Windows Tip Sheet

Data Execution Prevention

WinXP SP2 stops unauthorized code, like malware, from running off system memory.

WinXP SP2 supports a hardware standard called Data Execution Protection (DEP), a feature of some microprocessors. The idea is to prevent malicious code from maliciously inserting itself into otherwise non-malicious areas of Windows' memory, which is typically reserved for non-executable code. WinXP SP2 also includes a software version of DEP designed to, in Microsoft's words, "reduce exploits of exception handling mechanisms in Windows" (read: stop viruses from taking advantage of our bugs). And it's even on by default.

DEP isn't an antivirus solution: Viruses can still install themselves. But DEP does keep an eye on system memory where no executable code should live, and makes sure that it doesn't take up residence there to get itself called in response to an operating system exception. Essentially, if code tries to execute from these "non-executable" memory areas, Windows steps on it.

By default, XP's software DEP is turned on for the core operating system components, but you can turn it on for much more, enabling it for all programs, disabling it entirely, or add applications to the DEP exception list. You can't turn off hardware DEP, if your processor has it (many x64 processors do).

A link to the full DEP configuration instructions is below, but the short course is: Open the Properties of My Computer, select the Advanced tab, and click Settings under Performance. You'll see a DEP tab where configuration occurs. Enjoy.

Additional Resources:

About the Author

Don Jones is a multiple-year recipient of Microsoft’s MVP Award, and is an Author/Evangelist for video training company Pluralsight. Don is also a co-founder and President of PowerShell.org, a community dedicated to Microsoft’s Windows PowerShell technology. Don has more than two decades of experience in the IT industry, and specializes in the Microsoft business technology platform. He’s the author of more than 50 technology books, an accomplished IT journalist, and a sought-after speaker and instructor at conferences worldwide. Reach Don on Twitter at @concentratedDon, or on Facebook at Facebook.com/ConcentratedDon.

comments powered by Disqus
Most   Popular

SharePoint Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.