|
3/15/2007 -- Hackers are busy every day writing malicious code that can harm our computers. They attack our systems and spread viruses using various methods, like writing applications that execute code from system memory areas that are reserved for only authorized applications. Once a program takes over your system, it can spread over to files, other applications or your e-mail contacts.
Keeping computers safe from hackers is essentially a cat-and-mouse game, where the good guys have the upper hand only until the bad guys come up with ways to circumvent the safeguard. Microsoft and other vendors are constantly working on ways to prevent these attacks and close security holes.
One such security feature in Windows is called Data Execution Prevention (DEP). DEP is supported on at least the following Windows operating systems:
- Windows XP SP2 or later
- Windows XP Tablet PC Edition 2005
- Windows Server 2003 SP1 or later
- Windows Vista
DEP can be enforced either by hardware or by software. It's primarily a set of technologies that perform memory checks to protect against viruses and other security threats on a computer. Simply put, DEP acts like a security guard that monitors your system's memory to ensure that applications are using it properly.
DEP software can work alone or in conjunction with compatible CPUs. If your computer has a CPU that supports a hardware-based technology known as "execution protection," DEP can tag certain areas of memory as "non-executable." If it discovers that an application is using the system memory incorrectly and is executing code from the area marked as "non-executable," it will close the application and inform you of the violation.
To configure DEP in Windows XP/2003, go to Control Panel, System, Advanced and click Settings under Performance. Click on the Date Execution Prevention tab to configure the options for DEP. In Vista, go to Control Panel, System and Maintenance, System, Advanced system settings under task and then click Settings under Performance. Click on the Date Execution Prevention tab to configure the options for DEP (as shown in Figure 1).
[Click on image for larger view.] |
| Figure 1. Configuring DEP options. |
Tip: You can quickly get to System Properties by using the Windows key-Pause/Break key combination in Windows XP/2003/Vista.
If your computer doesn't support hardware-based DEP, Windows will offer to use DEP software to help protect your system. There are two ways you can configure DEP:
1. Turn on DEP for essential Windows programs and services only.
2. Turn on DEP for all programs and services except those you select.
The first option is the default option. The second option provides a higher level of security; DEP will monitor all programs, not just the essential programs and services. If you want, you can exclude certain programs from this list -- if you trust the programs' vendors, of course. For example, you can add iTunes to the list of applications that DEP shouldn't monitor.
If you get a warning from DEP and it closes an application, you can run the application again as long as you haven't turned DEP off. However, if you keep getting a notification from DEP that a specific program isn't running correctly, instead of turning DEP off, contact the software vendor and inquire about a DEP-compatible version or update.
For more information, check out Microsoft's Knowledge Base article 875352. Although the KB article doesn't mention Vista, DEP is also supported on Vista computers as I pointed out earlier.
|
