I recall that AMD Athlon and Intel P4E and P4F chips have an XD feature, but I believe that it is only useful if the software supports it, a la 64-bit windows. If the prevention scheme for buffer overruns in sp2 can be easily circumvented (and it can be), wouldn't it make the XD bit utterly useless in a windows environment?
prevention of buffer overruns in sp2 weak
- Thread starter poly4life
- Start date
The OS has to support it (as well as the CPU), not the software. Service pack 2 can be downloaded now, and it implements it.
> If the prevention scheme for buffer overruns in sp2 can be
> easily circumvented (and it can be),
You can manually disable XD/NX per application (some apps like DivX apparently) won't (yet) run with the feature turned on.. however, a worm/trojan will not be able to turn it off by itselve obviously, its pretty much like you can configure a firewall to ignore certain apps, or a virusscanner not to scan certain filetypes.
Now this fix isnt a silver bullet either, but it does go a long way in avoiding commonly used buffer overrun exploits. Seems like in general, MS did its homework with SP2, and I'm glad to see them choose security over userfriendlyness or endless compatibility for once.
= The views stated herein are my personal views, and not necessarily the views of my wife. =
> If the prevention scheme for buffer overruns in sp2 can be
> easily circumvented (and it can be),
You can manually disable XD/NX per application (some apps like DivX apparently) won't (yet) run with the feature turned on.. however, a worm/trojan will not be able to turn it off by itselve obviously, its pretty much like you can configure a firewall to ignore certain apps, or a virusscanner not to scan certain filetypes.
Now this fix isnt a silver bullet either, but it does go a long way in avoiding commonly used buffer overrun exploits. Seems like in general, MS did its homework with SP2, and I'm glad to see them choose security over userfriendlyness or endless compatibility for once.
= The views stated herein are my personal views, and not necessarily the views of my wife. =
"Also, it appears Microsoft's new software-based memory protection technology is vulnerable, according to Larholm. The data execution prevention (DEP) is meant to protect users against buffer overruns, but Microsoft appears to have implemented it poorly, providing an easy way for attackers to circumvent the protection, Larholm said."
- http://www.infoworld.
com/article/04/08/13/HNhuntforsp2flaws_1.html
I pretty much figured the OS has to support the feature, in addition to the CPU (I may have said software but meant otherwise). I don't know if you've read the above article or not on SP2, but that is why I posted in the first place. According to the security expert in the article, if microsoft implemented the data protetion scheme poorly, insomuch that it can be circumvented, then the fact that it's at the hardware level as well is useless (unless your running an additional OS that supports this feature).
The XD/NX feature is certainly better than nothing, and Microsoft has come a long way with security issues. I guess we'll find out eventually if they did their homework.
- http://www.infoworld.
com/article/04/08/13/HNhuntforsp2flaws_1.html
I pretty much figured the OS has to support the feature, in addition to the CPU (I may have said software but meant otherwise). I don't know if you've read the above article or not on SP2, but that is why I posted in the first place. According to the security expert in the article, if microsoft implemented the data protetion scheme poorly, insomuch that it can be circumvented, then the fact that it's at the hardware level as well is useless (unless your running an additional OS that supports this feature).
The XD/NX feature is certainly better than nothing, and Microsoft has come a long way with security issues. I guess we'll find out eventually if they did their homework.
No, I hadn't seen the article yet, nor have I seen anything to substantiate this particular claim. It could be true, but I'd wait for more information or insights before accepting this as a fact. If it only refers to the possibility that a user can manually disable DEP for certain specific apps, it seems like a silly claim to make.. I mean, you'd have to willingly disable it for a certain worm to have any effect, or someone could write a worm that would exploit a buffer overrun for one of the few apps that don't work yet with DEP, and therefore would have it disabled on most computers. Gee, that would only reduce this particular risk by 99% or so, at east until those apps are patched to work with DEP as well.
Really, assuming this is the only issue with DEP (aside from the fact DEP/NX can't stop every sort of exploit), its like claiming a firewall is poorly implemented because you can disable it all together, or disable it (or use portforwarding) for certain apps/ports. Having a firewall is nevertheless a MAJOR improvement over not having one, and AFAICT, having DEP is a similar quantum leap forward. Nothing is ever 100% secure though, maybe we should all move to OpenBSD..(and even then..). It seems to me that SP2 in combination with DEP would stop most -if not all- known worms/exploits today. Just the sheer fact that a somewhat reasonable software firewall will be turned on by default should dramatically reduce the spread of worms.
Now, I'm sure they will find new holes, and people will still be stupid enough to open whatever executable attachement you send them, but I think its getting very much harder. My totally unsubstantiated and uniformed impression is that SP2+DEP gives a similar security boost over SP1 as NT did over 9x. Not perfect, but a world of difference nevertheless.
= The views stated herein are my personal views, and not necessarily the views of my wife. =
Really, assuming this is the only issue with DEP (aside from the fact DEP/NX can't stop every sort of exploit), its like claiming a firewall is poorly implemented because you can disable it all together, or disable it (or use portforwarding) for certain apps/ports. Having a firewall is nevertheless a MAJOR improvement over not having one, and AFAICT, having DEP is a similar quantum leap forward. Nothing is ever 100% secure though, maybe we should all move to OpenBSD..(and even then..). It seems to me that SP2 in combination with DEP would stop most -if not all- known worms/exploits today. Just the sheer fact that a somewhat reasonable software firewall will be turned on by default should dramatically reduce the spread of worms.
Now, I'm sure they will find new holes, and people will still be stupid enough to open whatever executable attachement you send them, but I think its getting very much harder. My totally unsubstantiated and uniformed impression is that SP2+DEP gives a similar security boost over SP1 as NT did over 9x. Not perfect, but a world of difference nevertheless.
= The views stated herein are my personal views, and not necessarily the views of my wife. =
TRENDING THREADS
-
-
-
-
Question What Cat6 Ethernet Cable Should I Get? I'm From The UK
- Started by legendairyjoe
- Replies: 6
-
-
-
Facebook
Twitter
Instagram