Q: How does data execution prevention (DEP) work in Outlook 2010?
Data execution prevention (DEP) in Office 2010, and specifically Outlook 2010, protects workstations from bad code by not allowing that code the memory resources it needs to execute.
February 7, 2011
A: Microsoft introduced DEP to the Windows operating systems after Microsoft's Trustworthy Computing initiative in 2002. It has become standard since Windows XP SP2. Microsoft has now brought this level of security into Microsoft Office 2010.
In Office 2010, DEP works at the software level to prevent code that doesn't meet requirements from executing. Such code typically originates through Office add-ins. When inappropriate code from an add-in attempts to use memory pages to execute, Outlook 2010 stops working, which appears like a normal crash. When you restart Outlook, a warning pops up advising you of a problem with the add-in. The pop up also suggests that you disable the specific add-in until it is fixed or updated. Overall, DEP protects your workstation from bad code, whether accidental or malicious, by not allowing the code the memory resources it needs to execute.
DEP can be toggled on or off through the Trust Center in any Office application, including Outlook 2010. In the 32-bit version of Outlook 2010, you access the Trust Center by selecting File, Options, then choosing Trust Center from the sidebar menu on the left. Click the Trust Center Settings button under the Microsoft Outlook Trust Center section. You'll then see the window that Figure 1 shows.
Figure 1: Toggling DEP protection on or off in the Trust Center
Here, you can select the DEP Settings option and click the check box to disable or enable DEP. (In Office Applications that support Protected View, such as Word 2010, the option is found by clicking Protected View in the Trust Center Settings window.) DEP is always enforced in 64-bit versions, so it's not a configurable option. You can change the DEP setting through the registry as well. The DWORD value for the key EnableDEP is 0 for disabled and 1 for enabled. You'll find it in the registry at HKEY_CURRENT_USERSoftwareMicrosoftOffice14.0OutlookSecurity.
You can confirm that applications are protected using DEP through the Task Manager. You can view the Data Execution Prevention column in Task Manager by selecting View, Select Columns and click the check box beside Data Execution Prevention. Figure 2 shows that DEP is enabled for the process outlook.exe.
Figure 2: The Task Manager showing DEP enabled for outlook.exe
If your enterprise has an Outlook add-in that you know isn't malicious but keeps causing DEP exception errors, you can disable DEP for Outlook as shown above. Ideally, you should get an update for that add-in that doesn't try to execute code from memory pages not intended for code execution.
Related Reading:
About the Author
You May Also Like