DVDFab disables DEP = a security risk?!

[JohnnyBob]

What is DEP (Data Execution Prevention)? I've copied below the explanation built into Windows XP (SP2), or you can google and read more about it.

I'm running Windows XP Home (SP2). I just noticed that DVDFab HD Decrypter disables DEP for itself during installation. It makes an active (box already checked, i.e. preselected) entry for itself at System Properties - Advanced - Performance Settings - Data Execution Prevention, in the window under the radio button named: "Turn on DEP for all programs and services except those I select".

So, it's apparently a security risk. But does it actually contain adware, spyware, hackware, malware, trojan, worm, virus, or other bad stuff? Hopefully the gurus here can clarify this for me... What's the risk, now and in future?

======================

Understanding Data Execution Prevention

Data Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you.

DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features.

Is it safe to run a program again if DEP has closed it?

Yes, but only if you leave DEP turned on for that program. Windows can continue to detect attempts to execute code from protected memory locations and help prevent attacks. In cases where a program does not run correctly with DEP turned on, you can reduce security risks by getting a DEP-compatible version of the program from the software publisher. For more information about what to do after DEP closes a program, click Related Topics.

How can I tell if DEP is available on my computer?

To open System Properties, click Start, point to Settings, click Control Panel, and then double-click System.
Click the Advanced tab and, under Performance, click Settings.
Click the Data Execution Prevention tab.
Note

By default, DEP is only turned on for essential Windows operating system programs and services. To help protect more programs with DEP, select Turn on DEP for all programs and services except those I select.

[JohnnyMalaria]

I'm not familiar with the program but if it uses a licensing "wrapper" to prevent hacking etc, it could be that.

We use such a third-party wrapper and it causes DEP to kick in. A new ver$ion of the wrapper fixes that problem.

That fact that the installer changes the DEP settings without your say so is very bad behavior on the vendor's part.

[A lot of anti-hacking tools use "self modifying code" - i.e., the wrapper changes part of the executable code while it is running. One way this happens is to change the code to jump to part of the program that is marked as data rather than code and then continue as if it were code. i.e., executing data instead of what is marked as code - hence Data Execution Prevention. It's all taken care of by the CPU - Windows doesn't really do anything until the CPU detects such behavior and notifies Windows. Windows then looks at its current list of "approved" programs that are permitted to do such things.]

[videobread]

Good find. I deleted the line item on my PC. It' funny how many of these programs keep logs and phone home. I never liked the idea of automatically checking for updates either. I wonder how many other programs leave trap doors and for what reason?

[JohnnyMalaria]

What this particular program is doing isn't a trap door. Disabling DEP for itself only affects itself. DEP exists to prevent *other* programs from hijacking others. i.e., disabling DEP for itself isn't an inherent risk. If it disabled DEP for another program, that would be a serious issue.

In and of itself, it isn't a security risk plus it is only fairly recent CPUs that support DEP.

Most logs recorded by applications are either at install/uninstall (which can be turn on/off for any application at the user's end) or for troubleshooting. I doubt many routinely send logs of your every move. Our software reports problems to the OS's event log and, at the user's volation, the information can be sent to aid machine-specific issues.

Personally, I don't object to an application checking to see if a new version is available especially if it fixes bugs that are interfering with my ability to use it - as long as I can disable it and it doesn't automatically download the updates without my say so (Adobe and Sun).