Cameras
Camcorders
Cell Phones
Components
Desktops
HDTV
Home Theater
GPS
Laptops
Monitors
MP3 Players
Networking &
Printers
Storage
Advanced Micro Devices' Opteron and Athlon 64 processors can detect a commonly used attack against PCs connected to the Internet and render it harmless by blocking malicious code from executing, AMD officials say.
Known as Execution Protection, the feature detects an attacker's attempt to overflow a buffer--a temporary holding place for data in a processor--with more data than that buffer can hold. This results in data leaking to other buffers on a microprocessor or the corruption of any data within that buffer.
Execution Protection will prevent the code that caused the buffer overflow from being written into memory, blocking any further access to that PC, says John Crank, Athlon 64 product manager. The feature is already inside AMD's 64-bit Athlon 64 and Opteron chips, and it will be enabled when Microsoft releases Windows XP Pack 2 in the second quarter, he says.
The feature now works with any Linux PC or server with AMD's 64-bit chips, Crank adds.
How It Works
Like almost all processors, AMD's chips detect buffer overflows and trigger an overflow exception that crashes an application or operating system, Crank says. But AMD's chips take the additional step of designating any code that enters the processor after the overflow exception is triggered as nonexecutable, he says. Otherwise, if the overflow exception was caused by a malicious attack, rather than a programming error, the new code can open the way for the attacker to place software programs known as Trojan horses inside the PC. Activating a Trojan horse program can give that attacker control of the PC.
AMD's technology is new, as far as the x86 chip world is concerned, says Dean McCarron, principal analyst with Mercury Research. The x86 instruction set runs most of Intel's and AMD's processors.
Older microprocessors such as the venerable Alpha chip used a form of this technology, but it was designed to protect more specific hardware exploits rather than the general buffer overflow technique used against today's PCs and servers, AMD's Crank says. AMD had avoided discussing the technology until Microsoft was ready to give more guidance about when Service Pack 2 would be released, he adds.
Intel Eyeing Technique
Intel uses a variation of the technology in its Itanium processors for high-end servers, says George Alfs, an Intel spokesperson. The company is currently evaluating the technology for mainstream processors, and wants to make sure it is fully tested before releasing the technology, he says. Intel declines to provide a time frame for its release.
Buffer overflows made possible some of the most damaging worms and viruses of the last year, including Slammer and Blaster. Microsoft has since issued patches to correct the flaws that allowed those attacks to occur.
AMD's technology does not prevent all viruses or worms from damaging a user's PC, just ones based on buffer overflow vulnerabilities, Crank says.
