just the same if

anybody can throw me some suggestions, before I go

completely senile or kick the bucket or worst still

kick my computer screen I will most grateful.

Just the same I wish to Doug, Dragan Pleskonjic, Kurbli, Rosyna, Scott Marlowe, Robert Burke's Weblog

and Michael Howard "A HAPPY & PROSPEROUS NEW YEAR"

and a SANE ONE FOR ME.

# michael_HOWARD said on December 29, 2006 4:59 PM:

Hey Mr Myrt,

I have to admit, I am no VB6 expert - I have never used it, and I have no used VB.Net either. I tend to stick with C/C++/C# and when needed, SQL.

Your best bet is to head to msdn.microsoft.com and search for vb6 migration. I just did it and got a ton of useful resources...

# Hana said on January 22, 2007 9:32 PM:

My co-workers and I couldn't find the feature you mention above, on our IE7 Internet Option settings. The "Enable memory protection to help mitigate online attacks" is not there. Any ideas?

# Windows Vista Team Blog said on January 23, 2007 8:22 PM:

One of the most basic conundrums in computer security is the constant trade-off between security and

# noocyte said on January 24, 2007 7:57 AM:

So DEP and Java (Sun VM) is out of the question? That sort of makes it a no-go for _a lot_ of users... Can anything be done about that?

# michael_HOWARD said on January 24, 2007 1:02 PM:

Hana - are you using Windows Vista? this option is only in IE7 on Vista.

# michael_HOWARD said on January 24, 2007 1:03 PM:

noocyte, we're working on it:)

# Steven Bone said on January 25, 2007 12:48 AM:

Seems like on Vista x64 the Google Toolbar causes IE to crash on startup if IE's DEP is enabled.  I wish IE would be a bit more specific as to which plugin faulted w/o resorting to a crash dump analysis.

To turn DEP off after getting the repeated crashes on IE launch is not simple.  A pre-existing IE window (before I applied the DEP setting) can't be elevated (I closed the elevated instance after making the change), thus I can't disable the DEP setting.  The control panel internet settings don't even show this option (enabled or disabled), and I haven't figured out how to elevate a control panel applet even if it were.

I thought the Vista design guidelines specified that it should be easy to elevate to perform a task instead of merely greying the option (or making it disappear) and I haven't found such a method of elevating to make this change here.  Hoping for a pre-Vista SP1 update on these issues...

The solution is to disable the Google plugins, run an elevated instance of IE, turn DEF off, and finally reenable the google plugins.  Yuck!  If you don't have an IE window around, don't try for the Control Panel 'Internet Options' as it gets the list of add-ins from some voodoo magic (nothing but Microsoft ones show up there).  You probably need to uninstall the Google Toolbar before disabling DEP and reinstall it.

Security != Simplicity.

Sort of related aside: UAC also makes it fun to debug drag/drop operations from Explorer from a non-elevated Visual Studio instance that needs to register a DLL with COM.  Any hints here, Michael?  Can we start a process for debugging from an elevated Visual Studio instance and have the debugee's process be non-elevated?  I'm about to create another account and disable UAC just so I can be productive in certain situations...

# noocyte said on January 28, 2007 4:18 PM:

Great! Keep us updated when Java and DEP works together, that's the day I'll activate it. For now my online bank requires Java...

# YngDiego said on February 4, 2007 1:46 PM:

Likewise, whenever Sun gets their butt in gear and produces a DEP compliant and native x64 plug-in JVM, I'll be turning this feature on.

# Sport24_7 said on February 5, 2007 9:15 PM:

Hi,

i am on Windows XP and i have downloaded IE7 too, but i still cant get da stupid thing to work,

what can i do, im sick of this :-(

i have done everytihng! and that option of enabling DEP isnt in my interent options either

Please help

# m said on February 6, 2007 12:58 PM:

Why wouldn't MS implement the user-interface such that the user could turn this feature on/off based on specific plugins?

As is, one has to completely turn it off if you need just one plugin to run that is incompatible with it.

