Why The DEP feature (Data Execution Prevention) must be turned OFF when using the Siebel Applications

The DEP feature (Data Execution Prevention) must be turned OFF when used with Siebel, as Oracle has not yet included the specialized code required to fully implement this feature. This may be done by unchecking the relevant box on the individual client browsers, or by using the Group Policy tools, or by using the relevant Vista control panel. A description of how to turn off DEP with Vista may be found here: http://www.vistax64.com/tutorials/65790-dep-turn-off-programs.html.

DEP can be disabled in the following ways:

1.IE8 > Tools > Internet Options > Advanced tab
2.Starting CMD "As Administrator" and running the command
bcdedit.exe /set {current} nx AlwaysOff
3.IE Group Policy administration tool

In order to support DEP under Windows, a computer's processor must support hardware-enforced DEP. You can determine this by running

wmic OS Get DataExecutionPrevention_Available

in a CMD window; "TRUE" means hardware support exists. The level of DEP running can be determined by running

wmic OS Get DataExecutionPrevention_SupportPolicy

This returns an integer from 0-3.

The default value is "2" in which case only Windows system components and services have DEP applied. A value of "0" means DEP is always off and "1" is always on for all processes.

Setting this value to "3" is a potential work-around. The policy in this case is that DEP is enabled for all processes but Administrators can manually create a list of specific applications which do not have DEP applied.

Implementation of the DEP feature is dependent on using the Microsoft VS 2008 compiler. Siebel is currently compiled with the VS 2003 compiler but plans to move to the VS 2008 compiler in an upcoming release. Until then it is not technically possible for Siebel to support DEP/NX.

It is important to understand that the DEP feature only helps with one kind of security vulnerability - code injection. Siebel software includes protection against this specific mechanism. The ENCODEDATA parameter prevents execution of any code that is in Siebel data, and this is the default setting for Siebel.