Compaq dc7100 Data Execution Prevention - White Paper, 2nd Edition
Compaq dc7100 - Convertible Minitower PC Manual
View all Compaq dc7100 manuals
Add to My Manuals
Save this manual to your list of manuals |
Compaq dc7100 manual content summary:
- Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 1
control the DEP functionality on my computer 8 DEP Level Chart 9 Data Execution Prevention Tab - No XD/NX Processor 10 Software-Enforced DEP 10 Deploying Hardware-Enabled Data Execution Prevention 11 How will XD/NX impact HP customers 11 - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 2
Windows XP Service Pack 2 includes multiple security improvements: • Network protection • Memory protection • Email handling • Web browsing security • Computer maintenance Together, these security technologies help to make it more difficult to attack Windows XP, even if the latest antivirus updates - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 3
on memory to help protect against malicious code and viruses. In Windows XP SP2, DEP is enforced by both hardware and software. Data Execution Prevention Exception Message Box If an application or driver attempts to execute code from an area where it should not on a DEP-protected computer, Windows - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 4
64-GB of memory, as follows: 236 = 68,719,476,736 (64 GB) A processor with XD or NX marks memory pages as Windows. A secondary benefit of DEP encourages good engineering and best practices for application and driver developers. Data Execution Prevention forces developers to avoid executing code - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 5
components must support XD/NX: • Processor • System BIOS • Operating system Processor Intel released XD-capable processors for the desktop market starting support NX. Transmeta Efficeon processors using Code Morphing Software (CMS) 6.0.4 or later support NX. Both Intel and AMD have a Windows- - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 6
PAE is enabled on systems installed with Windows XP SP2 that also have an XD- or NX-capable processor. System BIOS • Default XD support is disabled for Intel 915 2004 systems. • Default XD support is enabled for Intel 945 2005 systems. • Default NX support is enabled for AMD 2005 systems. • Default - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 7
- Intel 925X chipset • HP Workstation xw6200 - Intel E7525 chipset • HP Workstation xw8200 - Intel E7525 chipset These workstations disable DEP by default. However, you can manually enable DEP in BIOS. Operating System Microsoft implemented XD/NX support with Windows XP Service Pack 2. All future - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 8
select applications for DEP not to affect. This manual application exclusion is useful in working around applications or drivers that do not load or function properly because of DEP. NOTE: HP ships with Windows XP set to Optin. To prevent Windows XP SP2 from using DEP, set /NOEXECUTE to "alwaysoff - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 9
DEP Level Chart Processor BIOS DEP OS BOOT.INI Support Setting Setting Result No N/A Any Setting Only software-enforced DEP is available for limited Windows system binaries. Yes Disabled Any Setting Only software-enforced DEP is available for limited Windows system binaries. Yes Enabled - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 10
DEP, set the operating system to /alwaysoff in the BOOT.INI file. Software-Enforced DEP Software-enforced DEP is a set of DEP security checks built into Windows XP SP2 that can be used with any processor that supports Windows XP SP2. Software-enforced DEP is a more limited form of protection for - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 11
HP customers? HP tests its images and deliverables for XD/NX compatibility, including: • Shipping HP applications • Operating system image • Shipping peripheral drivers areas to ensure compatibility with DEP: • Third party drivers • Video • Network • Printer • Modem • Third party applications • - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 12
with XD disabled in F10 Setup. • i945 desktop systems with XD enabled by default in F10 Setup. • Transmeta processor bc1000 computers with NX disabled by default in BIOS. • AMD processor-based ATI desktop computers with NX enabled by default in BIOS. To manually turn off DEP, change the state to - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 13
Control Center. Exception error. Add to exclusion list. ATI Driver Setup.exe. Exception error during installation. Add to exclusion list when opening My Add to exclusion list. Network Places. HKCMD (Intel Hotkey). Exception error. Add to exclusion list. HP Diagnostics for Windows. Exception - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 14
Exception error. Add to exclusion list. Nvidia Driver Setup.exe. Exception error during installation. Shield. tion, can remove afterwards. PC Worldbench. Exception error during installation. Add list. Quake 3. Exception error. If IGD graphics, then shift into 4bit VGA after the exception - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 15
and runtime. WinDiags. Exception error. Add to exclusion list. Window-Eyes Exception error during installation Add to exclusion list for installa- HP Deskjet 450ci Driver. Prints out blank page. Microsoft Knowledge Base articles about incompatibilities found during testing: http://support. - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 16
your computer. Instead, it monitors your programs to determine whether they use system memory safely. Windows XP SP2 uses two types of DEP: • Hardware-enforced DEP - Hardware-enforced DEP provides data protection with hardware (processor) support, requiring use of Windows XP SP2 and a processor that - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 17
to execute out of data memory. You should test your images before deploying XD/NX. If a problem does occur with an application/ driver associated with a trusted software, you can exclude that software. Will the new processors, new or updated BIOS, and Windows XP SP2 require a new image qualification - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 18
default, how do I turn it on? The BIOS for the i915 chipset-based 2004 and i945-chipset based 2005 desktop systems uses the CPUID instruction to locate the Execute Disable bit to determine if the installed processor supports XD. If XD is supported, then the Data Execution Prevention option appears - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 19
enabled in F10 Setup. What HP commercial desktops support this technology? • dc5100 • dc7100 • dc7600 • dx5150 • dx6100 • dx7200 • bc1000 What HP workstations support this technology? • HP Workstation xw4200 • HP Workstation xw6200 • HP Workstation xw8200 If the processor is changing, is the chipset - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 20
(TPM) chip? No. However, the Embedded Security Manager for ProtectTools does provide security features that can provide additional PC security. What is the minimum memory requirement for this functionality to work? XD/NX requires 128 MB of RAM - the minimum memory requirement for Windows XP SP2. 20 - Compaq dc7100 | Data Execution Prevention - White Paper, 2nd Edition - Page 21
XD/NX uses memory tagging, there is no minimum processor speed required for XD/ NX to function. The minimum speed XD processor that Intel has released is the 325J Celeron that runs at 2.53GHz. Currently, all AMD Athlon 64 processors support NX. Will this affect remote users on my network? As long as
1
Data Execution Prevention
v1.2
Introduction
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Data Execution Prevention (DEP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What does Data Execution Prevention do? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Data Execution Prevention Exception Message Box . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
Hardware-Enforced DEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3
What is PAE? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Why is this change important? What threats does it help mitigate? . . . . . . . . . . . . . . . . . . .4
Will my NX- or XD-enabled systems protect me from virus attacks?
. . . . . . . . . . . . . . . . . . .5
What are the required components for XD/NX to function?
. . . . . . . . . . . . . . . . . . . . . . . .5
How do I control the DEP functionality on my computer?
. . . . . . . . . . . . . . . . . . . . . . . . . .8
DEP Level Chart
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
Data Execution Prevention Tab - No XD/NX Processor . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Software-Enforced DEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10
Deploying Hardware-Enabled Data Execution Prevention . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
How will XD/NX impact HP customers? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
What about customers who create their own software image?
. . . . . . . . . . . . . . . . . . . . .11
Advantages of using XD/NX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Disadvantages of using XD/NX
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Conclusion and Recommendation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Known Issues
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Frequently Asked Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16