数据执行保护(Data Execution Prevention)( DEP ) 是(DEP)Windows计算机中包含的系统级安全功能。DEP的主要目的是监视进程和服务,通过关闭任何在内存中不能正常运行的程序来防止恶意代码攻击。(protect against malicious code exploits)
该功能也称为可执行空间保护,包括一组硬件和软件技术,可执行额外的系统内存检查(system memory checks)以阻止恶意代码运行。
每当有害程序尝试在为授权程序和Windows保留的特定系统内存位置执行代码时,DEP将它们标记为不可执行并引发错误。
这一切都是为了防止您的计算机受到病毒和其他安全威胁的损害(prevent any damage to your computer from viruses and other security threats)。但是,DEP有时可能会与您的防病毒软件等合法程序发生冲突,在这种情况下,您可能必须为特定应用禁用该功能。
Windows 10 中的数据执行保护如何工作(How Data Execution Prevention in Windows 10 Works)
DEP并不是针对所有恶意代码攻击的综合防御;它只是您可以与安全软件一起使用以保护您的应用程序的另一种工具。
在许多操作系统中,都有保留的内存区域用于运行关键程序和功能。此内存空间是有限的,因此如果有任何未正确写入或恶意代码进入,它可能会占用太多空间,从而导致缓冲区溢出。
发生这种情况时,它可能会向不应访问它的用户或程序授予对潜在关键数据的访问权限。
DEP介入以对抗任何不允许加载到系统内存区域的可执行程序(executable programs)的访问或执行。该功能在检测到可疑代码加载并阻止其运行时会立即引发异常。
DEP的缺点是它可能会标记依赖于Windows 服务(Services)的较旧的非 Microsoft 程序。但是,您可以禁用DEP或在系统设置中创建例外以运行此类程序。
注意(Note):一些DEP错误是由系统中过时的设备驱动程序引起的。
Windows 10 中的数据执行保护类型(Types of Data Execution Prevention in Windows 10)
创建DEP(DEP)有两种不同的方法:
基于硬件的 DEP(Hardware-based DEP)
基于硬件的DEP将从内存区域运行的可疑代码检测为不可执行,拦截并引发异常以防止对系统的任何攻击(prevent any attacks to the system)。唯一的例外是该区域专门包含可执行代码。
基于硬件的DEP依赖于处理器硬件用一组适当的属性标记内存,这些属性指示不应从该内存执行代码。
要使用基于硬件的DEP,必须满足以下条件:
- 您的计算机处理器必须支持基于硬件的DEP。实际的DEP硬件实现因AMD和Intel等处理器架构而异,其与 Windows 兼容的架构也与DEP兼容。
- 在BIOS(BIOS)中启用基于硬件的 DEP 。
- 您的计算机必须安装带有Service Pack 1的(Service Pack 1)Windows Server 2003或带有Service Pack 2的(Service Pack 2)Windows XP。
- 为计算机上的程序启用基于硬件的DEP 。在 32 位程序中,可能会禁用基于硬件的DEP,具体取决于您的配置,但在 64 位版本的Windows中,始终为 64 位内置程序启用该设置。
不确定您的 PC 上运行的是哪个版本的Windows ?这里有4 种方法来判断您使用的是 32 位还是 64 位 Windows(4 ways to tell if you’re using 32-bit or 64-bit Windows)。
基于软件的 DEP(Software-based DEP)
基于软件的DEP是一组额外的DEP安全检查,有助于防止恶意代码利用Windows中的异常处理机制。
这种类型的DEP可在任何能够运行Windows XP Service Pack 2的处理器上运行,并且仅保护有限的系统二进制文件(system binaries),而不管您的处理器基于硬件的DEP功能如何。
如何知道 DEP 在您的 Windows 10 PC 上是否处于活动状态(How to Know if DEP Is Active on Your Windows 10 PC)
您可以使用以下步骤检查 PC 系统上的DEP状态:(DEP)
- 打开控制面板(Control Panel)并选择系统和安全(System and Security)。
- 接下来,选择系统(System)。
- 在搜索框中键入查看高级系统设置。(View Advanced System Settings)
- 在系统(System)设置弹出窗口中,选择性能(Performance)部分下的设置。(Settings)
- 选择数据执行保护(Data Execution Prevention)选项卡以打开DEP 设置(DEP settings)。
- 您将在系统上看到您当前的DEP状态,以及您的计算机处理器是否支持基于硬件的DEP。
- 如果需要,您还可以向 DEP 添加例外,但只有在没有其他替代方案时才这样做。要添加例外,请为除我选择的程序和服务之外的所有程序和服务选择打开 DEP(Turn on DEP for all programs and services except those I select),然后选择添加。(Add. )选择要排除的可执行文件,然后重新启动 PC 以使更改生效。
注意(Note):大多数冲突是由 32 位程序引起的,您不能从DEP中排除 64 位程序。
