What is NX? What is XD?


Home Products
Bargain Computers, Bargain PCs, Computer Sales, Computer Clearance

   

 

 

      


NX= No Execute / XD = Execute Disabled

 


A neat solution to buffer overflows?

NX or No eXecute (the abbreviation doesn't make sense to us either) is a hardware solution to buffer overflows. It's an AMD innovation - with others launching their own versions - that was first introduced with the Hammer range of processors. The other main CPU manufacturer, Intel, also thinks it's a good idea, but calls it XD; other manufacturers like Transmeta are getting in on the act too. Microsoft introduced support for it (yes, the software boys need to be on board) from SP2 (Service Pack 2) of the XP operating system and SP1 of Windows Server 2003. The core (pun intended) function of the technology is to make a distinction within the processor of areas where code is stored for processing and areas where data is stored for er, storing. Pretty elementary? Why didn't someone think of it before?

What is a buffer overflow?

A programming bug (vastly different to viruses; almost all programs have bugs) can cause a condition where data is written beyond the allocated end of a memory buffer. When this happens a computer can be made to execute an arbitary - non pre-approved - code/program. While this is often harmless it is an exploit that a programmer can use to run a program in the background that the user is not aware of. How is this done? When you run a program it is understood that you have accepted that program on your system and it has certain privileges i.e. the program is allowed to "control" certain parts of your system. When a sub routine of the program is complete "control" passes to an area outside of the buffer which may have no executable program on it - in which case the PC returns an errors. If, however, there is some code in that "outside area" it will get executed.

Why do you need to protect against buffer overflows?

A programmer can leave malicious code in that area outside the buffer. And that code will execute with the privileges the valid program has been granted on your system. This is obviously a security risk and something any cautious user would want to avoid. The malicious code can be any manner of program from a virus to spyware to adware ...and with varying levels of damage potential.

What's a heap overflow?

Heap overflows are similar to buffer overflows. In fact, they're a kind of buffer overflow. Hackers are particularly fond of the heap overflow as it allows them to supply a valid application with data that is too large and  causes all manner of potential problems.

How long has this nonsense been going on?

For longer than anyone cares to remember. The first instance was in 1988 and involved the Morris worm. Since then there've been more worms that your average wormery could shake a stick at.

Isn't anti-virus software enough protection?

Bless. Anti-virus software is very limited in what it can do. It detects for malicious programs that have access to privileges. In the case of a buffer overflow it is a valid program that is handing privileges over to a malicious program, and a regularly updated anti-virus package will probably keep you safe but it's by no means guaranteed. As new threats emerge anti-virus software manufacturers rush to bring out updates which users must rush to apply. But even a diligent user can get trapped between the release of a new threat and the subsequent update that contains it.

Are you really saying nobody's thought of a solution till now?

Actually, they have. But the solutions were restricted to hardware that you and I generally don't get to play on  - the Sun SPARC and Alpha ranges, for example. Hard core, big enterprise, fat wallet gear. It wasn't called NX though. It took the company who came up with "Athlon", "Sempron" and "Geode" to christen it so. And that name has stuck. Except that Intel don't like playing follow the leader and their PR people suggested a different name for exactly the same technology. Then they suffered a sudden attack of LOO (Lack of Originality - our own term) and couldn't think up a new er, paradigm. So they borrowed an idea from AMD and named the baby XD after eXecute Disabled. (Ahem, what's wrong with ED? - ed)

The NX bit refers to bit 63 out of 64 which is the last bit (yeah, the counting starts at "0") in the paging table entry of the x86 series of processors. This bit can be set to a "0" to allow code execution or a "1" to signify data storage. 

Software manufacturers also had the idea of an implementation where the operating system provided such a function i.e. the OS emulated what later came to be called NX/XD. Linux, Open BSD etc had such emulation on certain processors and didn't always need a hardware solution in the processor itself. Windows, on the other hand, has no emulation and the versions of Windows that support this technology - XP with SP2 and Server 2003 with SP1 - will only be NX or XD if they are running on processors that support this feature.

So which processors do support this feature?

As of March 2005 they are

AMD64 (some AMD processors)

IA-64 (Intel server processors)

Efficeon (Transmeta processors)

EM64T (some Intel processors)

Yes, most modern Intel and AMD processors. Simply look for the "NX" or the "XD" in the description of the CPU.

So I don't need to worry about worms/viruses anymore?

Sadly, you do. NX isn't a solution, it just makes it more difficult for a worm to cause you trouble. Worm creators have to be more original to infect your PC. They are rising to the challenge and worms, viruses, adware and malware continue to represent a grave threat to the internet using community. 

 

Other links:

User article on SP2 and NX

ZDNet Article

 

 

 
 

 

  © Content on this site copyright Best Price Computers Ltd 1996-2011 - Make Money Online

 Site last updated: June 2010