Instead, the operating system will display a notice to the user that the vulnerable program is being terminated BEFORE any of the hacker's code has the chance to run. But if the operating system has marked that Internet communications buffer region of memory as only being valid for containing data and NOT code, the hacker's attack will never get started. This tricks the computer into executing the hacker's supplied data (which is actually code) contained within that buffer. Hackers locate obscure software vulnerabilities which allow them to “overrun” the buffers with their own data. because so-called “Buffer Overrun” attacks are the predominant way Internet-connected computers have historically been remotely hacked and compromised. Why would data or communications buffers ever contain executable code? . . . This protects the system's “heaps”, “stacks”, data and communications buffers from inadvertently running any executable code they might contain. When hardware DEP support is active, an XD/NX-aware operating system running on an XD/NX-capable and enabled processor will mark all memory regions not explicitly containing executable code as non-executable.
It does no one any good unless it's turned on.
Unfortunately, however, in every case, hardware DEP support is disabled for all or most of the system's software by default. Support for hardware DEP was introduced into the 32-bit versions of Windows XP with Service Pack 2, into Windows 2003 Server with Service Pack 1, and has always been present in Windows Vista. So when Microsoft introduced support for this into their operating systems, they termed it Hardware DEP for Data Execution Prevention.
Intel calls this capability in their newer processors XD for “e Xecute Disable” and AMD refers to it as NX for “ No e Xecute.” AMD's marketing materials also sometimes refer to this capability by the annoying marketing term EVP for Enhanced Virus Protection.Īs a hardware capability of modern processors this addition is important, but its use depends entirely upon support from the operating system. This means that the memory can be used to store reference data to be read and written, but that the processor cannot treat the contents of the memory as program code to be directly executed. Modern processor hardware can be instructed to designate regions of memory as non-executable.
0 kommentar(er)
