Inprise
سه شنبه 01 دی 1383, 15:07 عصر
<span dir=ltr>Hi guys , you may know i'm deadly busy todays but seems bad bytes bad Streams bad guys and oolso Good news about good things and bad news about their wild exploits wont leave me alone . one of my Close friends at Motorolla was talking about their NX roadmap last night ean it was killer interesting . this is not something new but though it l help you think more about out living world . big thanks to the-chaser for comments .
Forget antivirus software and firewalls, chipmakers are embedding security virus protection into CPUs themselves. Transmeta is the latest chipmaker to jump on board the emerging trend, adding “no execute” (NX) technology to its Efficeon chips. Intel and AMD are also adding the feature to prevent one of the most common attack vectors.
Is this the answer to increasingly sophisticated attacks? The 2004 Australian Computer Crime and Security Survey reports that a whopping 88% of computer-based attacks involved viruses, worms or Trojans and that 60% of respondents said they believed attacks were successful because of unpatched or unprotected software.
With users struggling to keep up with daily virus updates, the idea is that your PC can fend off virus attacks unaided. NX is the first time that a particular feature has been introduced into a mass-market chipset specifically for the purpose of tightening up security holes.
If you believe the hype, the payoff could be huge. “Implementing this feature would potentially stop around 50% of the viruses that have been designed to date,” says Michael Apthorpe, technical manager with chipmaker AMD for Australia and New Zealand. That includes such notorious offenders as Slammer, Welchia, Sasser and MSBlaster.
AMD has included NX support in all of its 64-bit Athlon 64 and Opteron processors but it isn’t the only company implementing the feature (which it will call Execution Protection). In addition to Transmeta, Intel currently supports NX in its 64-bit Itanium 2 processors, although desktop CPUs are reportedly getting it.
And it’s not just Windows. While the technology has been developed between Microsoft and individual chipmakers, Intel and Linux vendor Red Hat released a prototype of code that adds support for NX to Linux in June.
NX is specifically targeted at resolving buffer overflows, a software loophole exploited by viruses. As a result of slapdash programming, buffer overflows are ubiquitous in both off-the-shelf software and custom-built tools. The increasing prevalence of viruses that exploit the loophole has increased awareness of the problem, but buffer overflows remain an all-too-real threat. Finding them is something of a hobby for bug watchers.
Trying to fix the problem by issuing patches has been like plugging a leaking dike with your fingers. NX is Microsoft’s first attempt to go on the virus prevention offensive by fundamentally altering system design to stop buffer overruns the nanosecond they happen.
The idea is that CPUs will automatically check system memory for leaks that could result in buffer overflows. If such a leak is detected, the chip raises a flag, Windows identifies the offending application — which quite often is a virus — and stops it before it can do any damage.
Tapping into the bug has been honed to a fine art by hackers. Viruses feed an application a special combination of legitimate data — which fills the buffer — and malicious code that extends past the boundary of the buffer into another part of memory.
Another application, or the operating system itself, thinks the implanted code is a legitimate application and runs it — damaging files, opening up the system to remote control, or otherwise compromising its integrity. In this way, malicious code can be implanted on a system while circumventing any controls that would normally be in place.
In the past, almost all of a system’s memory has been available to applications, with few restrictions. An NX-capable processor, however, works with Windows to keep a better eye on the status of system memory. Checkbits indicate whether each part of that memory has been allocated as executable — which means it’s allowed to run applications — or non-executable, which means it’s not.
NX marks all memory non-executable by default — when Windows runs an application, it instructs the processor to drop the flag protecting that area of memory. If an application attempts to write into a part of memory that hasn’t been explicitly authorised, the processor detects the activity and raises a flag. This event is passed to the operating system, which immediately stops the offending application and raises an error message to tell the user what’s happened.
This capability within Windows XP is called Data Execution Prevention (DEP). It’s added to both 32-bit and 64-bit versions of Windows as part of the Windows XP SP2, but is only activated on systems with the NX capability built into them.
The only catch in this marketing dream is that NX doesn’t just respond to viruses. It will also be triggered by poorly written applications or drivers that allow buffer overflows as a result of poor data handling. Such applications remain horribly common, particularly in high-pressure environments where inadequate testing or developer training has allowed potential problems to slip through.
The odds are that the system you’re running now has buffer overruns happening every day, but your system is none the wiser. If your system had NX, however, it would be popping up flags every few minutes. Inadvertent design flaws that might not normally cause problems will now cause an otherwise legitimate application to stop dead in its tracks.
Microsoft faces a catch-22: by tightening buffer overflow security, it risks introducing application incompatibilities that could become show-stoppers if important applications are brought to a standstill.
Microsoft has moved early to address this issue, working with developers to educate them about how NX works and the increased need to ensure buffer overflows are totally eliminated from all application code.
Danny Beck, senior product manager for Windows with Microsoft Australia, concedes that the introduction of NX could potentially cause interruptions for home and business users alike, but hopes the benefits will justify any inconveniences in the long run. “We need to work closely with the developer community to make sure they’re writing correct code. It’s difficult, but it really boils down to constant education of the market,” Beck says.
Until that education is complete — and key applications are checked and double-checked to eliminate buffer overruns — 32-bit apps may simply be too dangerous for chipmakers to introduce NX support.
With these dangers in mind, Microsoft has engineered a somewhat worrying compromise into XP Service Pack 2, expected this month: users can disable the DEP feature if they want — either completely, or by specifying a list of applications that shouldn’t be checked.
This could easily result in many people inadvertently switching NX protection off. Hackers could also modify the system registry, where the DEP feature is managed, to turn it off without the user even knowing.
