Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Holland Bans AMD's 'Virus Protection' Campaign

timothy posted more than 9 years ago | from the puffery-is-strictly-for-cafes dept.

AMD 330

Hack Jandy writes "For those of you who didn't see this coming, AMD's Advanced Virus Protection campaign has been banned in Holland since the technology does (almost) nothing to stop viruses! If you recall, AMD's NX bit attempts to stop the processor from executing pages on the stack that have been written to. Does NX even solve more problems than it causes?"

Sorry! There are no comments related to the filter you selected.

How do you explain it to Joe Sixpack? (5, Informative)

LostCluster (625375) | more than 9 years ago | (#11206732)

What the "NX bit" actually does is a pretty nice thing for preventing buffer overflows... if a segment of memory is marked for data use and then the code execution point somehow arrives there, you get a crash-out instead of the execution of arbitrary code.

Of course, AMD's problem is finding a way to try to communicate that concept to the average user. Joe Sixpack doesn't even know what buffer overflow problem is, so they don't understand why they need a solution to that problem. AMD is trying to use the concept of "virus prevention" instead, but apparently they've gone too far in implying that the NX bit eliminates the need for conventional anti-virus methods, which it most certainly does not.

This is an extra set of suspenders, not a new belt.

Re:How do you explain it to Joe Sixpack? (4, Informative)

karniv0re (746499) | more than 9 years ago | (#11206787)

This is akin to OpenBSD's W^X, which specifies that memory can be either Writable or eXecutable but never both. Wikipedia has a good stub on it, [wikipedia.org] as well as a nice article on the NX bit [wikipedia.org] .

Re:How do you explain it to Joe Sixpack? (1, Interesting)

gutterandthestars (782754) | more than 9 years ago | (#11206885)

Has W^X been implemented in any other BSD, like MacOS X? How about any other operating systems?

Re:How do you explain it to Joe Sixpack? (0)

Anonymous Coward | more than 9 years ago | (#11206914)

This is akin to OpenBSD's W^X, which specifies that memory can be either Writable or eXecutable but never both.

Never? How does one implement a JIT-compiling bytecode engine on such a system?

Re:How do you explain it to Joe Sixpack? (4, Informative)

tepples (727027) | more than 9 years ago | (#11207053)

Apparently, code loaders such as DLL loaders and JITs have to explicitly go through a syscall to copy from writable memory to executable memory.

Re:How do you explain it to Joe Sixpack? (4, Interesting)

Anonymous Coward | more than 9 years ago | (#11207133)

Okay. Does this carry computational costs? I.e. is it a true copy or does it just do some trickery with VM pages? If the former, does the cost of stopping everything, blowing out the cache, etc to duplicate the written executable code become significant?

Self-modifying code? (1)

Daverd (641119) | more than 9 years ago | (#11207009)

What about self -modifying code [wikipedia.org] ?

Re:Self-modifying code? (4, Informative)

VertigoAce (257771) | more than 9 years ago | (#11207080)

This is the kind of thing that NX breaks. One notable situation is that Java, .NET, and anything else that dynamically generates code will break if not properly coded. My understanding is that you have to specifically request that a data page be executable. In an OS that uses the NX bit normal data pages will be marked as not executable. I recall seeing something from Microsoft telling developers how to fix their software so this wouldn't be an issue when they updated the OS to use the NX bit (XP SP2, I believe).

Re:How do you explain it to Joe Sixpack? (1)

blair1q (305137) | more than 9 years ago | (#11206788)

Memory management systems have been available for decades that prevent execution from data space or writing to code space.

What has AMD actually done that's new and valuable?

Re:How do you explain it to Joe Sixpack? (0, Redundant)

devilspgd (652955) | more than 9 years ago | (#11206988)

Added support to the x86 platform.

Re:How do you explain it to Joe Sixpack? (1)

kngthdn (820601) | more than 9 years ago | (#11206792)

How do you explain it to Joe Sixpack?

