The attacks of malware to thwart which exploit vulnerabilities of software is the most important element of the automatic updates. But Windows 8 offers a second manner of thwarting of such attacks. It has the prevention of execution of data called. You do not want to employ the department as alternate with other techniques described in the present part of the book. On the other hand, you want to employ it besides other techniques. (EPD)
Many attacks of malware employ a technique called overflow of shock absorber (or the overflowed shock absorber) to furtively leave the code (program instructions) in the sectors the memory that only the operating system (Windows) should employ. These sectors of memory have the direct access with all on your computer. So much any bad code which leaves furtively in this sector can make great damage.
More Security Tricks Up Its Sleeve
Some malware techniques rely on
well-known memory locations to exploit system vulnerabilities. Windows
8 has a surprise for those programs, too. It does not load essential
programs to well-known, predictable locations. Instead, it uses Address
Space Layout Randomization (ASLR) to load things in a random location
each time you start your computer. So malware writers can’t really know
in advance where a particular exploit resides in memory, making it much
more difficult to exploit those memory addresses.
Data Execution Prevention is a security antidote
to such attacks. It monitors programs to make sure they use only safe
and appropriate memory locations. If DEP notices a program trying to do
anything sneaky, it shuts that program down before it can do any harm.
By default, DEP is enabled for essential Windows
programs and services only. When coupled with antivirus protection,
that setting is usually adequate. You can crank it up to monitor all
programs and services. But if you do, you might also have to
individually choose programs that are allowed to bypass DEP. Knowing
when that’s okay may require technical expertise that goes beyond the
scope of this book.
To get to options for DEP, follow these steps:
1. Open the System window. Or at the desktop, press Windows+X and choose System. You end up in the System window.
2. In the left column, click Advanced System Settings. That takes you to the System Properties dialog box.
3. Click the
Advanced tab, click the Settings button on the Performance heading, and
then click the Data Execution Prevention tab. At last, you see the
options shown in Figure 1.
4. By default,
the option to apply DEP only to essential Windows programs and services
is selected. For stronger protection, you can turn on DEP for all
programs and services. If you choose that option, DEP may sometimes
shut down a program to prevent it from running.
Note
Many modern processors offer NX technologies,
which prevent buffer overflows at the hardware level. When buffer
overflows do occur, Windows supports that hardware-based DEP. For
processors that don’t have hardware DEP, Windows uses DEP software to
achieve the same result.
If DEP does shut down a program you need, you have a couple of choices:
- Contact the program manufacturer to find out whether there’s a version of the program that runs under DEP.
- If you trust the program, you can add it to the list of
programs that are allowed to bypass DEP. To accomplish that, you need
to click the Add button and then navigate to and double-click the
executable file (typically, such a file has the extension .exe) that DEP is shutting down.