如何在 Windows 10 中启用或禁用 DEP(How to Enable or Disable DEP in Windows 10)
您可以在Windows 10中禁用DEP ,以便(DEP)对要在 Windows 10 上使用的某些应用程序(applications to be used on Windows 10)进行特定的例外或修改。不建议这样做,但如果必须这样做,目前唯一的方法是通过命令行。
- 要开始,请选择开始(Start)并键入CMD以打开命令提示符菜单。选择以管理员身份运行(Run as Administrator)以打开提升的命令提示符。
- 在命令提示符(Command Prompt)窗口中,输入以下命令:BCDEDIT /SET {CURRENT} NX ALWAYSOFF 并按Enter。更改将在您的计算机重新启动后生效。在某些情况下,您可能需要调整BIOS设置以通过此命令禁用DEP 。
注意(Note):如果您想为您信任的程序关闭DEP ,请首先检查发布者是否有可用的(DEP)DEP兼容版本,或有可用的更新。如果有与DEP兼容的版本或更新可用,请安装它并让DEP保持活动状态,这样您就可以享受它可以提供的保护。否则(Otherwise)禁用DEP可能会使您的系统容易受到(vulnerable to an attack)可能传播到其他文件和程序的攻击。
- 要再次启用DEP,请打开提升的命令提示符并输入以下命令:BCDEDIT /SET {CURRENT} NX ALWAYSON。重新启动 PC 以使更改生效。
享受 DEP 保护(Enjoy DEP Protection)
虽然数据执行保护(Data Execution Prevention)是一项有价值的功能,但并非所有软件和硬件都完全支持它。因此,由于某些Windows进程在使用DEP时遇到的冲突,您的 PC 可能会遇到某些问题和错误消息。
但是,DEP是最基本的基于 Windows 的系统保护之一。除非有正当理由禁用它,否则默认情况下DEP应始终保持活动状态并谨慎对待。
What is Data Execution Prevention in Windows 10
Data Execution Prevention (DEP) is a system-level security feature included in Windows maсhіnes. The main purpose of DEP is to monitor processes and serνices to protect against malicious code exploits by shutting down any program that doesn’t run properly in memory.
The feature, which is also known as executable space protection, comprises a set of hardware and software technologies that carry out extra system memory checks to stop malicious code from running.
Whenever a harmful program tries to execute code in specific system memory locations reserved for authorized programs and Windows, DEP marks them as non-executable and throws an error.
All this happens so as to prevent any damage to your computer from viruses and other security threats. However, DEP may sometimes conflict with legitimate programs like your antivirus, in which case you may have to disable the feature for specific apps.
How Data Execution Prevention in Windows 10 Works
DEP isn’t a comprehensive defense against all malicious code exploits; it’s just another tool you can use alongside your security software to secure your apps.
In many operating systems, there are reserved memory regions where critical programs and functions run. This memory space is limited, so if anything that isn’t written correctly or malicious code gets in, it could occupy too much space leaving you with a buffer overflow situation.
When that happens, it could give access to potentially critical data to users or programs that shouldn’t access it.
