Double-edged swords: DEP and Spam Filters
March 21st, 2007 by Paul RobertsDEP (Data Execution Prevention) is a feature designed to stop exploits based on buffer overruns and similar software weaknesses. It’s a great idea, and it’s present in XP SP2, Windows 2003 Server and Vista, though you need a fairly recent processor (e.g. AMD A64, Intel Core 2 Duo) to take full advantage of it.
The problem is that some of the tricks used by third party registration wrappers to protect software aren’t compatible with DEP. Try to run a program protected with one these wrappers, and it’ll fail almost immediately with a typically vague Windows error message, such as “Program XXX has stopped working”. Great, thank you for that Mr. Gates! Of course, it would’ve been more helpful if the error told you up front that it was a DEP problem, and told you how to work around it.
As it turns out, it’s easy to exclude a program from DEP if it turns out to be incompatible. Here’s how to go about it:
- Bring up the System control panel
- Get to the “Advanced” section
- Click on the “Settings…” button in the “Performance” section (top section on the page)
- Switch to the Data Execution Prevention tab
- Click Add… and locate the executable file for the program in
question, like so:
Up to now this wasn’t a problem for the majority of people, since DEP always defaulted to being on for Windows programs and services only. However, with Vista 64 it’s on for everything by default, and Windows Server 2003 Service Pack 2 has now gone the same way, so more and more people are going to run into this.
Are any of our programs affected by this? Yep, ColorCache, PTFB Pro and LogMeister are currently affected. PromptPal isn’t, because we recently switched it to a more modern protective wrapper, and we’ll be doing the same for our other products later this year.
But for now, if you see the dreaded “ProgramXYZ has stopped working” message, remember to try adding the program to the DEP exclusion list using the steps above.
Finally, a moan about spam filters. Sure, they’re a wonderful thing when they work. We get hundreds of spam emails a day, but thanks to a combination of MailFoundry on our server and Thunderbird’s built-in spam filter, our inboxes stay mostly clean. The problem is, many spam filters are just too agressive, and it’s getting harder and harder to get a legitimate email through to its recipient. For example, currently I’m finding it almost impossible to get an email through to a Yahoo address using our my main domain address, whereas if I send the same email using a GMail account, it usually gets through. This crazy state of affairs has probably come about due to the spammers’ practice of “spoofing” legitimate email addresses - making it appear that an email has come from a particular address when it plainly hasn’t. Any spam filter worth its salt should be able to tell the difference between a spoofed address and a real one, but Yahoo’s filter apparently can’t.
Anyway I’m currently having to send out most of our emails twice, once through our main domain, and once through GMail. So, if you get two identical emails from me, now you know why!
You must be logged in to post a comment.