XP2的新功能之一DEP 關閉

psac · 2004-08-16, 03:10 AM

Q:

SP2的Data Execution Prevention是自動開啟的，但是我倒Duron太老了不支持，是軟體實現的...

這個東西有用嗎？占資源嗎？

引用:
Understanding Data Execution PreventionData Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts.

Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you.

DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features.

A:
AMD在週一稱，AMD昇級版的病毒防護（EVP，Enhanced Virus Protection）可相容微軟新發佈的Windows XP操作系統的昇級修正檔包SP2（Service Pack 2），可以有效的阻斷一些病毒和蠕蟲的攻擊。
只有64位的CPU才硬體支持

資料執行預防（NX）。微軟與處理器製造商展開合作，英特爾和AMD都將在其新型處理器中提供對SP2的NX資料執行保護技術的支持。從安全性的立場看，NX防護不啻是強有力的改良範例，它將可能有效預防"緩衝區溢出"這一最一般的病毒入侵方式。

NX 的全名是「no execute」（不執行），其作用在於允許支持NX的CPU把某些記憶體區域標注為「不得執行」（non-executable）。換句話說，任何闖入那些區域的來源碼，像Blaster這類惡意程序，都只能呆坐在那兒不准動，因而被剝奪破壞能力。此功能將強化Windows XP對抗緩衝區溢出威脅。

去年，微軟收購了一家羅馬尼亞防病毒公司，其"記憶體保護"技術已經用在SP2上。

關閉的方法是修改boot.ini，可以看見其中在[operating system]裡面有一行有NoExecute=xxxxxx
的字樣，把他改成Execute再重啟就可以了.

2004-08-16, 03:10 AM	#1
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	XP2的新功能之一DEP 關閉 Q: SP2的Data Execution Prevention是自動開啟的，但是我倒Duron太老了不支持，是軟體實現的... 這個東西有用嗎？占資源嗎？引用: Understanding Data Execution PreventionData Execution Prevention (DEP) helps prevent damage from viruses and other security threats that attack by running (executing) malicious code from memory locations that only Windows and other programs should use. This type of threat causes damage by taking over one or more memory locations in use by a program. Then it spreads and harms other programs, files, and even your e-mail contacts. Unlike a firewall or antivirus program, DEP does not help prevent harmful programs from being installed on your computer. Instead, it monitors your programs to determine if they use system memory safely. To do this, DEP software works alone or with compatible microprocessors to mark some memory locations as "non-executable". If a program tries to run code—malicious or not—from a protected location, DEP closes the program and notifies you. DEP can take advantage of software and hardware support. To use DEP, your computer must be running Microsoft Windows XP Service Pack 2 (SP2) or later, or Windows Server 2003 Service Pack 1 or later. DEP software alone helps protect against certain types of malicious code attacks but to take full advantage of the protection that DEP can offer, your processor must support "execution protection". This is a hardware-based technology designed to mark memory locations as non-executable. If your processor does not support hardware-based DEP, it's a good idea to upgrade to a processor that offers execution protection features. A: AMD在週一稱，AMD昇級版的病毒防護（EVP，Enhanced Virus Protection）可相容微軟新發佈的Windows XP操作系統的昇級修正檔包SP2（Service Pack 2），可以有效的阻斷一些病毒和蠕蟲的攻擊。只有64位的CPU才硬體支持資料執行預防（NX）。微軟與處理器製造商展開合作，英特爾和AMD都將在其新型處理器中提供對SP2的NX資料執行保護技術的支持。從安全性的立場看，NX防護不啻是強有力的改良範例，它將可能有效預防"緩衝區溢出"這一最一般的病毒入侵方式。 NX 的全名是「no execute」（不執行），其作用在於允許支持NX的CPU把某些記憶體區域標注為「不得執行」（non-executable）。換句話說，任何闖入那些區域的來源碼，像Blaster這類惡意程序，都只能呆坐在那兒不准動，因而被剝奪破壞能力。此功能將強化Windows XP對抗緩衝區溢出威脅。去年，微軟收購了一家羅馬尼亞防病毒公司，其"記憶體保護"技術已經用在SP2上。關閉的方法是修改boot.ini，可以看見其中在[operating system]裡面有一行有NoExecute=xxxxxx 的字樣，把他改成Execute再重啟就可以了.

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次

相似的主題
主題	主題作者	討論區	回覆	最後發表
教學 - 運用命令指令行寫IPSec（winodws OS ）	psac	網路軟硬體架設技術文件	3	2006-09-19 10:07 AM
系統 - IPSec Filter （IP安全策略）	psac	網路軟硬體架設技術文件	6	2006-09-15 04:07 PM
關閉有害木馬連接阜	psac	Hacker/Cracker 及加解密技術文件	1	2006-05-29 03:46 AM
104種木馬的清除方法	psac	應用軟體使用技術文件	6	2003-08-03 03:56 PM
如何架設CS伺服器	psac	網路軟硬體架設技術文件	0	2003-07-24 01:13 AM

Google 提供的廣告