- TalkBack 35 of 35:
- « Previous
- Thread View
- Flat View
- Another full-of-**** article that conveys wrong information
-
This is not an antivirus technology, and it doesn't prevent buffer overflows.
It's interesting that this one actually notes-- although in a choppy and confusing manner-- that stuff in an overflow can't be executed if NX is used right.
1) Does not prevent buffer overflows
2) Is not an anti-virus technology (it actually is much more significant)
Also, here's an IMPORTANT point:
"Around 50 percent of the Windows security updates from Microsoft in the last two years may have been rendered unnecessary if the technology existed then, according to an analysis by AMD and Microsoft."
This is FLAT WRONG, and I'll tell you why.
The execution flow of the program in a code injection attack will be altered by the changed return pointer on the stack. This means that the program now 'thinks' it has to jump to that code.
Now, the stack is not executable, so the program jumps there, and the CPU refuses to execute code. There is nothing dictating where that thread of that program should go. One of two things happens:
A) The thread catches the termination signal the OS sends, and dies
B) The program (main thread or child thread, either way) catches the signal sent and terminates the program, either by terminating the main thread (implicite end program) or explicitely calling exit().
Imagine you supply hosting, and your web server suddenly gets attacked. It goes down. How much does this cost you to bring back up? How much does it cost when some 12 year old downloads a little program that repetedly does this, denying service to everyone? What if RPC (a core windows service that the OS needs to have running to do certain things) goes down, rendering the system useles until a reboot?
As you can see, this is just a reduction in severity -- in most cases, anyway. It will protect your confidential information, but it won't prevent attacks from doing damage. You can't even claim that Linux can do this with PaX.
Check these wikipedia articles for more detailed information on the subjet:
http://en.wikipedia.org/wiki/NX
http://en.wikipedia.org/wiki/PaX
http://en.wikipedia.org/wiki/Buffer_overflow
http://en.wikipedia.org/wiki/ProPolice
Notice that NX and PaX don't claim to prevent buffer overflows, but ProPolice does. Either way, the program is killed for a violation of policy. - Posted by: bluefoxicy Posted on: 07/17/04 You are currently: a Guest | Members login | Terms of Use
What do you think?
SponsoredWhite Papers, Webcasts, and Downloads
- Busting the myths about QuickBooks Enterprise Solutions and IBM Smart Business IBM So you already know there aren't actually any alligators in the New York ... Download Now
- Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now
- The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- New Online Dashboard for IT Leaders
-
Read about top issues IT decision-makers face every day, plus get cost-effective solutions to real-life IT problems.
- Learn more >>
- Learn more about tools to grow your business
-
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
- Save time with the UPS Business Essentials Guide
- Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
-
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
- Learn more about the free, six-month trial offer >>
Popular Sanity Saver Videos
