What is Data Execution Prevention and How Does It Protect Your Computer - PCWiki
 |  RSS
Subscribe to magazine
Personal tools

PC World Documents

Views

What is Data Execution Prevention and How Does It Protect Your Computer

From PCWiki
Jump to: navigation, search
  • This Document was created from the Discussion thread by EvilDave*



One thing to make sure of on any (newer) PC that has a CPU that supports it in hardware.

_Turn 'Data Execution Protection' ON._

In Windows, it is only turned on for Windows parts by default, not for other applications.

This 'fixes' so many security issues, known, unknown and hypothetical that you'd be a fool to turn it off (or leave it off).

Control Panel->System->Advanced Tab->Performance/Settings button, then pick the 'Data Execution Prevention' tab and make sure the radio button for "Tun on DEP for all programs and services except those I select:' is selected.

In Vista, an extra pop-up comes up between you and the 'System Properties' dialog. Pick 'Advanced System Settings'. and carry on with Performance/Settings.

The dialog may or may not have a little blurb that says whether your hardware supports DEP natively or not. If it does not say there is hardware support, try it out anyway, but you may notice your computer runs very slowly afterwards, as emulating DEP is time consuming. If this is 'too slow', you will probably want to set it back to only checking Windows parts and consider shopping for a computer that does support DEP in the future.

It's possible a new CPU will do it on your motherboard, but determining that is beyond the scope of this article. In general, if your machine is a recent Intel 'Dual Core' or AMD CPU, it probably supports native DEP.

You will have to reboot if you changed this.

Next what you'll need to do is try out some of your most used software while this is fresh in your mind. If it now crashes out of the blue, there is probably a bug in the software that's incompatible with DEP (typically executing code in non-executable memory). You can add it to the exceptions in that box in the DEP window, or you can check for an update or stop using that software.

What 'DEP' is, is a 'security' measure applied to RAM in your computer. The CPU keeps track of places that should contain executable code as 'executable', and doesn't mark things like application allocated memory, stack, pictures, interpreter opcodes, etc. as 'executable'. If some bit of native code branches into non-executable memory, the CPU will raise an exception, and the OS will catch it, and the software will 'crash'.

What using DEP across the board does is 'cure' pretty much every form of native stack overflow and stack underflow security exploit that grabs control of your PC. If DEP had been running from the beginning on everyone's machine, there never would have been media files that could install malware of any kind, and quite a large variety of common exploits never would have worked. As it is, you can protect yourself from quite a lot of nasty business in the future.

This doesn't cure EVERYTHING. It just makes it less likely that things can take off on their own without some sort of 'security' warning popping up to ask whether you WANT TO install or run something. The answer to that is always "NO", unless you deliberately set out to install or run something, and you know exactly what it is.

For more information about 'DEP'... http://en.wikipedia.org/wiki/Data_Execution_Prevention http://support.microsoft.com/kb/875352 http://en.wikipedia.org/wiki/NX_bit

This document was generated from the following thread: thread

Name City
Address 1 State Zip
Address 2 E-mail (optional)