DEP steps in to counter such access or execution by any executable programs that aren’t allowed to load in the system memory areas. The feature raises an exception immediately when it detects suspicious code loading and prevents it from running.
The downside with DEP is that it may flag older non-Microsoft programs that rely on Windows Services. However, you can disable DEP or create an exception in your system settings in order to run such programs.
Note: Some DEP errors are caused by outdated device drivers in the system.
Types of Data Execution Prevention in Windows 10
There are two different methods of creating DEP:
- Hardware-based DEP
- Software-based DEP
Hardware-based DEP
A hardware-based DEP detects suspicious code that runs from memory regions as non-executable, intercepts and raises an exception to prevent any attacks to the system. The only exception is where the region specifically contains executable code.
Hardware-based DEP relies on processor hardware to mark memory with an appropriate set of attributes that indicate that code shouldn’t be executed from that memory.
In order to use hardware-based DEP, the following conditions must be met:
- Your computer’s processor must support hardware-based DEP. The actual DEP hardware implementation varies by processor architecture like AMD and Intel, whose Windows-compatible architectures are also DEP-compatible.
- Enable hardware-based DEP in the BIOS.
- Your computer must have Windows Server 2003 with Service Pack 1 installed or Windows XP with Service Pack 2.
- Enable hardware-based DEP for programs on your computer. In 32-bit programs, hardware-based DEP may be disabled depending on your configuration, but in 64-bit versions of Windows, the setting is always enabled for 64-bit built-in programs.
Not sure which version of Windows is running on your PC? Here are 4 ways to tell if you’re using 32-bit or 64-bit Windows.
Software-based DEP
Software-based DEP is an additional set of DEP security checks that help prevent malicious code from leveraging exception-handling mechanisms in Windows.
This type of DEP runs on any processor that’s capable of running Windows XP Service Pack 2, and protects only limited system binaries, regardless of your processor’s hardware-based DEP capabilities.
How to Know if DEP Is Active on Your Windows 10 PC
You can check the DEP status on your PC system using the following steps:
- Open Control Panel and select System and Security.
- Next, select System.
- Type View Advanced System Settings in the search box.
- In the System settings popup, select Settings under the Performance section.
- Select Data Execution Prevention tab to open DEP settings.
- You’ll see your current DEP status on your system, and whether or not your computer’s processor supports hardware-based DEP.
- You can also add exceptions to DEP if needed, but do this only if there are no other alternatives. To add exceptions, select Turn on DEP for all programs and services except those I select and then select Add. Choose the executable file you want excluded, and then restart your PC for the changes to take effect.
Note: Most conflicts are caused by 32-bit programs, and you can’t exclude 64-bit programs from DEP.
How to Enable or Disable DEP in Windows 10
You can disable DEP in Windows 10 so as to make specific exceptions or modifications for some applications to be used on Windows 10. This is not recommended, but if you must, the only way to do it at the present time is through a command line.
- To get started, select Start and type CMD to open the command prompt menu. Select Run as Administrator to open an elevated command prompt.
- In the Command Prompt window, enter this command: BCDEDIT /SET {CURRENT} NX ALWAYSOFF and press Enter. The change will take effect after your computer restarts. In some cases, you may need to adjust a BIOS setting to disable DEP via this command.
Note: If you want to turn off DEP for a program that you trust, check first whether the publisher has a DEP-compatible version available, or has updates available. If a DEP-compatible version or update is available, install it and leave DEP active so you can enjoy the protection it can give. Otherwise disabling DEP may leave your system vulnerable to an attack that could spread to other files and programs.
- To enable DEP again, open an elevated command prompt and enter this command: BCDEDIT /SET {CURRENT} NX ALWAYSON. Restart your PC for the changes to take effect.
Enjoy DEP Protection
While Data Execution Prevention is a valuable feature, not all software and hardware fully supports it. For this reason, your PC may experience certain issues and error messages owing to the conflicts some Windows processes face when working with DEP.
However, DEP is among the most basic Windows-based system protections. Unless there’s a valid reason to disable it, DEP should always remain active by default and be treated with caution.