There's a pretty good explanation over at Wikipedia [wikipedia.org] , too.

Re:How do you explain it to Joe Sixpack? (4, Insightful)

jrockway (229604) | more than 9 years ago | (#11206796)

NX doesn't fix anything.

If I'm overflowing a stack buffer, I'll just write the address of system() over EIP and the address of a string I control after that. Then when the function returns, it will execute system("/whatever/program/i/want").

Maybe not quite as convenient as shellcode for crackers, but virus writers will adapt and NX will mean nothing.

Its only part of the solution. (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11206862)

Good luck writing the address of system() when that address is different every time the program runs. No one thing is a silver bullet, you use a complete solution like openbsd.

Re:Its only part of the solution. (4, Insightful)

jrockway (229604) | more than 9 years ago | (#11206959)

There are ways around that. The true solution to the problem is to not overflow your buffers!

Re:How do you explain it to Joe Sixpack? (4, Insightful)

lintux (125434) | more than 9 years ago | (#11206805)

Let's just say it's impossible to market something like this. In their ad they said something like "AMD processors are the only processors which actively stop/prevent viruses". Surely that's not something a CPU can do at all anyway.

And since this is only a minor improvement (if an improvement at all) in the Athlon64 I wonder why they didn't think of something else to use to promote the CPU... Surely saying that the thing is 64-bit must impress some Joe Sixpacks.

Re:How do you explain it to Joe Sixpack? (4, Insightful)

0racle (667029) | more than 9 years ago | (#11206854)

"What does 64bit mean? Obviously 32 is working for me, why do I need this. Now virus protection, that I need."

Thats why. They don't have to explain what being a 64bit processor means and why they need it, because most people don't, but everyone need virus protection and for the most part they already know that.

I have yet to see a good reason why I should get an A64, beyond the 'dude holy shit its faster then last months model.'

Re:How do you explain it to Joe Sixpack? (0)

Anonymous Coward | more than 9 years ago | (#11206889)

One reason is because it finally gives developers some actual registers to work with, but if you really wanted that you'd go PPC anyway...

Re:How do you explain it to Joe Sixpack? (0)

Anonymous Coward | more than 9 years ago | (#11206908)

Idiot. An end user won't buy a particular processor just to make a developer's job easier.

Re:How do you explain it to Joe Sixpack? (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11206815)

What the "NX bit" actually does is a pretty nice thing for preventing buffer overflows.

I have to call you on this one. It's only a "pretty nice thing" in theory, since the option has to be enabled during the compilation of the binary. In Windows (even XPsp2), this is only enabled for certain MS-created services that listen on ports. It has to run in PAE mode. Not every application is protected. Significantly, the user-space apps are not protected. You have to specify /PAE option, despite what MS says [microsoft.com] .

So, moderators. How does the original post deserve such a high ranking? It's factually incorrect on a few points, and just makes general statements about "safety is good". The trend appears to be that early posters get points, and everyone else carps and trolls. What a shit hole slashdot has become. (I can recall when a 90-post story was big news, and most of the posts were useful... but don't get me started.)

Re:How do you explain it to Joe Sixpack? (1)

floodo1 (246910) | more than 9 years ago | (#11207114)

while i cant say i remember so far back what i can say is that you're right, even as of the past couple of years.

seems that there are SOo many WRONG posts that get modded 5 and then a BUNCH of followups explaining how the main 5 is just wrong :(

im growing tired of having to sift through 100+ +4s or +5s to find the 17 really good ones ;)

Re:How do you explain it to Joe Sixpack? (0)

Anonymous Coward | more than 9 years ago | (#11207121)

I can recall when a 90-post story was big news, and most of the posts were useful.

yet you still didn't bother setting up an account you lazy AC!!! :)

Re:How do you explain it to Joe Sixpack? (0)

