Jump to content

Security flags - DEP


Recommended Posts

So I was toying with Task Manager in Vista and discovered it can display column that says whether a process is running under DEP or not. (Task Manager->View->Select Columns...->Data Execution Prevention).

I'm sure developers know what DEP is, but for others in short summary - sometimes errors happen in application if there is a bug in it. Some errors can be detected but some happen silently / OS doesn't give any warning and program continues to run. If this silent error was triggered by clever person (hacker) it can force program to do what hacker wants - probably nasty things. Now DEP is technology in newer processors that helps fighting against such attacks.

The problem is it's not turned ON for µTorrent (v1.7.7) process by default. (this is because some other, older programs are not compatible with DEP and would crash in XP SP2/Vista if DEP was forced by OS to be turned on for all programs).

I've forced µTorrent process to run under DEP and it runs fine / no crashes and I'm actively down/up-loading, so I think developers should make µTorrent run under DEP by default in next versions without user needing to turn it manually.

If there have been found issues in the past with DEP then these should be resolved - I think µTorrend is in principle able to work with DEP as it not of the type of programs that usually have problems with it - the ones that compile code (scripts) at run-time and then run it.

This feature will not add any user-visible enhancements, but as it is Internet facing application it would be nice to have this extra barrier even though I am sure quality of code is above average - just in case zero-day bug is found.

Here are some pages for developers - it should be easy to do it:


Here are few other flags that too make programs more secure that should be turned on:


I would also like to receive return post to see if this message reached developers. I wanted to post this in bugs section but did it here as this part of forum seems more active, hope it's right place.


Link to comment
Share on other sites

>I don't think forcing DEP should be up to the developer.

In case zero-day bug is found and as µT has majority in bittorent clients by now it would represent serious threat to average bittorrenter. 99.9% of users don't even know what DEP is, so they can only rely on developer to do what is best for them. Also turning DEP ON in EXE should be trivial to do - developer only has to add few flags and forget about it - the rest will do compiler and Windows.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...