How to dramatically increase Windows XP SP2 security in 10 clicks!



September 21st, 2006

Did you know that [tag]Windows XP[/tag] [tag]SP2[/tag] and [tag]Windows Vista[/tag] contain a powerful feature that you can activate that will protect your PC against many of the vulnerabilities that plague Windows users?  This is called DEP - [tag]Data Execution Prevention[/tag] and what [tag]DEP[/tag] does is prevent data stored in memory from being run as code - a trick that some malware uses to try to execute nasty code on your PC.

There are two kinds of DEP:

  • Hardware-enforced
  • Software-enforced

By far the most effective form of DEP is hardware-enforced DEP.  This relies on having a CPU that supports the NX or XD bit.  Modern AMD processors support NX (which stands for No eXecute) while modern Intel CPUs support XD (which stands for eXecute Disable).  Both features carry out the same function and differ only in name.  If you don't have a CPU that understands NX/XD then you are limited to the inferior software-enforced DEP and you'd have to upgrade the CPU or buy a new PC if you wanted to use hardware-enforced DEP. 

By default DEP on Windows XP SP2 only monitors essential Windows programs and services but you can extend this to cover all applications and services quite easily:

  • Click Start > Control Panel
  • Click on Performance and Maintenance (if you are in Classic View, skip this step)
  • Click on System
  • Click on the Advanced tab
  • In the Performance group, click on Settings
  • On the Performance Options dialog, click on the Data Execution Prevention tab
  • Click on Turn on DEP for all programs and services except those I select
    DEP
  • Click OK
  • Click OK to confirm that the system will need to be restarted
  • Finally, reboot the system

The process for fully activating DEP on Windows Vista is a little different:

  • Click Start > Control Panel
  • Click System and Maintenance
  • Click on System
  • Click on Advanced system settings
  • Click Continue on the User Account Control dialog that will be generated
  • In the Performance group, click on Settings
  • On the Performance Options dialog, click on the Data Execution Prevention tab
  • Click on Turn on DEP for all programs and services except those I select
  • Click OK to confirm that the system will need to be restarted
  • Click OK
  • Finally, reboot the system

Once you’ve rebooted, you can test that DEP is working by downloading and running a small utility called NXTEST by Robert Schlabbach.

So, what can DEP protect you against?  Well, there have been three big security scares this year that have been stopped in their tracks by hardware-enforced DEP.  These include the WMF vulnerability from the beginning of the year and the latest VML vulnerability affecting Internet Explorer.  You should never rely solely on hardware-enforced DEP to protect you against malicious code, but given that the detect rate for the VML vulnerability is still pretty awful, it's a handy safety net to be running.

This entry was posted on Thursday, September 21st, 2006 at 11:49 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

11 Responses to “How to dramatically increase Windows XP SP2 security in 10 clicks!”

  1. How To Project - Final Submissions Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  2. Working at Home on the Internet Says:

    [...] 78. How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  3. How to increase Windows XP SP2 using Data Execution Prevention - Corvillus Says:

    [...] As you may know, one of the key features introduced with the new 64 bit CPUs is the no execution (NX) bit, which is a very helpful tool in preventing buffer overflows. What you may not know is that in Windows XP, this bit is not necessarily enabled by default. The PC Doctor has a nice how to article on enabling this in XP SP2, which is a good thing, since if you know anything about programming and security, one of the major exploits is the buffer overflow, and anything to make it more difficult is a blessing. [...]

  4. Change your thoughts » Blog Archive » How to posts - loads of them Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  5. Questallia » Problogger’s ‘How to’ Group Writing Project List Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  6. Mark Choon » The Biggest, really humongous, ‘How To’ list ever assembled in 4 days! Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  7. Ask blushgirl - Romance Advice, Tips and Dating Site Reviews » Blog Archive » Day 4 How-To Articles - Final Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  8. Chewing Pencils: Helping you make money from drawing cartoons! Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  9. Chewing Pencils: Helping you make money from drawing cartoons! Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  10. Kristonia Ink! » Full List of ProBlogger How To Contest Submissions Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]

  11. Cell Phone Know How » 343 How To Posts Says:

    [...] How to dramatically increase Windows XP SP2 security in 10 clicks by Adrian [...]