In the future, users may not have a choice. As virus attacks continue to proliferate, pressure will undoubtedly increase on chipmakers to enable the feature by default. Virus blocking features such as NX could become a major selling point for CPUs alongside factors like clock speed and cache size.
Best wishes - means money , girl & Health . nothing else ma'er - :) </span>
Forget antivirus software and firewalls, chipmakers are embedding security virus protection into CPUs themselves. Transmeta is the latest chipmaker to jump on board the emerging trend, adding “no execute” (NX) technology to its Efficeon chips. Intel and AMD are also adding the feature to prevent one of the most common attack vectors.
Is this the answer to increasingly sophisticated attacks? The 2004 Australian Computer Crime and Security Survey reports that a whopping 88% of computer-based attacks involved viruses, worms or Trojans and that 60% of respondents said they believed attacks were successful because of unpatched or unprotected software.
With users struggling to keep up with daily virus updates, the idea is that your PC can fend off virus attacks unaided. NX is the first time that a particular feature has been introduced into a mass-market chipset specifically for the purpose of tightening up security holes.
If you believe the hype, the payoff could be huge. “Implementing this feature would potentially stop around 50% of the viruses that have been designed to date,” says Michael Apthorpe, technical manager with chipmaker AMD for Australia and New Zealand. That includes such notorious offenders as Slammer, Welchia, Sasser and MSBlaster.
AMD has included NX support in all of its 64-bit Athlon 64 and Opteron processors but it isn’t the only company implementing the feature (which it will call Execution Protection). In addition to Transmeta, Intel currently supports NX in its 64-bit Itanium 2 processors, although desktop CPUs are reportedly getting it.
And it’s not just Windows. While the technology has been developed between Microsoft and individual chipmakers, Intel and Linux vendor Red Hat released a prototype of code that adds support for NX to Linux in June.
NX is specifically targeted at resolving buffer overflows, a software loophole exploited by viruses. As a result of slapdash programming, buffer overflows are ubiquitous in both off-the-shelf software and custom-built tools. The increasing prevalence of viruses that exploit the loophole has increased awareness of the problem, but buffer overflows remain an all-too-real threat. Finding them is something of a hobby for bug watchers.
Trying to fix the problem by issuing patches has been like plugging a leaking dike with your fingers. NX is Microsoft’s first attempt to go on the virus prevention offensive by fundamentally altering system design to stop buffer overruns the nanosecond they happen.
The idea is that CPUs will automatically check system memory for leaks that could result in buffer overflows. If such a leak is detected, the chip raises a flag, Windows identifies the offending application — which quite often is a virus — and stops it before it can do any damage.
Tapping into the bug has been honed to a fine art by hackers. Viruses feed an application a special combination of legitimate data — which fills the buffer — and malicious code that extends past the boundary of the buffer into another part of memory.
Another application, or the operating system itself, thinks the implanted code is a legitimate application and runs it — damaging files, opening up the system to remote control, or otherwise compromising its integrity. In this way, malicious code can be implanted on a system while circumventing any controls that would normally be in place.
In the past, almost all of a system’s memory has been available to applications, with few restrictions. An NX-capable processor, however, works with Windows to keep a better eye on the status of system memory. Checkbits indicate whether each part of that memory has been allocated as executable — which means it’s allowed to run applications — or non-executable, which means it’s not.
NX marks all memory non-executable by default — when Windows runs an application, it instructs the processor to drop the flag protecting that area of memory. If an application attempts to write into a part of memory that hasn’t been explicitly authorised, the processor detects the activity and raises a flag. This event is passed to the operating system, which immediately stops the offending application and raises an error message to tell the user what’s happened.
This capability within Windows XP is called Data Execution Prevention (DEP). It’s added to both 32-bit and 64-bit versions of Windows as part of the Windows XP SP2, but is only activated on systems with the NX capability built into them.
The only catch in this marketing dream is that NX doesn’t just respond to viruses. It will also be triggered by poorly written applications or drivers that allow buffer overflows as a result of poor data handling. Such applications remain horribly common, particularly in high-pressure environments where inadequate testing or developer training has allowed potential problems to slip through.
The odds are that the system you’re running now has buffer overruns happening every day, but your system is none the wiser. If your system had NX, however, it would be popping up flags every few minutes. Inadvertent design flaws that might not normally cause problems will now cause an otherwise legitimate application to stop dead in its tracks.
Microsoft faces a catch-22: by tightening buffer overflow security, it risks introducing application incompatibilities that could become show-stoppers if important applications are brought to a standstill.
Microsoft has moved early to address this issue, working with developers to educate them about how NX works and the increased need to ensure buffer overflows are totally eliminated from all application code.
Danny Beck, senior product manager for Windows with Microsoft Australia, concedes that the introduction of NX could potentially cause interruptions for home and business users alike, but hopes the benefits will justify any inconveniences in the long run. “We need to work closely with the developer community to make sure they’re writing correct code. It’s difficult, but it really boils down to constant education of the market,” Beck says.
Until that education is complete — and key applications are checked and double-checked to eliminate buffer overruns — 32-bit apps may simply be too dangerous for chipmakers to introduce NX support.
With these dangers in mind, Microsoft has engineered a somewhat worrying compromise into XP Service Pack 2, expected this month: users can disable the DEP feature if they want — either completely, or by specifying a list of applications that shouldn’t be checked.
This could easily result in many people inadvertently switching NX protection off. Hackers could also modify the system registry, where the DEP feature is managed, to turn it off without the user even knowing.
In the future, users may not have a choice. As virus attacks continue to proliferate, pressure will undoubtedly increase on chipmakers to enable the feature by default. Virus blocking features such as NX could become a major selling point for CPUs alongside factors like clock speed and cache size.
Best wishes - means money , girl & Health . nothing else ma'er - :) </span>