I have DEP enabled on my Windows XP machine. I have seen the DEP dialog pop up on two occasions, once when running Blender and more recently when running Skype. I have no clue about whether these were virus attacks or valid program behaviour.
How do I decide when to allow a program to use Data Execution and when to prevent this from happening?
DEP per se isn't actually a technique to prevent viruses or similar programs from running. All it does is—on supported hardware—to enable the NX bit for data pages. That means that a program can't execute its own data. This is simply a security measure and it mitigates or at least weakens some kinds of attack or misbehavior. At the expense of the program forcibly terminating, though.
In the case of Skype it may well be that Skype's own obfuscation techniques work against them. Also programs such as Just-in-time compilers have to write out program code that gets executed.
As an end-user it's not entirely possible to decide whether DEP was triggered by a legitimate action. It's probably safe to say that nearly all instances of DEP killing a program are false positives, especially since DEP on Windows XP can be bypassed by malicious programs with relative ease.