Anonymous Coward | more than 9 years ago | (#11206843)

you dont because joe sixpack doesnt give a fuck.

joe sixpack is not the target of anything tech related.
that is the store's job

joe is a sheep, you tell him what to do. he does it

Re:How do you explain it to Joe Sixpack? (2, Insightful)

secretsquirel (805445) | more than 9 years ago | (#11206999)

joe is a sheep, you tell him what to do. he does it

Excatly. You explain to joe sixpack that he (scare him into thinking that he) needs this or he will get hacked and have his identity stollen or something, and that NX turbo supersheild max-blaster technology is the only way that he can stop it and then joe says "oh shit!" and goes and buys them for his whole family.

It's called advertising, and IT WORKS!

Re:How do you explain it to Joe Sixpack? (0)

Anonymous Coward | more than 9 years ago | (#11206870)

Well... This is Joe and he has a Sixpack (beer that is, Joe doesn't workout that much). Now Joe has been quietly drinking his Sixpack and no matter how many beers Joe has he doesn't suffer any "buffer" overflows. This means that Joe with is special "NX bit" in place will not spew, piss, or shit his pants as long as he remembers to take his "NX bit". There still is the problem of Joe losing conscience and "crashing", but his dignity will be still intact.

Virus/worm distinction is growing less important (2, Insightful)

ikewillis (586793) | more than 9 years ago | (#11206987)

Viruses are now including multiple attack vectors, and often times some of these require human intervention while some don't. As viruses grow increasingly multiparadigm and begin exhibiting both the properties of the canonical virus (requiring human intervention) and worm (spreading without human intervention) the semantic distinction grows less important.

This is a distinction which Joe Sixpack has a terrible time grasping. Telling someone "Your computer's got worms!" is less likely to be comprehend than "Your computer has a virus", further complicating the difficulty of explaining to Joe Sixpack that hardware buffer overflow protection could save him from the next Windows worm...

Re:How do you explain it to Joe Sixpack? (2, Insightful)

Anonymous Coward | more than 9 years ago | (#11207005)

First off all buffer overflow problem wxist only in software that has a bug. The thruth is that there probably isn't any large program out there that doesn't suffer from this. When you have a huge chunk of code you tend to over look things plus the software gets extremely hard to maintain from a security stand point, hens buffer overflows appear. What AMD supposedly invented is the same thing that VMS machines have had for ages now (or should I say used to when VMS was still kicking). As some people have already pointed out there are several software implementations of the *NX* feaure with OpenBSD being the most notable one. So in essence *NX* is not that inovative and most deffinitelly not that nessecary. With the current processing power of any CPU I hardly doubt it that you will even notice a difference if Windows were to finally decise to include a software solution rather than using the hadware one provided by AMD.
The reason why *NX* does not work at all in the virus prevention is because there is not a single new virus out there that uses a buffer overflow. Buffer overflows are fixed very fast once they are discovered and the only people that use them to compromise systems are crackers. However, with the swiss cheese that windows is you harly need a buffer overflow exploit to compromise the system ... SO yeah it was a good thing that AMD included the feature but they should have probably asked themselves why noone else did when it is so easy ... Kind of like nvidia and their soundstorm solution ... technology is great but only when it's actually needed.

NX protection inadequate? (0)

Anonymous Coward | more than 9 years ago | (#11206736)

I guess what it comes down to is whether the old people that run Holland want digital signatures.

buffer overflows (0, Redundant)

wotevah (620758) | more than 9 years ago | (#11206738)

It helps deal with buffer overflows which is a way to deal with some malware exploiting them.

good. (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11206739)

I'm sick of misleading bullshit. As anyone whose ever written a compiler (or good forbid, a virus) knows, NX is overated. Exploits rarely execute from the Stack but rather the printer buffer. NX doesn't protect this yet, but I suppose its a step in the right direrction.

Re:good. (1, Funny)

Anonymous Coward | more than 9 years ago | (#11206754)

Exploits rarely execute from the Stack but rather the printer buffer.

