I recently moved to a fresh Windows 8 x64 system and I learned that my favourite firewall (JPF - Jetico Personal Firewall) doesn't get along with Win8x64 (CRITICAL_STRUCTURE_CORRUPTION errors), but I can not do without JPF, so I kind of tried everything I could think of (test mode, debugging, various system changes), but I was still getting blue screens because of the firewall driver/software.
I know for sure that it is the firewall that is causing the problems because I get blue screens as soon as I install it and they stop when I uninstall it. I Also tested it thoroughly on virtual computers.
Anyway, I have discovered that by completely turning DEP off by using this command:
bcdedit.exe /set {current} nx AlwaysOff
the firewall would not cause blue screens anymore.
So my question is, what could go wrong with DEP completely turned off?
Note: I do not care much about hardware/windows security, I keep myself secured by using sandboxes and virtual computers (and I also have backups), so I'm not concerned with viruses and root kits or whatever people are freaking out about.
DEP isn't about preventing a bad program from doing something bad, it's about preventing a bad program from exploiting bugs in good programs and doing something bad. (Address-Space Layout Randomization (ASLR) falls into the same category)
It functions by allowing a program to tell the system, "Hey, you see this memory section over here? This is data, not code. This should never be executed. If you catch me trying to execute it like code, terminate me immediately." This makes it safer for trusted programs to work with untrusted data, because the memory where untrusted data is stored can be flagged, and if malicious data tricks the host program into trying to run this protected memory, the CPU can immediately raise exception to the OS and the OS can terminate the program before it can be taken over.
Disabling DEP will allow malicious code to execute buffer overflows, heap overflows, and stack smashing attacks in both the kernel and application programs.
Your programs will continue to work, but they will be vulnerable to being taken over and exploited by malicious code. It would be possible to "break out" of a sandbox, or take control of your firewall by sending it a malicious stream of packets, or for a website to take control of your webbrowser.
Sandboxes and VMs work by using a trusted program to monitor and filter untrusted code, carefully ensuring that the untrusted code doesn't do malicious things. DEP is one of several important features which prevent the untrusted code from taking control of the trusted program, and doing things while masquerading around as said trusted program.
Moreover, DEP has been around for 6-8 years, so it's not something new. I would expect most applications under active development and especially anything billed as security to have supported it long ago, and I would have serious trouble trusting anything that doesn't. There's a reason Microsoft finally switched to forcing it on by default in consumer versions of their OS, and it's already been defaulted to 'On' in the server editions for some time.
Call JPF's support and complain about their terrible, out-dated security. The Windows Firewall isn't spectacular, but hopefully it'll get the job done until they can fix their product. Either you end up with the firewall you want, working properly, or you learn that you really shouldn't trust them with anything security related.
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加