Protecting Windows from Viruses and Spyware
DEP is enabled only for core Windows components. To take full advantage of DEP for non-Windows programs, you must find the Data Execution Prevention menu, nestled deep in the user interface, and turn on DEP for all programs. Microsoft did not enable this setting because some programs do not work with DEP enabled. This should not deter you from taking full advantage of DEP because, as shown in Figure 30.5, there is an exception list, and the trouble is worth the extra security. To enable DEP, follow these steps:
1. Select Start, Control Panel, System and Security.
2. Choose System, Advanced System Settings.
3. On the Advanced tab of the Performance Options dialog box, click Settings (under Performance), and then select the Data Execution Prevention tab.
4. Select the Turn on DEP for All Programs and Services radio button.
5. Click OK. In the System Properties dialog box that prompts you to restart your computer, click OK.
6. Close any remaining dialog boxes and windows, and then restart your computer.
Enable DEP for all programs and services.
Hardware DEP takes advantage of the processor's inherent security features. Even if your computer lacks an AMD processor with NX (No Execute) or an Intel processor with XD (Execute Disabled) features, Windows 7 can still provide some level of buffer overflow protection using software DEP. Although not as good as hardware DEP, software DEP has proven effective against real-world exploits. It can protect the exception-handling processes in Windows and provides better protection when programs are built specifically to support software DEP.
Was this article helpful?