The article that you reference to describe DEP is horribly inaccurate and misleading. Check out the Wikipedia article, it's considerably better: http://en.wikipedia.org/wiki/Data_Execution_Prevention
DEP does not misfire. Whenever hardware DEP kicks in, some software is trying to execute at an address that is not normally designed to contain executable code. This is often the result of a buffer overflow or some other software flaw. These are the flaws that allow all kinds of viruses, worms, and other attacks to flourish. That's why hardware NX (the technology use by DEP) was created by Intel in the first place - to make a large class of security attacks significantly more difficult. Executing code on the stack, in the heap, etc. could actually be intentional on the part of the executing program, but most seasoned developers consider that to be a poor design choice (see the "In some instances" paragraph in the Wikipedia article). The quality of design debate aside, this choice does open the program up to buffer overflows and other attacks that would normally be made much more difficult with DEP enabled. Forcing that choice on another program (an add-in forcing DEP to be disabled for all of Outlook) is undeniably an irresponsible choice. Turning off DEP for a critical program like Outlook which constantly receives unauthenticated data from effectively untraceable sources is opening an enormous security hole. The fact that this has been known about and left for three years is insane. Fixing DEP issues is not difficult, unless of course, the software has intentionally created this behavior. If that's the case with SpamBayes, it should be stated outright so that people can make informed decisions about using the software. I'm certainly not going to continue using it while it requires me to open the front door to my computer and invite people to come take advantage of me. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Sunday, August 17, 2008 5:14 PM To: Fu Cc: Amedee Van Gasse; [email protected] Subject: Re: [Spambayes] Spambayes pwning me? fu> To clarify, I'm not concerned about SpamBayes having malignant code fu> in it, but if it has a DEP issue, that issue could be exploited to fu> create an email worm that replicated without me ever having to open fu> the email. Microsoft enabled DEP in Windows to protect us from fu> flaws in software that could lead to this type of situation. fu> Suggesting that users disable DEP is irresponsible. If there is a fu> DEP issue in SpamBayes, fix it. If there is a DEP issue in Outlook fu> when dealing with add-ins, if enough people report it, Microsoft fu> will fix it. I'm not a Windows person, but it would appear that DEP is a fairly common cause of software installation problems: http://www.realtime-vista.com/administration/2007/04/disabling_data_execution_preve.htm In part, it says: If Vista (and actually this has been around since Windows Server 2003) sees that a process is being spawned that "could" be unwanted, DEP shuts it down. This is especially common in some application installations: if a Windows Installer setup (MSI) calls an executable in Vista, DEP could very well put a stop to it. If you are trying to run an installation or other executable being stopped by DEP, it could save you some trouble so turn it off while you attempt to give it another shot& The SpamBayes FAQ suggests listing Outlook as a safe application: 5.8 After installing SpamBayes, Outlook crashes and then asks for the plug-in to be disabled. Are you using an Athlon 64 or Core 2 Duo with DEP? There are issues with DEP and Outlook with a SpamBayes-based plug-in. Listing Outlook as a safe application on these processors should "solve" the problem. Also, this has been a known issue for quite awhile: http://mail.python.org/pipermail/spambayes/2005-August/017792.html If Mark Hammond hasn't figured out a way around the problem short of disabling DEP for Outlook my guess is it's not a trivial problem. Skip _______________________________________________ [email protected] http://mail.python.org/mailman/listinfo/spambayes Info/Unsubscribe: http://mail.python.org/mailman/listinfo/spambayes Check the FAQ before asking: http://spambayes.sf.net/faq.html
