Most Windows XP users are unaware about a very powerful option included in Service Pack 2, called Hardware DEP support. DEP stands for Data Execution Protection, and can prevent many buffer overruns that plague Windows (and Linux, and Apple) software.
To activate hardware DEP, you need two things:
- A processor that supports DEP
- An operating system that implements DEP
Most processors produced in the last couple of years support it. However, most BIOSes turn DEP off by default! To find out if your system supports hardware DEP, Steve Gibson of Spinrite fame has written a small Windows utility called Secureable. This will show you processor bitlength, Hardware DEP support, and Hardware Virtualization support. I haven’t seen any utilities for Linux…
After determining that your processor supports Hardware DEP, you need to enable it. Reboot your computer, and go into the setup. Depending on the BIOS, this may or may not show up as an option. Dig around in the menus, but be careful not to turn any other options on or off besides Hardware DEP.
If your BIOS allows you to turn DEP on, reboot the computer again, and turn DEP on in Windows. It’s a little hidden, but I reached it as follows:
- Right-click on My Computer and select Properties
- Click on the Advanced tab
- In the Performance block, click on Settings.
- Click on the Data Execution Prevention tab
- Select the radio button Turn On DEP.
If any programs cause problems, you can add them to the exceptions list by pressing the Add button in the DEP tab, and adding the program name.
Warning! There are reports of Windows not being able to start after enabling DEP. Check out Steve Gibson’s Securable page for the status of his program DEPuty and links to a Microsoft Knowledge Base article on how to set up DEP.
However, since the advantages of DEP are pretty big, I suggest making a backup of your system and trying it out, despite the risks. If you are a little more conservative, wait until Steve finished DEPuty…