As we all know, Windows XP SP2 added a new security feature - DEP (Date Execution Prevention data execution protection), can protect the computer from the virus. In order to cooperate with Microsoft's DEP
technology, Intel and AMD have developed corresponding anti-virus CPUs.
DEP antivirus principle
If your system is upgraded to SP2, SP2's DEP feature is enabled to prevent virus damage, because the DEP possible to monitor a variety of programs to prevent virus Run harmful code in a protected memory location. DEP uses the NX (No eXecute) function of the processor to find data in memory that does not explicitly contain executable code (the data is sometimes the source code of the virus). After finding the data, NX marks them as "unexecutable". . Later, if a program is in memory and tries to execute these codes with "unexecutable" flags, SP2 will automatically close the program. Therefore, if you run a software that has been infected, DEP will mark the virus code as "unexecutable", which will prevent the virus from running in memory and protect the files on the computer from worms and viruses.
If you want full protection of the DEP, in addition to want to upgrade to SP2 outside, your CPU must also support DEP Technology
. Currently common 32-bit processors (such as P4 Northwood, etc.) do not support NX. The CPUs that support this technology are mainly AMD's 64-bit processors (Athlon 64, AMD Opteron), and Intel's Itanium. Series CPU, J series P4 Prescott, it is said that NVIDIA, VIA, Transmeta and other companies also plan to add NX technology to their chips. However, these vendors are slow to update NX, and it will take time to officially launch. .
How to enable or disable DEP
By default, SP2 only enables DEP for basic Windows programs and services. However, you can also set it yourself to enable DEP for all programs on your computer to protect against viruses.
example, in addition to Acrobat Reader5.0, make all programs and services are enabled DEP, methods of operation are: login account with administrator privileges SP2, and then click the "Start → Settings → Control Panel" Double-click System, click the Advanced tab, click Settings under Performance, click the Data Execution Prevention tab, and select Enable DEP for all programs and services except the following. (Figure), click "Add", navigate to the "Program Files" folder, select the executable file (extension .exe) of the program (Acrobat Reader 5.0), and finally click "OK" to complete.
If you want to disable DEP for a program (such as Acrobat Reader 5.0), you can click the "Add" button above and add it to the list. In the future, the program is vulnerable to attacks, viruses can sneak into the program, and then infect other programs on the computer and contacts in Outlook, and destroy your personal files. If some programs do not work properly after enabling DEP, you can ask the software vendor for a version of the DEP-compatible program. If there is no such version, disable DEP.
In order to support DEP, P4 Prescott uses EDB technology
In order to cooperate with Microsoft's DEP function, Intel developed "Execute Disable Bit" (EDB) for its own CPU. Memory Protection Technology
. Currently Intel P4 Prescott (mPGA478 and LGA775 package) is C0 or D0 stepping core, the latest J series P4 Prescott uses E0 stepping core. Only J series P4 Prescott has anti-virus function, only it really supports EDB technology
, can cooperate with SP2's DEP anti-virus function, disable viruses designed for buffer overrun vulnerability, prevent them Copy and distribute to other systems. After
If you use P4 Prescott /Celeron D (C0 stepping core) processor, upgraded to SP2, you will find the Windows XP operating system deadlock in the splash screen, but do not put on P4 Northwood This problem will occur. This is because SP2 can turn on the EDB function included in P4 Prescott (C0 stepping core), but this type of CPU does not have EDB's execution capability, and the transistors in its internal EDB part will not be powered, thus causing the system to die. lock. In order to solve this problem, Microsoft has released relevant amendments on September 14th. You can go to Microsoft's official website to download. Windows XP English version user download address is http://download.microsoft.com/download/c/a/5/ca5f5398-2391-42e6-8b40-f6ec4db31c88/WindowsXP-KB885626-v2-x86-enu.exe
, Windows XP Simplified Chinese version user download address http://download.microsoft.com/download/2/b/7/2b75ebbf-ce4c-4595-8ddf-4d45e4c1ca18/WindowsXP-KB885626-v2-x86 -chs.exe
to support DEP, AMD's 64-bit CPU usage EVP technology
AMD 64-bit processor first to support Microsoft's DEP Technology
. In line with DEP, AMD and Microsoft designed and developed AMD's new chip feature "Enhanced Virus Protection". AMD 64-bit processors (including Athlon 64/Athlon 64 FX/Athlon 64 mobile version/Sempron mobile version, etc.) will have EVP capabilities. The EVP function can be combined with SP2's DEP technology to prevent "cache overflow" as a common attack method, to combat some viruses and worms, and to better protect daily tasks such as sending and receiving emails and downloading files.
However, after installing SP2 on AMD 64-bit processor machines, as long as your computer starts the DEP function and configures a hardware device called Mpegport.sys driver file, when you use Sigma design When the company's Realmagic Hollywood Plus DVD decoding software, it will conflict with DEP. This is because the older driver does something similar to a virus, so SP2 misidentifies it as a virus, which starts DEP and causes the computer to restart repeatedly. In order to solve this problem, Microsoft recommends that users update this older driver, or disable DEP for this decoding software, and turn off SP2's virus protection.