No, I hadn't seen the article yet, nor have I seen anything to substantiate this particular claim. It could be true, but I'd wait for more information or insights before accepting this as a fact. If it only refers to the possibility that a user can manually disable DEP for certain specific apps, it seems like a silly claim to make.. I mean, you'd have to willingly disable it for a certain worm to have any effect, or someone could write a worm that would exploit a buffer overrun for one of the few apps that don't work yet with DEP, and therefore would have it disabled on most computers. Gee, that would only reduce this particular risk by 99% or so, at east until those apps are patched to work with DEP as well.
Really, assuming this is the only issue with DEP (aside from the fact DEP/NX can't stop every sort of exploit), its like claiming a firewall is poorly implemented because you can disable it all together, or disable it (or use portforwarding) for certain apps/ports. Having a firewall is nevertheless a MAJOR improvement over not having one, and AFAICT, having DEP is a similar quantum leap forward. Nothing is ever 100% secure though, maybe we should all move to OpenBSD..(and even then..). It seems to me that SP2 in combination with DEP would stop most -if not all- known worms/exploits today. Just the sheer fact that a somewhat reasonable software firewall will be turned on by default should dramatically reduce the spread of worms.
Now, I'm sure they will find new holes, and people will still be stupid enough to open whatever executable attachement you send them, but I think its getting very much harder. My totally unsubstantiated and uniformed impression is that SP2+DEP gives a similar security boost over SP1 as NT did over 9x. Not perfect, but a world of difference nevertheless.
= The views stated herein are my personal views, and not necessarily the views of my wife. =