Did you notice a severe performance decrease after having installed Windows XP SP2? You’re not alone. Unfortunately, I lack the time for an in-depth performance comparison of XP with and without SP2. So I just ran the demo benchmark of 3DMark2001, once with SP2’s new Data Execution Prevention (DEP) enabled, once disabled (I rebooted my box before running each test).
3DMark2001 results on my box (higher values are better; the absolute values don’t matter here unless you’re interested in the absolute 3DMark2001 performance of a Toshiba Portégé M200 with 768 MB of RAM):
XP SP2 with DEP disabled (AlwaysOff): 4601
XP SP2 with DEP enabled (OptOut OptIn, i.e. the default setting for SP2): 3299
Oh my! I did expect a performance decrease, but not such a big one! And it’s even a 3D benchmark (“normal” application benchmarks might even show worse results for DEP)! So, according to these measurements (don’t quote these measured results please; they’re statistically not significant as I haven’t measured a series of test-runs, only one run per test), enabling DEP (enabled by default after installing XP SP2) results in almost 30% lower 3DMark2001 performance! It’s your choice whether the improved security of your box is worth this huge performance hit. For a server it might be (it’s still alarming though), but for my M200 TabletPC, it definitely isn’t. If you like to disable it too, here’s how to do it:
1. disable write-protection of c:\boot.ini (see the properties dialog)
2. in c:\boot.ini, replace “/NoExecute=OptIn” by “/NoExecute=AlwaysOff” using a text editor (e.g. notepad)
Further details about how to enable/disable DEP on a per-application basis are explained on this page at microsoft.com.
PS. Note that a similar execution protection for Linux, Ingo Molnar’s exec-shield, affords a performance decrease of a few percents only. I really wonder how MS managed to burn that many clock cycles..