Data Execution Protection




Download 222.5 Kb.
bet13/19
Sana21.03.2017
Hajmi222.5 Kb.
#431
1   ...   9   10   11   12   13   14   15   16   ...   19

Data Execution Protection


Beginning with Windows XP Service Pack 2 (SP2) and continuing with Windows Server 2003 SP1 and Windows XP Professional x64 Edition, Windows uses DEP to prevent malicious code from being able to execute, even when a buffer overrun occurs. Even without a processor that supports DEP in hardware, Windows is able to detect code running from memory locations that it should not.

x64 Advantages


With the introduction of x64 processors, both AMD and Intel added hardware support for DEP. The processor sets the No Execute bit (for AMD processors) or the Execute Disable bit (for Intel processors) on all entries in the memory address table that are for data only and should not be executed. If code attempts to execute from within an area of memory marked as data only, Windows will raise a status access violation exception and terminate the process.

While DEP is by no means a substitute for a well-designed and implemented anti-virus and anti-malware deployment in any organization, it is an important additional layer of protection that would have prevented the spread of the MSBlaster worm had it been widely implemented at the time.

All 64-bit versions of Windows support the hardware DEP features of the 64-bit processors, enabling users, developers, and administrators the ability to globally or selectively protect against this kind of exploit. By default, DEP is enabled on Windows XP Professional x64 Edition and Windows Server 2003 x64 Editions for essential Windows programs and services only.

The x64 versions of Windows also support Microsoft’s PatchGuard technology that prevents non-Microsoft originated programs from patching the Windows kernel. This technology, available only on Windows x64 Editions, prevents kernel mode drivers from extending or replacing kernel services including system service dispatch tables, the interrupt descriptor table (IDT), and the global descriptor table (GDT). Third-party software is also prevented from allocating kernel stacks or patching any part of the kernel.



Download 222.5 Kb.
1   ...   9   10   11   12   13   14   15   16   ...   19




Download 222.5 Kb.

Bosh sahifa
Aloqalar

    Bosh sahifa



Data Execution Protection

Download 222.5 Kb.