DEP soft and hard to protect Windows 7 user data security

For computer security measures, some people say that software is the most cost-effective. Some people say that hardware is the safest. If it is both hard and soft, what is the security of the computer? Data Execution Prevention (DEP) in Windows 7 allows users to experience the security experience brought by the combination of hardware and software.

It is understood that data execution protection is a set of hardware and software technology that can perform additional checks on memory to help prevent malicious code from running on the system. In fact, users have already given DEP to protect your security as early as Microsoft Windows XP Service Pack 2, Microsoft Windows Server 2003 Service Pack 1, Microsoft Windows XP Tablet PC Edition 2005, and Microsoft Windows Vista. Some people may not yet Too familiar.

Unlike anti-virus programs, hardware and software implementations of DEP technology are not intended to prevent the installation of unwanted programs on a computer. Instead, monitor your installed programs to help determine if they are using system memory safely. To monitor your program, the hardware implementation DEP will track the area of ​​memory that has been designated as "unexecutable". If memory has been specified as "not executable", but a program attempts to execute code through memory, Windows will shut down the program to prevent malicious code. This is done regardless of whether the code is malicious or not.

Microsoft DEP implementation There are two ways, namely hardware forced DEP and software forced DEP.

Hardware forced DEP requires processor support, but most processors now support DEP. In line with Microsoft's DEP capabilities, Intel has made technical improvements to its own CPU. Intel has developed "Execute Disable Bit" (EDB) memory protection technology for its own CPU. At the same time, AMD also designed and developed AMD's new chip function "Enhanced Virus Protection" with Microsoft.

So, how do you know if your processor supports DEP? To do this, right-click on the "Computer" icon on the desktop, select "Properties", and click on the "Advanced System Settings" link in the "System" window that opens to open the "System Properties" panel. Click "Settings" under "Performance" on the "Advanced" tab page to open the "Performance Options" panel. Click on the "Data Execution Prevention" tab, where we can confirm whether our computer's processor supports DEP.

If supported, the Windows 7 system will display "Your computer's processor supports hardware-based DEP." on the bottom line of the Performance Options dialog. If it is not supported, it will display "Processing of your computer." Hardware-based DEP is not supported.

Even if your processor does not support hardware-enforced DEP, there is no need to be nervous, and there is software to force DEP. Software-enforced DEP is provided by the Windows operating system in a set of special pointers automatically added to the saved data objects in system memory, which performs additional checks on the exception handling mechanism in Windows. If the program's image file was created with Safe Structure Exception Processing (SafeSEH), the software forces DEP to ensure that the exception handler is registered in the function table located in the image file before the exception is dispatched. If the program's image file was not created with SafeSEH, the software forces DEP to ensure that the exception handler is in the memory area marked as executable before the exception is dispatched.

Specify the operation to open the "Control Panel" of Windows 7 system, find and open "Performance Options", select "Data Execution Protection" and check "Start DEP for basic Windows programs and services only", then click OK That is, the software is started to force the DEP operation.