Hardware Secrets

Uncomplicating the complicated

Home » How to Enable Processor-Based Security

Introduction

Contents

At last PCs operating under Windows have a security level similar to that used by high performance servers. This technology – known under names that vary from manufacturer to manufacturer, such as NX (No eXecute), EVP (Enhanced Virus Protection), XD (eXecute Disable), or DEP (Data Execution Protection) – allows the processor itself to detect when a malicious code (such as a virus or a Trojan horse) is attempting to run and automatically disables such code, “drowning” the virus. In this short tutorial we will teach you how to enable this feature.
This technology works creating separate areas for the execution of programs and for data storage in the RAM memory of the computer, If a code in the area set aside for data storage tries to run, the processor understands that as something suspicious and prevents the execution of the code.
It is important to note that the processor itself doesn’t have the capacity of removing the virus from your computer. If a PC in which the NX technology has been enabled is infected by a virus, the processor will warn you (through the operating system) that your computer is possibly infected and will not permit the virus to turn, but you will still have to run an antivirus to remove the virus from your machine and avoid contaminating friends (for instance, when sending e-mails with attached files).
To have this level of security in your machine you need to fulfill three prerequisites. First, your processor must have this security technology. Second, your operating system has to be capable of recognizing it. Third, it must be enabled on your operating system.
So, the first thing to do is check whether your CPU has this technology or not. This can be done with the aid of a hardware identification utility, such as Sandra or Hwinfo.
On Sandra, click on Hardware, Processors and the program will list all features provided by your CPU. This list will be long and you should scroll down the page that will show up to the “Extended Features” section and look for “XD/NX – No-execute Page Execution Protection” feature. You will see a “yes” besides it if your CPU supports this level of security.
On Figures 1 and 2 we give two examples. The CPU in Figure 1 was from AMD (an Athlon 64 3800+) and the CPU in Figure 2 was from Intel (a Core 2 Extreme X6800). As you can see the latest CPUs from both manufacturers support this technology.

NX FeatureFigure 1: AMD CPU with NX feature.

NX FeatureFigure 2: Intel CPU with NX feature.

If your CPU doesn’t have this feature you won’t be able to enable this protection, of course.
The next step is configuring Windows to correctly enable this feature.