CPU anti-virus Windows XP SP2 DEP technology secrets

As we all know, DEP (Date Execution Prevention Data Execution Protection), a new security function added in Windows XP SP2, can protect computers from viruses. Intel and AMD have developed anti-virus CPUs to work with Microsoft's DEP technology.

Anti-Virus principle of DEP

If your system is upgraded to SP2, enable the DEP function of SP2 to prevent virus destruction. This is because DEP can monitor various programs and prevent viruses from running harmful code in protected memory locations. Through the NX (No eXecute) function of the processor, DEP looks for data in the memory that does not explicitly contain executable code (the data is sometimes virus source code). After finding the data, NX marks them as "unexecutable ". In the future, if a program is in the memory and tries to execute the Code with the "unexecutable" mark, SP2 will automatically close the program. Therefore, if you run an infected software, DEP marks the virus code as "unexecutable" to prevent viruses from running in the memory, protect files on your computer from worms and viruses.

If you want to make full use of the DEP protection function, in addition to upgrading the system to SP2, your CPU must also support the DEP technology. Currently, common 32-bit processors (such as P4 Northwood) do not support NX. The CPUs supporting this technology mainly include AMD's 64-bit processors (Athlon 64 and AMD Opteron ), and Intel's Apsara series CPU and J series P4 Prescott. It is said that companies such as nVIDIA, VIA, and quanfang also plan to add NX technology to their chips, however, the pace for these vendors to update NX is too slow, and the official launch will be delayed.

How to enable or disable DEP

By default, SP2 only Enables DEP for basic Windows programs and services. However, you can also set it to enable DEP for all programs on your computer to prevent viruses.

For example, to enable DEP for all programs and services except Acrobat Reader5.0, log on to SP2 as an administrator account, and click Start → set → control panel ", double-click "system", click the "advanced" tab, click "Settings" under "performance", and click the "Data Execution Protection" tab, select "enable DEP for all programs and services other than the following programs", click "add", navigate to the "Program Files" folder, and select the Program (the executable file of Acrobat Reader 5.0. (the extension name is .exe ), click OK.

If you want to disable DEP for a program (such as Acrobat Reader 5.0), you can click the "add" button to add it to the list. In the future, the program will be very vulnerable to attacks. The virus can sneak into the program and then infect the contacts on the computer and destroy your personal files. If some programs cannot run normally after DEP is enabled, you can ask the software vendor for a version compatible with DEP. If no such version is available, disable DEP.

To support DEP, P4 Prescott adopts EDB Technology

To work with Microsoft's DEP function, Intel developed the Execute Disable Bit (EDB) memory Protection Technology for its CPU. Currently, Intel P4 Prescott (mPGA478 and LGA775 packages) is the C0 or D0 step-by-step core. The latest J series P4 Prescott uses the E0 step-by-step core. Among them, only the J series P4 Prescott has the anti-virus function. Only the J series P4 Prescott truly supports the EDB technology and can cooperate with the DEP anti-virus function of SP2 to invalidate the virus designed for the buffer overflow vulnerability, prevent them from replicating and spreading them to other systems.

If you use a P4 Prescott/celeon D (C0 stepping core) processor, after upgrading to SP2, you will find that the Windows XP operating system has a deadlock on the startup screen, but it won't happen if you change to P4 Northwood. This is because SP2 can enable the EDB function contained in P4 Prescott (C0 stepping core). However, this type of CPU does not have the EDB execution capability, and the transistors in its EDB cannot be powered on, therefore, the system will be deadlocked. To solve this problem, Microsoft released the relevant correction files on September 10, September 14. You can download them from Microsoft's official website. For Windows XP, the English version is Simplified Chinese version of Windows XP.

To support DEP, AMD's 64-bit CPU uses EVP Technology

AMD 64-bit processors are the first to support Microsoft's DEP technology. To work with DEP, AMD and Microsoft have jointly designed and developed the new AMD chip function "Enhanced Virus Protection" (EVP enhances Virus Protection ). AMD 64-bit processors (including the Athlon 64/Athlon 64 FX/Athlon 64 mobile version/Sempron mobile version) will all have the EVP function. The EVP function can work with the DEP Technology of SP2 to prevent the common attack means of "cache overflow" and to combat some viruses and worms, provides better protection for daily work such as sending and receiving emails and downloading files.

However, after SP2 is installed on an AMD 64-bit processor, if your computer has enabled the DEP function and configured the requirement to be Mpegport. sys driver file hardware, when you use Sigma design company Realmagic Hollywood Plus dvddecoding software, it will conflict with DEP. This is because the old driver will perform some operations similar to the virus, so SP2 mistakenly recognizes it as a virus, thus starting DEP, causing the computer to restart repeatedly. To solve this problem, Microsoft recommends that you update the older driver or disable DEP for the decoding software to disable the virus protection function of SP2.