Great! so I'm safe, as I have no printer connected to this computer! all those silly antivirus customers ...

You are full of shit. (0)

Anonymous Coward | more than 9 years ago | (#11206758)

NX by itself does nothing. An OS can use NX to impliment something half-assed like you are talking about (windows), or it can do it correctly, like openbsd, and at least one patch for linux. NX is great, windows is overated.

Is Holland a Country? (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11206744)

Oooo...ooooo...Holland bans the advertising...wow, I'll bet that AMD is shaking in its little wooden shoes!!!

Re:Is Holland a Country? (0, Flamebait)

glassjaw rocks (793596) | more than 9 years ago | (#11206771)

Yeah, I doubt AMD has anything to worry about. Personally, I'm not worried about viruses, I keep my windows updated, and I don't download stupid shit. (And when I do, I scan it.)

Re:Is Holland a Country? (0)

Anonymous Coward | more than 9 years ago | (#11206798)

You do understand what a buffer overflow is right?

Allow me to explain in words he can relate to... (0)

Anonymous Coward | more than 9 years ago | (#11206834)

A buffer overflow is similar to getting raped by a member of the GNAA. Somebody is trying to put something where there is not enough room to hold it. In the case of computers, there is not enough memory to hold the information. The information is written to memory outside of the space allocated for the particular program. In the case of Gay Niggers, your virgin ass can not hope to contain the glory that is the ten inch Gay Nigger Dong. So your asshole explodes in a rush of blood and shit...aw yeah...what was I talking about again?

Re:Is Holland a Country? (0)

Anonymous Coward | more than 9 years ago | (#11206838)

Scan it for what, the evil bit? Given that the technology is designed to help stop buffer overflows, it has little to do with virus scans.

Eh, whatever. (4, Insightful)

TWX (665546) | more than 9 years ago | (#11206749)

I don't understand really why AMD felt a need to make an ad campaign over the technology anyway. Most uses for this technology are buffer overflow preventions, which are almost exclusively server technology. Admittedly, it is possible for any program that makes a remote connection to accept data or idles waiting for data to possibly be vulnerable, but for a userland machine this would be mostly messaging programs and p2p programs.

I think it would have made sense to put it as a nice side feature so that geeks see the technology and how it prevents buffer overflows, but they probably already know about it.

Re:Eh, whatever. (2, Informative)

Tanktalus (794810) | more than 9 years ago | (#11206763)

Servers, P2P programs, messaging programs, ... email (Outlook?), web browser (IE? Even Firefox had one not too long ago, didn't it?), or pretty much any software that reads data from an untrusted source.

By the way - that includes things like word processors. A malicious attacker overflowing the buffer of Word via some viral Word doc spread via email - NX bit can help here, too. By "untrusted source" - that means pretty much any program.

Re:Eh, whatever. (4, Funny)

geekoid (135745) | more than 9 years ago | (#11206825)

"untrusted source"

Fluffy bunny code is untrusted, continue to install?
No.
You won't be able to see the fluffy bunnies if you don't install. Continue install?
No.
You don't want to not install?
No.
Installing Fluffy Bunny.
HULK SMASH!

Re:Eh, whatever. (1)

Aeiri (713218) | more than 9 years ago | (#11207034)

You don't want to not install?
No.
Installing Fluffy Bunny.


Not wanting to not install is not wanting it to stop, thus continuing, and saying no to continuing is stopping (did that make any sense?). Basically, that's a triple negative, thus making it negative again. So it shouldn't install Fluffy Bunny.

Although I have no idea why you WOULDN'T want to install Fluffy Bunny, since it is so Fluffy and it's a cute little bunnie wabbit. You can install it now off cutelittlebunniewabbit.com for only 100 easy payments of $19.95. Order now and receive the noodle twister, absolutely free with $20 rebate off of 6 times the amount of the current year minus 2. Supplies are limited, so act now!