# Andrew said on February 15, 2007 9:41 AM:

I had the 'IE Acrobat plugin not found' message unless I had Acrobat Reader 6 already open. I run XP SP2, IE7 (no DEP line in advanced options for IE7) and the ZoneAlarm Pro version 6.5.722.000. In ZoneAlarm I went to Program Control/Programs and I changed permissions to 'allowed' for access and for servers in all IE and Adobe lines and also set the 'trust level' to II. Then I went to Program Control/Components and clicked on 'Description' tab. This sorted out the components well and square and I had all Adobe Acrobat plugins (about 40 of them, some maybe duplicated) lined up. Then I selected all of the Acrobat plugins and changed the permissions to allowed. Next thing, I had a thought about quitting smokes, but before I knew, I clicked on my lighter and there we go again. So, through the clouds of smoke I managed to click on one of the websites with the pdf file I wanted to check out. And it worked. Well, I was very surprised, as nothing like this had ever worked for me before. Anyway, there may be zillions of reasons for why them plugins don't work and zillions of solutions. This has been one of them. It may work for you if your problem is similar. Cheer up.

# lorettab said on February 27, 2007 4:27 PM:

Hi,

I am a newbie to computers so please be very gentle in your replies. I just bought an HP Pavilion PC, it came with Vista Prem, I set everything up and IE ran fine, a few days ago I went to open IE and I got the error message,"DEP has closed the program". I went in and turned it off, that didn't help. I un-installed the last programs I had just installed the day before this happened, those being, Adobe acrobat 8,Shockwave and flash, but still I got the error. I went back and turned on DEP to run for essential windows programs only, then reinstalled the programs flash and shock, but they would not reinstall,I got a message saying installation ended prematurely b/c of an error.I don't know if this has anything to do with this either, but when I go into my HP care adviser and try to turn on the anti virus protection, it too wont and tells me there is an error too. I have NOD32 security installed so I don't know if I have to worry about this one too. I really need to get my IE back on line, I am using Mozilla now but need the IE too, anyone have any ideas?

Thank you, Loretta

# michael_HOWARD said on February 28, 2007 1:48 AM:

Loretta, you shouldn't get any DEP errors in IE becuase it's not enabled by default. If you're getting this error, it's from something else, or you have enabled DEP in IE.

# Ken Leese said on March 4, 2007 8:07 PM:

On a computer that supports hardware DEP and runs Vista, I have been unable to run Java applets in the browserdue to the incompatibilities between DEP and the Sun JIT interpreter. Finally I reluctantrly used a sledghammer -- BCDEDIT -- to disable all DEP support on this system.

Is there a straightforward way to disable DEP for a specific scenario, namely Sun JRE 6 for IE 7 applets? When I used System Properties -> Advanced -> Performance [Settings] -> Data Execution Prevention I was not successful.

# michael_HOWARD said on March 4, 2007 11:40 PM:

Just turn off DEP for IE7 for the moment, and re-enabled DEP for the OS.

We're aware of the Sun JVM issues, and we're on it!

# Andy M said on March 7, 2007 6:47 AM:

Hi Michael, I have just set up Windows Vista and after turning on DEP in Internet Options I found I am now prevented from opening IE due to DEP and therefore cannot untick the box in IE. I followed instructions saying to change the setting in Control Panel/.../Performance etc and even named IE as an allowed program and still cannot open IE. Help!

# Luc said on March 10, 2007 11:14 AM:

I hope with Windows Vista SP1, the DEP will be ON by default, in IE7. It was a mistake put DEP off in IE7 because otherwise lazy add-on's programmers will still write bad code.  

# Michael Howard's Web Log said on April 8, 2008 4:28 PM:

Eric Lawrence just posted some commentary about IE8 and DEP/NX. As you may know, IE7 supports DEP/NX,

# Wampiryczny blog said on June 19, 2008 4:07 PM:

We wtorek swoją premierę miał Firefox 3. W jednej wypowiedzi Window Snyder powiedziała: In setting out to elevate Firefox's basic security, Snyder is also compelling Microsoft and Apple, maker of the Safari browser, to follow her lead — or get ou

New Comments to this post are disabled