A computer virus can be described as a malicious software program that performs malicious actions after it has been loaded into a user’s computer without the users’ knowledge. According to Gao, Zhou & Liu (2013), computer viruses do not occur naturally; they are created by people who then release them to computers. The diffusion of computers is not directly under human control (Gao, Zhou & Liu, 2013). After they enter on a computer, they attach themselves to other programs in that their execution on the host program activates the action of that virus simultaneously. Most computer viruses are destructive. They are known for self-replicating then inserting themselves on files and thus affecting other processes. They are known for performing malicious actions such as destroying data.
Buffer Overflow and DEP
Buffer overflow can also be termed as a buffer overrun, and it is defined as an irregularity where a program overflows the buffer boundaries and overwrites adjacent memory locations while writing data to a buffer. These areas are also responsible for holding data often while moving it between programs or from one program section to another. Anomalous inputs can also gear buffer overrun (Bican et al., 2018). If the buffer is created to be of smaller size as one had assumed, then more data produced due to unusual transactions could cause to write past the end of the buffer. If this executes codes or else overwrites adjacent data, this may result in unpredictable program behaviour, including crunches, incorrect results, and memory access errors (Hitefield, Fowler & Clancy, 2018). Take advantage of the behaviour of a buffer overflow is a well-known security exploit. On several systems, the system of a whole or the memory layout of a program is well defined. It is possible to overwrite data about the programs state selectively or to write in areas known to be holding executable codes and substitutes it with malicious codes. Therefore, causing behaviour that was not intended by the original programmer by sending in data designed to create a buffer overflow. Consequently, it is possible to make an attack that performs privilege escalations and gain boundless access to computer properties because, in operating system codes, buffers are widely spread.
Buffer overflow is a condition that occurs within computer programs in that as the execution occurs, there is a certain amount of space that is distributed to store data for various programs. Therefore, there will be an overflow if too much data is fed in input into the fixed amount of space. And this condition frequently occurs when a program allows an input to be engraved beyond an end of a buffer allocation (Hitefield, Fowler & Clancy, 2018). Buffer overflow is all about memory in that it is protected then overflow will not take place due to some past situations. Viruses and other various malware exploit the bugs in widely spread software; thus data execution protection method can protect and prevent these types of exploits in the different software currently in the use of a window version.
DEP Prevention on the malicious attack via Buffer Overflow
Data Execution Prevention commonly abbreviated as (DEP) is termed as a security feature that helps in protecting user computer from damages caused by viruses and other security threats. The harmful programs are known for attacking windows as they attempt to execute codes from system memory localities, which are reserved for windows and other authorized programs (Nicula & Zota, 2019). These attacks and occurrences harm computer files and programs. Data execution prevention helps in protecting one’s computer by making sure that programs in which they monitor use system memory safely. If, for example, there is a program on your computer misusing memory, it is the work of the data execution prevention to close that program and notify the user at the same time (Röttger, 2013). If the user maybe wants to turn off the data execution program for a program that he or she trusts.
Before changing the data execution protection settings, it is advisable first to check if the software publisher has made a data execution protection update available or even compatible version of that program. If an update is then available, it is recommended that the user should install it and leave data execution protection turned on for you to benefit from the provided protections (Nicula & Zota, 2019). But if an update is not released by the publisher, the data execution protection compatible version of the program, then you can turn off the program. The user will be able to use the program, but it can lead to an attack that could spread to other programs and files due to its vulnerability.
Data execution prevention is intended to stop the program, such as the worms. It, therefore, grasps in the first and primary place using the network attack, thus preventing malicious attack via the buffer overflow. Malicious data supplied by the worms can be executed by these types of attacks by a technique called the buffer overflow. The program will then shutdown without allowing most of the infections in the process to complete as the data execution prevention catches it. The data execution prevention does not deal with any of the existing infections, nor does it prevents the viruses as it gears an infection that is usually headed off (Rui-nan, 2007). Data execution prevention attempts to return address from being altered by something in the same memory space as the data and thus also preventing the machine codes from being placed into the data segment. The return of the oriented programming is thus defeating the data execution prevention. Data execution protection, in other words, is a fundamental protection mechanism. It is projected to stop applications from affecting the codes in non-executable sections of memory and from the situation of an overflow. Data execution protection is just a window vocabulary that was first presented in the service park two incorporated in the 2005 window XP Tablet PC Edition.
Effectiveness of this method
Yes, this method is always useful as it prevents the execution of the codes in the memory of the data page by the computer. In most cases, the default heap and the stack do not usually execute the codes. The hardware-enforced data execution prevention thus detects the codes that are running from a given location and thus raises an exception when such types of execution occur (Zhao, Guan & Xing, 2007). The software enforces data execution protection, therefore, adds on the hardware DEP by preventing malicious code from taking a lot of the advantage of conducting exception mechanisms in the Windows.
Disabling DEP by the Administrator
An administrator or a user can deactivate the DEP method because when it is presented in front of a user, it alters problems; thus, the message generated prevents the data execution protection problem that is occurred within the application (Zhao, Guan & Xing, 2007). This then helps the computer user to learn more about the data execution protection and thus disables it from the closed application.
Computer viruses and other malicious software programs which perform malicious actions after being created and induced to the computers not just naturally but by human beings cause a lot of damage to the computer users by deleting or interfering with their data and their files and also by corrupting the memory of a computer by causing unnecessary overruns. These unwanted overflows then can be prevented by using data execution protection which is very useful in preventing malicious attacks via a buffer overflow.
Bican, A., Deaconescu, R., Chin, W. N., & Ta, Q. T. (2018, September). Verification of C Buffer Overflows in C Programs. In 2018 17th RoEduNet Conference: Networking in Education and Research (RoEduNet) (pp. 1-6). IEEE.
Gao, Y. C., Zhou, A. M., & Liu, L. (2013). Data-execution prevention technology in windows system. Information Security & Communications Privacy.
Hitefield, S. D., Fowler, M., & Clancy, T. C. (2018, July). Exploiting Buffer Overflow Vulnerabilities in Software Defined Radios. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) (pp. 1921-1927). IEEE.
Nicula, Ș., & Zota, R. D. (2019). Exploiting stack-based buffer overflow using modern day techniques. Procedia Computer Science, 160, 9-14.
Röttger, S. (2013). Malicious code execution prevention through function pointer protection.
Rui-nan, C. H. I. (2007). Hardware-based Technology to Prevent Buffer Overflow Attacks on Windows System——DEP [J]. Computer Knowledge and Technology (Academic Exchange), 3.
ZHAO, P., AI, L., GUAN, M., & XING, X. (2007). Effective Strategy in Defence of Buffer Overflow Attacks [J]. China Information Security, 3.