TECHNICAL SUPPORT BULLETIN
What is Execute Disable Bit (XD-Bit)?
Use of any software made available for download from this system constitutes your acceptance of the Export Control Terms and the terms in the Toshiba end-user license agreement both of which you can view before downloading any such software.
Document ID:TSB001112
Model(s):All models with XD-Bit feature
Operating System:NA
Date Posted (mm/dd/yyyy):3/29/2005
Date Modfied (mm/dd/yyyy):3/29/2005
Author:SUR
DESCRIPTION:
What is Execute Disable Bit (XD-Bit)?
Execute Disable Bit (XD-Bit) is a system feature that, if present and enabled, allows the notebook’s processor to distinguish between bits of code that should be executed and the ones that cannot be executed because they pose a threat to the system. When a malicious worm attempts to insert code into the buffer, the processor disables the code execution, preventing damage or worm propagation. In other words, even if infected code is present on the notebook, as long as the processor does not execute it, the code cannot cause any damage. This process of disabling the code execution is called Data Execution Protection or DEP.
What is hardware-enforced DEP and how does it work?
The DEP process can be either hardware-enforced, which requires hardware support, or software-enforced, which provides additional exception handling checking and does not require specific hardware support. Hardware enforced DEP requires a processor capable of executing the feature as defined by Intel for the XD-Bit. DEP marks all processor memory locations as non-executable unless the location explicitly contains executable code. One class of security attacks attempts to insert and execute code from non-executable memory locations. DEP helps prevent these attacks by intercepting such attempts and raising an exception. DEP also relies on processor hardware to mark memory locations with an attribute indicating that code should not be executed from that location. Windows XP Service Pack 2 recognizes this exception and prevents that code from executing.
The 32-bit version of Windows (beginning with Windows XP Service Pack 2) uses the XD-Bit feature as defined by Intel when the notebook processor is running in Physical Address Extension (PAE) mode.
DEP Configurations for Windows XP SP2
Opt-in: DEP is enabled by default for limited system applications and software applications that ‘opt-in’ and is available on systems with processors capable of hardware-enforced DEP. Technical support may enable DEP for additional applications.
Opt-out: DEP is enabled by default for all processes. Users can manually create a list of specific applications that are not DEP-enabled by using System Properties.
Always On: Full coverage for the entire system and all processes run with DEP enabled. It is not possible to ‘opt-out’ of DEP.
Always Off: There is no DEP for the system.
Summary of features and benefits
  • Execute Disable Bit (XDBit) - Prevention of buffer overflow virus attacks by enabling the system processor to distinguish between code that can and cannot be executed.
  • Data Execution Protection (DEP) - Process that allows the system processor to disable code execution, thereby preventing virus damage or worm propagation.
  • Four DEP configurations - User flexibility.
DISCLAIMER:
Trademarks are registered to their respective companies. Toshiba of Canada Limited has done its best to ensure the accuracy of this information. Despite every effort to the contrary, errors, omissions, or discrepancies may have occurred in preparation of this document, and Toshiba of Canada Limited assumes no liability for damages incurred due in part or in whole to such errors.