HP Dc7100 Data Execution Prevention - White Paper, 2nd Edition

HP Dc7100 - Compaq Business Desktop Manual

Get HP Dc7100 - Compaq Business Desktop PDF manuals and user guides
UPC - 829160356877
View all HP Dc7100 manuals
Add to My Manuals
Save this manual to your list of manuals

HP Dc7100 manual content summary:

  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 1
    Data Execution Prevention Tab - No XD/NX Processor 10 Software-Enforced DEP 10 Deploying Hardware-Enabled Data Execution Prevention 11 How will XD/NX impact HP customers 11 What about customers who create their own software image 11 Advantages of using XD/NX 12 Disadvantages of using XD/NX 12
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 2
    Windows XP Service Pack 2 includes multiple security improvements: • Network protection • Memory protection • Email handling • Web browsing security • Computer maintenance Together, these security technologies help to make it more difficult to attack Windows XP, even if the latest antivirus updates
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 3
    of raising an exception when code is executed from a memory location where it should not be executed. Both Advanced Micro Devices™ (AMD) and Intel® Corporation have defined and shipped Windowscompatible architectures that support DEP. Beginning with Windows XP Service Pack 2, the 32-bit version
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 4
    base physical address and attributes of a page in physical memory. When you use PAE mode, the PTEs are extended Windows. A secondary benefit of DEP encourages good engineering and best practices for application and driver developers. Data Execution Prevention forces developers to avoid executing code
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 5
    components must support XD/NX: • Processor • System BIOS • Operating system Processor Intel released XD-capable processors for the desktop market starting support NX. Transmeta Efficeon processors using Code Morphing Software (CMS) 6.0.4 or later support NX. Both Intel and AMD have a Windows-
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 6
    PAE is enabled on systems installed with Windows XP SP2 that also have an XD- or NX-capable processor. System BIOS • Default XD support is disabled for Intel 915 2004 systems. • Default XD support is enabled for Intel 945 2005 systems. • Default NX support is enabled for AMD 2005 systems. • Default
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 7
    xw4200 - Intel 925X chipset • HP Workstation xw6200 - Intel E7525 chipset • HP Workstation xw8200 - Intel E7525 chipset These workstations disable DEP by default. However, you can manually enable DEP in BIOS. Operating System Microsoft implemented XD/NX support with Windows XP Service Pack 2. All
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 8
    select applications for DEP not to affect. This manual application exclusion is useful in working around applications or drivers that do not load or function properly because of DEP. NOTE: HP ships with Windows XP set to Optin. To prevent Windows XP SP2 from using DEP, set /NOEXECUTE to "alwaysoff
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 9
    BIOS DEP OS BOOT.INI Support Setting Setting Result No N/A Any Setting Only software-enforced DEP is available for limited Windows system binaries. Yes Disabled Any Setting Only software-enforced DEP is available for limited Windows Windows system binaries by default. • Programs and drivers
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 10
    used with any processor that supports Windows XP SP2. Software-enforced DEP is a more limited form of protection for the exception handling mechanisms in Windows. It is used when hardware-enforced DEP is not available, usually because the processor does not support XD/NX or is disabled in BIOS. 10
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 11
    who create their own software image? HP encourages you to perform your own validation if you plan to use proprietary images or software. You should test the following areas to ensure compatibility with DEP: • Third party drivers • Video • Network • Printer • Modem • Third party applications
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 12
    than 4-GB of memory. • Driver causes problem when it expects a 32-bit PTE, but instead gets a 64-bit PTE. • Driver cannot DMA properly with a 64-bit physical addresses. To a lesser extent, some drivers create code in real time. These drivers encounter the same problem as applications that create
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 13
    Solution 3DMark 2001 SE. Exception error. Add to exclusion list. 3DMark 2003 SE. Exception error. Add to exclusion list. error when opening My Add to exclusion list. Network Places. HKCMD (Intel Hotkey). Exception error. Add to exclusion list. HP Diagnostics for Windows. Exception error
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 14
    to exclusion list. Microsoft Office Pro 2003. Exception error. Add to exclusion list. Microsoft Office SB 2003. Exception error. Add to exclusion list. Norton Anti-Virus. Exception error. Add to exclusion list. Nvidia Driver Setup.exe. Exception error during installation. Add to exclusion
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 15
    - due to Install Shield. tion, can remove afterwards. Windows Catalog Exception error. Add to exclusion list. Driver Effect Creative Audigy 2NX Exception error during installation. Add to exclusion list. HP Deskjet 450ci Driver. Prints out blank page. Microsoft Knowledge Base articles
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 16
    Microsoft uses for XD and NX. In Windows XP Service Pack 2 (SP2), Microsoft introduced DEP, which is a processor feature that prevents execution of code in memory that is marked as data storage. This limits the "attack surface", specifically for buffer overrun vulnerabilities, where an attacker
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 17
    to help prevent execution of malicious code. Will an XD or NX processor work without Windows XP SP2? At this time, XD/NX support requires the following operating systems: • Windows XP SP2 • Windows Server 2003 SP1 • SUSE Linux 9.2 • Red Hat Enterprise Linux 3 Update 3 What will these technologies do
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 18
    BIOS for the i915 chipset-based 2004 and i945-chipset based 2005 desktop systems uses the CPUID instruction to locate the Execute Disable bit to determine if the installed processor supports XD. If XD is supported technologies address viruses that use buffer overflow types of attacks, and are only a
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 19
    up in the HP desktops I purchase? HP is shipping: • i915 chipset desktop systems with XD disabled in F10 Setup. • i945 chipset desktop systems with XD enabled in F10 Setup. What HP commercial desktops support this technology? • dc5100 • dc7100 • dc7600 • dx5150 • dx6100 • dx7200 • bc1000 What
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 20
    (TPM) chip? No. However, the Embedded Security Manager for ProtectTools does provide security features that can provide additional PC security. What is the minimum memory requirement for this functionality to work? XD/NX requires 128 MB of RAM - the minimum memory requirement for Windows XP SP2. 20
  • HP Dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 21
    forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. HP, Hewlett Packard, and the Hewlett-Packard logo are
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
1
Data Execution Prevention
v1.2
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Data Execution Prevention (DEP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What does Data Execution Prevention do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Data Execution Prevention Exception Message Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Hardware-Enforced DEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What is PAE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Why is this change important? What threats does it help mitigate? . . . . . . . . . . . . . . . . . . .4
Will my NX- or XD-enabled systems protect me from virus attacks?
. . . . . . . . . . . . . . . . . . .5
What are the required components for XD/NX to function?
. . . . . . . . . . . . . . . . . . . . . . . .5
How do I control the DEP functionality on my computer?
. . . . . . . . . . . . . . . . . . . . . . . . . .8
DEP Level Chart
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Data Execution Prevention Tab - No XD/NX Processor . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Software-Enforced DEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Deploying Hardware-Enabled Data Execution Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
How will XD/NX impact HP customers? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
What about customers who create their own software image?
. . . . . . . . . . . . . . . . . . . . .11
Advantages of using XD/NX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Disadvantages of using XD/NX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Conclusion and Recommendation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Known Issues
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16