Re:Eh, whatever. (2, Funny)

secretsquirel (805445) | more than 9 years ago | (#11207079)

Fluffy bunny code is untrusted, continue to install (y/n)?

y #awww bunnies

Installing Fluffy Bunny

error: permission denied

error: could not write file /sbin/******* # hmmm thats weird, maybe fluffy is a bad bunny

Fluffy bunny instalation failed, please retry as root

Not just for servers (4, Informative)

gad_zuki! (70830) | more than 9 years ago | (#11206780)

Windows XP uses NX now as of SP2. Its part of its Data Execution Protection scheme. DEP can run without an AMD too. Its on by default for windows system files.

Buffer overflow exploits arent just for servers either, the RPC/DCOM exploit was one. So was the previous big worm, err blaster? I don't quite remember.

This is tech for the desktop, really. Modern computers run a slew of services.

Re:Eh, whatever. (1)

TheDetrino (835951) | more than 9 years ago | (#11206790)

Most uses for this technology are buffer overflow preventions, which are almost exclusively server technology.

I guess you have never put a windows machine on the 'net for 5 minutes to download patches, only to find that the machine has already been comprimised.

Re:Eh, whatever. (0)

Anonymous Coward | more than 9 years ago | (#11206896)

Advanced Micro Devices don't need Virus Protection anyway.

Good thing everything is submitted by a tard. (1)

Anonymous Coward | more than 9 years ago | (#11206752)

NX doesn't cause any problems asshat, it is something that real CPUs have had for years, that allows an OS to make sure no pages of memory are both writable and executable, helping prevent exploit code from working.

Re:Good thing everything is submitted by a tard. (0)

Anonymous Coward | more than 9 years ago | (#11206902)

NX does cause problems with some programs, such as VMs.

Idiot.

Does it rely... (5, Funny)

nathan s (719490) | more than 9 years ago | (#11206770)

Does this NX thing rely on the evil bit? If so, no wonder it doesn't work! *duck*

Re:Does it rely... (4, Informative)

CoolGopher (142933) | more than 9 years ago | (#11206845)

For those of you who don't remember the evil bit, it's RFC 3514 [faqs.org] .

Re:Does it rely... (2, Informative)

ip_fired (730445) | more than 9 years ago | (#11206952)

That is hilarious. An RFC telling crackers to make sure to set the "evil" bit when they are attacking so that secure systems can protect themselves from it. That's a great april fools joke.

Displaced IT workers: outsourcing is YOUR fault. (1)

master_meio (834537) | more than 9 years ago | (#11206868)

Market forces are separating the wheat from the chaff. Guess what group you fall in? You aren't entitled to a white-collar job and some specific standard-of-living just because you've taken a few programming classes at some junior college. Or god-forbid, a technical school like heald or ITT-tech-- which is little more than a daycare for students with little-potential.

Re:Does it rely... (0)

Anonymous Coward | more than 9 years ago | (#11207106)

if NX relied on the the 'evil bit' being set, then it would never run a Microsoft OS . . . cause it doesn't get more evil than that.

Holland or the Netherlands? (-1, Redundant)

Jeff DeMaagd (2015) | more than 9 years ago | (#11206773)

The X-bit Holland is a sub-region of Netherlands. Maybe it really doesn't matter all that much to me, but there is a difference, and some people get picky about what their country is called.

Re:Holland or the Netherlands? (1, Redundant)

Jeff DeMaagd (2015) | more than 9 years ago | (#11206783)

Oops, I wasn't finished...

The X-bit article body says Netherlands, but the title says Holland. Holland is a sub-region of Netherlands. Maybe it really doesn't matter all that much to me, but there is a difference, and some people get picky about what their country is called, and this is a common mistake for Americans to make.

