Microsoft DEP kills Microsoft LiveMeeting

When I posted "Why can't MS LiveMeeting stay alive?" this morning, I got an email from a Microsoft spokesperson 5 hours later and a technical support call soon followed. As it turns out, Microsoft Windows XP SP2 DEP protection kills Microsoft LiveMeeting 2003 and 2005. The solution was that I had to mask out LiveMeeting from the watchful eyes of Windows DEP protection which is a big security violation in my book.

When I posted "Why can't MS LiveMeeting stay alive?" this morning, I got an email from a Microsoft spokesperson 5 hours later and a technical support call soon followed.  As it turns out, Microsoft Windows XP SP2 DEP protection kills Microsoft LiveMeeting 2003 and 2005.  The solution was that I had to mask out LiveMeeting from the watchful eyes of Windows DEP protection which is a big security violation in my book.

DEP prevents software from executing code from areas of memory designated as data to prevent the accidental or malicious execution of code.  In fact it's so effective as a proactive security measure that hardware-enforced DEP protection stopped the WMF exploit and the more recent zero-day IE flaw dead in their tracks without any patches from Microsoft or anti-Virus solution.  For this reason, I have always highly recommended hardware-enforced DEP protection for everyone as one of the more effective security measures.  I also demand that every software maker write their software in a way that they don't ever trigger DEP because you can't distinguish it between a virus or a flaw in the software.

Earlier this year when I wrote "Skype 2.0 looks like a Virus", I didn't hear anything from Skype but the software was anonymously fixed four days later.  Skype's explanation was that they had known about it for over a year and that they just hadn't gotten around to fixing it.  I guess it just took a little nudge from me to get their act together and it's now time for me to give Microsoft a little of that same medicine.  FIX YOUR SOFTWARE MICROSOFT!

Ok no need to yell but this is one of those things that really get on my nerves.  DEP is currently not enforced on a system-wide level (only includes core Windows Services by default) out of the box and I feel it should be.  I still haven't been able to determine if Vista will have DEP fully enabled out of the box, but they may have enough of a problem convincing people to use UAP.  All software vendors need to get their act together and write their software with security in mind.  That means make sure you software runs with user permissions and make sure it doesn't trigger DEP exceptions.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All