Compaq dc7100 Data Execution Prevention - White Paper, 2nd Edition
Compaq dc7100 - Convertible Minitower PC Manual
View all Compaq dc7100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Compaq dc7100 manual content summary:
- Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 1
NX to function 5 How do I control the DEP functionality on my computer 8 DEP Level Chart 9 Data Execution Prevention Tab - No XD/NX Deploying Hardware-Enabled Data Execution Prevention 11 How will XD/NX impact HP customers 11 What about customers who create their own software image 11 - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 2
Windows XP Service Pack 2 includes multiple security improvements: • Network protection • Memory protection • Email handling • Web browsing security • Computer maintenance Together, these security technologies help to make it more difficult to attack Windows XP, even if the latest antivirus updates - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 3
on memory to help protect against malicious code and viruses. In Windows XP SP2, DEP is enforced by both hardware and software. Data Execution Prevention Exception Message Box If an application or driver attempts to execute code from an area where it should not on a DEP-protected computer, Windows - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 4
base physical address and attributes of a page in physical memory. When you use PAE mode, the PTEs are extended Windows. A secondary benefit of DEP encourages good engineering and best practices for application and driver developers. Data Execution Prevention forces developers to avoid executing code - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 5
components must support XD/NX: • Processor • System BIOS • Operating system Processor Intel released XD-capable processors for the desktop market starting support NX. Transmeta Efficeon processors using Code Morphing Software (CMS) 6.0.4 or later support NX. Both Intel and AMD have a Windows- - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 6
915 2004 systems. • Default XD support is enabled for Intel 945 2005 systems. • Default NX support is enabled for AMD 2005 systems. • Default NX support is disabled for Transmeta systems. The BIOS for Intel 915 and Intel 945 based desktop systems uses the CPUID instruction to look for the Execute - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 7
Workstation xw6200 - Intel E7525 chipset • HP Workstation xw8200 - Intel E7525 chipset These workstations disable DEP by default. However, you can manually enable DEP in BIOS. Operating System Microsoft implemented XD/NX support with Windows XP Service Pack 2. All future Microsoft operating systems - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 8
select applications for DEP not to affect. This manual application exclusion is useful in working around applications or drivers that do not load or function properly because of DEP. NOTE: HP ships with Windows XP set to Optin. To prevent Windows XP SP2 from using DEP, set /NOEXECUTE to "alwaysoff - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 9
BIOS DEP OS BOOT.INI Support Setting Setting Result No N/A Any Setting Only software-enforced DEP is available for limited Windows system binaries. Yes Disabled Any Setting Only software-enforced DEP is available for limited Windows Windows system binaries by default. • Programs and drivers - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 10
used with any processor that supports Windows XP SP2. Software-enforced DEP is a more limited form of protection for the exception handling mechanisms in Windows. It is used when hardware-enforced DEP is not available, usually because the processor does not support XD/NX or is disabled in BIOS. 10 - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 11
who create their own software image? HP encourages you to perform your own validation if you plan to use proprietary images or software. You should test the following areas to ensure compatibility with DEP: • Third party drivers • Video • Network • Printer • Modem • Third party applications - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 12
create code in real time. These drivers encounter the same problem as applications that create code in real time as mentioned above. Conclusion and Recommendation XD/NX is a useful computer architecture innovation that will reduce the number of viruses that exploit buffer overruns. HP encourages - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 13
error. Add to exclusion list. ATI Driver Setup.exe. Exception error during installation. HP Diagnostics for Windows. Exception error. Add to exclusion list. IBM Home Page Reader. Exception error during installation Add to exclusion list for installa- due to Install Shield. tion, can remove - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 14
Norton Anti-Virus. Exception error. Add to exclusion list. Nvidia Driver Setup.exe. Exception error during installation. Add to exclusion list. , can remove afterwards. PC Worldbench. Exception error during installation. Add to exclusion list for installation, can remove afterwards. PowerDVD - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 15
for installa- due to Install Shield. tion, can remove afterwards. Windows Catalog Exception error. Add to exclusion list. Driver Effect Creative Audigy 2NX Exception error during installation. Add to exclusion list. HP Deskjet 450ci Driver. Prints out blank page. Microsoft Knowledge Base - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 16
the malicious code cannot propagate or spread to infect more computers. Support staff also Windows XP Service Pack 2 (SP2), Microsoft introduced DEP, which is a processor feature that prevents execution of code in memory that is marked as data storage. This limits the "attack surface", specifically - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 17
to execute out of data memory. You should test your images before deploying XD/NX. If a problem does occur with an application/ driver associated with a trusted software, you can exclude that software. Will the new processors, new or updated BIOS, and Windows XP SP2 require a new image qualification - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 18
default, how do I turn it on? The BIOS for the i915 chipset-based 2004 and i945-chipset based 2005 desktop systems uses the CPUID instruction to locate the Execute Disable bit to determine if the installed processor supports XD. If XD is supported, then the Data Execution Prevention option appears - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 19
with XD enabled in F10 Setup. What HP commercial desktops support this technology? • dc5100 • dc7100 • dc7600 • dx5150 • dx6100 • dx7200 • bc1000 What HP workstations support this technology? • HP Workstation xw4200 • HP Workstation xw6200 • HP Workstation xw8200 If the processor is changing, is - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 20
(TPM) chip? No. However, the Embedded Security Manager for ProtectTools does provide security features that can provide additional PC security. What is the minimum memory requirement for this functionality to work? XD/NX requires 128 MB of RAM - the minimum memory requirement for Windows XP SP2. 20 - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 21
herein. HP, Hewlett Packard, and the Hewlett-Packard logo are trademarks of Hewlett-Packard Company in the U.S. and other countries. Compaq and the Compaq logo are trademarks of Hewlett-Packard Development Company, L.P. in the U.S. and other countries. Microsoft, MS-DOS, Windows, and Windows NT are
1
Data Execution Prevention
v1.2
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Data Execution Prevention (DEP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What does Data Execution Prevention do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Data Execution Prevention Exception Message Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Hardware-Enforced DEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What is PAE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Why is this change important? What threats does it help mitigate? . . . . . . . . . . . . . . . . . . .4
Will my NX- or XD-enabled systems protect me from virus attacks?
. . . . . . . . . . . . . . . . . . .5
What are the required components for XD/NX to function?
. . . . . . . . . . . . . . . . . . . . . . . .5
How do I control the DEP functionality on my computer?
. . . . . . . . . . . . . . . . . . . . . . . . . .8
DEP Level Chart
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Data Execution Prevention Tab - No XD/NX Processor . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Software-Enforced DEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Deploying Hardware-Enabled Data Execution Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
How will XD/NX impact HP customers? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
What about customers who create their own software image?
. . . . . . . . . . . . . . . . . . . . .11
Advantages of using XD/NX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Disadvantages of using XD/NX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Conclusion and Recommendation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Known Issues
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16