Re:Holland or the Netherlands? (2, Insightful)

Clay Pigeon -TPF-VS- (624050) | more than 9 years ago | (#11206821)

Holland, Zeeland, and Friesland(sp?) make up the Netherlands iirc.

Re:Holland or the Netherlands? (1)

darkpixel2k (623900) | more than 9 years ago | (#11206842)

My father is from the Netherlands and he always told me that 'Holland' was the name of one of several colonies in the area that eventually became the Netherlands.

Re:Holland or the Netherlands? (3, Informative)

choas (102419) | more than 9 years ago | (#11206871)

Noord-Holland, Zuid-Holland, Zeeland,
Friesland, Groningen, Brabant, Limburg,
Drente, Overijssel, Gelderland, Utrecht
and Flevoland. ... To be exact.

Re:Holland or the Netherlands? (1)

liangzai (837960) | more than 9 years ago | (#11206822)

For the rest of the world Holland and The Netherlands are exactly equivalent.

Re:Holland or the Netherlands? (1)

dosius (230542) | more than 9 years ago | (#11206867)

I actually believe that the word for "Netherlands" in Japanese is "Oranda", which would be some sort of a borrowing of "Holland". So it's not just us American lamers that fail to make the distinction.

Moll.

Re:Holland or the Netherlands? (2, Informative)

Anonymous Coward | more than 9 years ago | (#11206826)

The people behind X-bit Labs are Russian and Estonian, but don't let that stop you from taking a shot at Americans.

Re:Holland or the Netherlands? (2, Funny)

gibson042 (844355) | more than 9 years ago | (#11206978)

When you say "Americans," do you mean to include Canadians, Mexicans, Brazilians, Cubans, and Jamaicans, or were you just referring to US citizens?

I thought NX was... (1)

Thaidog (235587) | more than 9 years ago | (#11206784)

Hardware for preemptive multitasking... built in to the chip and not just software... not really having anything to do with viruses but more about buggy code. I must be thinking about something else...

Re:I thought NX was... (1)

imroy (755) | more than 9 years ago | (#11207008)

It has nothing to do with multitasking or the scheduler. It's another bit/flag in the page table, telling the MMU don't execute this page of memory. It's not so much to protect against viruses/virii, but buffer overflow attacks by worms and script kiddies. But the media doesn't distinguish between viruses/virii, trojans, and worms, and most attacks now use a combination of forms anyway.

What is a "virus" to most people (4, Insightful)

IBitOBear (410965) | more than 9 years ago | (#11206793)

Given that, in common parlance, most people don't know the differences between the various exploits "virus" is as good a word as any.

And if the NX bit were used for more than the stack, then it could protect against a lot of (non-trojan) viral activity too.

Lets face it most viruses today aren't even viruses. They are trojans, worms, and human-engeneering exploits. How often do you see an actual virus? You know a program that writes its code into another program. It's actually getting kind of rare. Now days it is whole applications delivering themselves to your computer through email and exploiting the existing code of crap like IE and Outlook by just telling those programs to run the evil code. Most exploits today are applets and packages.

All But Gone are the days of rewritten exe headers wiht appended code fragments, and programs appending themselves to other programs in memory.

Quite frankly if all the non-code memory regions in my computer were non-execute down to the very last GDI region and printer buffer, the classic virus would be dead. The IE hacks and the trojans and the worms would still be here because certian stupid programs will do arbitrarily complex things at the behest of remote entities, but that isn't a virus. Thats bad design comming home to roost.

Re:What is a "virus" to most people (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#11206887)

Its a Hollywood movie [imdb.com]

Re:What is a "virus" to most people (1)

devilspgd (652955) | more than 9 years ago | (#11207066)

Quite frankly if all the non-code memory regions in my computer were non-execute down to the very last GDI region and printer buffer, the classic virus would be dead.

How do you figure? The classic virus modified EXEs on disk, but didn't need to modify executable code in memory.

