Buffer Overflow is a computer attack where the program writes data beyond the buffer boundaries. It occurs due to a virus and other malicious activity exploiting the amount of allocated space to store data for executing various programs. Data Execution Prevention (DEP) is a protection mechanism intended to ensure applications do not run codes in the non-executable memory to prevent this unwanted attack (Turaev et al., 2018). DEP is essential in protecting computer users from such malware and removing them. A practical method of preventing viruses and other malware exploits is through DEP, which will be discussed in this paper, its effectiveness, and why a user or administrator may disable its operation.
The program overflows the boundaries when buffer overrun occurs and overwrites the adjacent memory location. This results from feeding the software with many programs on the fixed space available. Computer memories are responsible for holding data while moving between programs, and when there is anomalous input, the area gears an overrun, causing the unusual transaction to overwrite the past operations (Stallings, 2019). Since buffer overflow is about memory, the user can protect it by not writing beyond the specified space, which can be covered by the Data Execution Prevention method by preventing the application from being executed by the code. Through DEP, programs in buffer overflow are stopped, and viruses and other computer malware are prevented from performing their functionalities.
How DEP Prevents Malicious Attacks Via Buffer Overflows
Data Prevention Execution prevents malicious attacks by distinguishing executable and non-executable memory regions, preventing anyone from running a program in the non-executable area. It was introduced in the Service Pack 2 of Windows XP and was later included in the 2005 windows XP PC edition (Erdődi and Josang, 2020). Through buffer flows, it helps protect the computer from viruses and worms that may cause malicious attacks on the user experience. DEP operates in two modes because it combines hardware and software mechanisms to perform routine checks of the buffer memory, preventing malicious activity by shutting them down. Hardware enforced DEP work to avoid attacks by sending a signal to the CPU to label memory pages as non-executable and instructs the machine to prohibit any program from being implemented on the memory page. Software enforced DEP protects the user from the Security Exception Handling overwrites by collecting the information executed. Therefore, DEP is a reliable protective mechanism to safeguard the computer from any changes that could resemble data in the same memory (Wang et al., 2020). It prevents attacks by preventing duplicate machine code from entering the data segments
Effectiveness of DEP
DEP is often successful because it prevents computers from executing codes stored in data pages memory. Though the code is not always performed from the default heap or stack, the approach is always practical. Heap is where all the variables generated and modified at runtime are contained, while the stack is the memory that stores all the variables initialized before runtime (Gao and Guo, 2020). Therefore, the DEP detects any coded running in the specified locations raising an exception when it occurs. Data Execution Protection is an effective and valuable feature that should be considered by anyone looking for a more attack-resistant operating system.
Why might a user or administrator disable DEP?
A user or administrator may disable DEP when it does not allow them to open executable files that need access to the memory system. The DEP appears in front of the user, sending a message that blocks the running application. In cases where the device output is vital and the device is used in an isolated mode with low infection risk, the user can securely disable the Data Execution Prevention. Computers rely on simple reasoning, and humans program their logic, making is susceptible to administrator errors (Nicula and Zota, 2019). Therefore, some projects may occasionally escape and operate in areas monitored by DEP. In such cases, Data Execution Protection will shut down the program and revert with an error message to the user or cause the software to run slowly, forcing the user to disable DEP.
In conclusion, Data Execution Protection (DEP) is essential in preventing malicious activities through buffer overflow and avoiding unwanted surges. Though DEP is in most cases is, disabled by the administrator, it successfully prevents attacks via buffer overflows. Computer viruses and attacks are programs developed and manipulated by human beings to perform malicious acts causing harm to the device used by removing and messing with their data and information, while other cases may corrupt memory creating unwanted overruns. Therefore, DEP helps counterattack by stopping non-executable programs from running in the memory, making it hard for attackers to use memory-related flaws like buffer overruns. In cases where buffer overflow vulnerability is exploited, respective individuals must quickly act and fix the affected programs ensuring other users have access to the patch because security and safeguards are insufficient. A buffer overflow has a more significant threat to computer security than any other form, and attackers progressively use it at a high rate to gain access to the network. Therefore, it is crucial to implement a stringent and keeping up to date DEP system.
References
Erdődi, L., & Josang, A. (2020). Exploitation vs. prevention: The ongoing saga of software vulnerabilities. Acta Polytechnica Hungarica, 17(7), 199–218.
Gao, T., & Guo, X. (2020). Buffer overflow vulnerability location in binaries based on abnormal execution.2020 4th Annual International Conference on Data Science and Business Analytics (ICDSBA).
Nicula, Ș., & Zota, R. D. (2019). Exploiting stack-based buffer overflow using modern-day techniques.Procedia Computer Science, 160, 9–14.
Stallings, W. (2019). Computer Organization and Architecture: Designing for performance. Pearson Education International.
Turaev, H., Zavarsky, P., & Swar, B. (2018). Prevention of ransomware execution in enterprise environment on windows OS: Assessment of application whitelisting solutions.2018 1st International Conference on Data Intelligence and Security (ICDIS).
Wang, J., Cai, R., & Liu, S. (2020). Research on the protection mechanism of cisco IOS exploit. Journal of Physics: Conference Series, 1584(1), 012045.