I was listening to Security Now! Episode 78: DEP in Depth by Steve Gibson with Leo Laporte. In this particular episode, Steve describes hardware data execution prevention (DEP), how it works and why it is important. At one point he describes how some applications will not work when DEP is set to its most stringent mode, AlwaysOn.

For anyone testing Windows applications, I suggest that you add compatibility with Hardware DEP in AlwaysOn mode to your test suite. Here is the gotcha: in Windows XP – you can’t configure AlwaysOn from the user interface. Fortunately, Microsoft provides a detailed explanation of DEP and how to configure it by modifying your boot.ini file in the knowledge base article 875352. (In Service Pack 2, you can configure DEP in the less stringent OptIn or OptOut modes.)

Not all hardware is DEP capable. An easy way to find out is to download and run the small utility SecurAble from Steve’s site.