Finally someone cracks down on stupid marketing (2, Informative)

Anonymous Coward | more than 9 years ago | (#11206799)

Reclame Code Commissie of the Netherlands, an organization that regulates advertising in the country, recently said some or all AMD EVP radio ads were "too absolute and as a result misleading"

Almost all CPU advertising is misleading, first of all because it has to paint with such a broad brush. The NX bit plays only a tiny role in virus prevention. The much-hyped Hyperthreading was only of questionable benefit and certainly not worth paying extra license costs for most people. Dual cores may be a mixed bag if I read my cards correctly. I can think of lots of examples... But, misleading advertising is allowed anyway.

Well, I guess this time someone got caught. I hope this trend continues. If I have to be subject to censorship rules, why shouldn't the marketing people at AMD?

Dutch people (-1, Troll)

Class Act Dynamo (802223) | more than 9 years ago | (#11206804)

My family is of Dutch descent, and one thing I have always observed is that they are, as a rule, against virus protection. I think it is some sort of cultural thing. It may be why so many of us have herpes...

Re:Dutch people (1)

the Howard Dean Camp (748694) | more than 9 years ago | (#11206886)

There are only two things I can't stand in this world. People who are intolerant of other people's cultures... and the Dutch.

The thing I really hate (0, Flamebait)

mrchaotica (681592) | more than 9 years ago | (#11207011)

Hey, I'm really sorry; I try not to let stuff like this get to me, but for this one I just can't resist. I have to say it:

Your sig sucks.

Re:Dutch people (0, Troll)

chawly (750383) | more than 9 years ago | (#11207103)

Cultural ..... if you like. Might want to define it like "The Dutch come from a very small country called Holland. In Holland there exists one very big company called Philips. Philips has a very well defined corporate point of view (I nearly said culture) regarding innovation which is not theirs" Don't you folks have a saying "What's good for General Motors is good for America"? Well in Holland that goes "if it even might be bad for Philips, then it's shit". As for herpes - I hear that, in America, they're not against it.

Re:Dutch people (0)

Anonymous Coward | more than 9 years ago | (#11207116)

I'm a big fan of self-correcting problems.

That said, can you guys start catching HIV and just get it over with?

Honest Answer (-1, Troll)

Anonymous Coward | more than 9 years ago | (#11206855)

"Does NX even solve more problems than it causes?"

Prediction : As soon as you get around to supporting NX in Linux (i.e. whenever you finish copying Microsoft like you did with the Start Menu, user switching, middle mouse button, etc.), we will suddenly hear on Slashdot about how "great" NX is.

Sad.

It already does. (0)

Anonymous Coward | more than 9 years ago | (#11206880)

Fedora has had support for a while. And really, it would be windows copying openbsd, which has had it much longer.

Uh (0)

Anonymous Coward | more than 9 years ago | (#11206986)

How would supporting an AMD chip feature be copying Microsoft? Wouldn't it be copying AMD?

Re:Honest Answer (1, Informative)

Anonymous Coward | more than 9 years ago | (#11207039)

Hmm, as far as I can tell Linux has no functionality where the "Start Menu", "User Switching", or the "middle mouse button" are concerned.

However, perhaps in your ignorance you meant "GNU/Linux", though really I think you just mean GNU or more generally opensource.

In which case here I am in Gnome2...Where is that Start Menu again?

User switching? Oh yeah, I disabled that in Windows because it was so annoying (I mean, you have to do the windows update every day to stay safe, then you have to find whoever logged in to make sure they shut their apps down, etc).

Middle mouse button? What useful feature does that have in Windows. At least I can paste with it in X, which is quite the timesaving feature.

"etc" - Does that include FUD?

