IE8 Q&A: Why did you enable Data Execution Prevention (DEP) for Internet Explorer 8 Beta 2 installations on Windows Vista SP1?
A: Our goal is to enhance the default security settings for users. We have decided to enable DEP for Internet Explorer 8, starting with the Windows Vista SP1. DEP helps foil attacks by preventing code from running in memory that is marked non-executable (NX). DEP/NX, combined with other technologies like Address Space Layout Randomization (ASLR), make it harder for attackers to exploit certain types of memory-related vulnerabilities in Internet Explorer and the add-ons it loads.