The Golden Rule - "A Troll for a Troll"

Hum. (4, Interesting)

mcc (14761) | more than 9 years ago | (#11206899)

So my first reaction was that I'm not so sure about this one. There exist worms which use buffer overflows to propigate themselves. NX could potentially protect against such worms. Referring to a worm as a "virus" may not be strictly accurate but it isn't unreasonable, unless there's some quirk of the Dutch language at play I'm unaware of. If infection by Code Red, or any other buffer overflow based worm of the last few years which targeted end-users, could have been prevented by running a chip with NX functionality, then referring to this as "virus protection" may be a tiny bit silly, but not unreasonable. Certainly not deception on the same scale as the Pentium 4 "IT WILL MAKE THE INTERNETS MORE FUN" ads.

...then I actually RTFA.
Reclame Code Commissie of the Netherlands, an organization that regulates advertising in the country, recently said some or all AMD EVP radio ads were "too absolute and as a result misleading", according to Tweakers.net web-site. The regulators pointed out the fact that the technology needed Service Pack 2 to be installed on a PC running Microsoft Windows XP operating system and was able to protect only against a number of malicious programs.
So it appears that the complaint wasn't against the claim NX "protects against viruses", the complaint was that the advertisements did not make necessary disclaimers like "requires special operating system support". This seems definitely reasonable on the regulators' part.

This said, I have heard it claimed that NX technology is rediculously easy to circumvent. Specifically, I saw a long post by Linus Tourvalds somewhere in which he noted that NX provided protection against some classes of buffer overflow attacks, but not all, and then outlined various ways in which someone attempting a buffer overflow under Linux could potentially simply structure their buffer overflow so as to circumvent the protections NX offers. The post was very technical and I could not tell if the statements were general or just byproducts of the way Linux handles stack and such. Does WinXP suffer from these same problems with regard to the efficacy of an NX bit?

Re:Hum. (4, Informative)

Anonymous Coward | more than 9 years ago | (#11206958)

As has been said over and over by people who understand NX, it is simply one more arrow in the quiver, not a panacea to stop all viruses.

A well crafted buffer-overflow attack that overwrites the return instruction pointer on the stack to point to existing code elsewhere will not be caught by NX. NX catches *execution* of code
from non-allowed pages as pre-determined by the OS; but it does not block data writes.

Re:Hum. (1)

mcc (14761) | more than 9 years ago | (#11207071)

That makes sense, thank you for your response.

Re:Hum. (2, Interesting)

SiggyRadiation (628651) | more than 9 years ago | (#11207059)

Not only did they not warn that this only works in specific scenarios (eg. with SP2), but they also insinuated that by using an AMD processor the user would be totally free of virusses and needed to worry no more.

I'll try to sketch a radio-commercial:
Voice of teenage girl: "Hi, I'm susan. When I come home from school Í like to chat with my girlfriends for an hour or so. If that darn brother of mine isn't gaming or doing something silly on our computer.
***But thank god that I don't have to worry about virusses.***"
Voice of AMD-man that explains that the family enjoys their AMD-based computer with built-in virus-protection.

There indeed is no talk about "in addition to our processor you will still need a virus-scanner. And a supporting OS such as Windows-XP-SP2 and a firewall".

I always did find it misleading. Especially the idea that people might buy such a computer and never bother to install virus-scanners or a firewall (as it seems you need SP2 that has the firewall defaulted to on so that is actually only one step that can be forgotten, but I didn't know that at the time).

Siggy.

It does little for Windows (0, Troll)

Stephen Samuel (106962) | more than 9 years ago | (#11206910)

For Linux and BSD systems this is a major boon, because it helps protect users from programmers with sloppy programming practices.

With Windows, however, the problem is sloppy system design. the NX bit does little to protect users from an OS that is designed insecurely. That's not to say that MS doesn't also have it's share of programmers who make mistakes that allow buffer overflows, etc. -- but that problem just gets lost in the systemic noise.

Re:It does little for Windows (1)

chawly (750383) | more than 9 years ago | (#11207049)

The really question is "Where does Microsoft want to go today ?" I hope they don't think I care. I also hope that they themselves might come to know where they want to go - but they will stay out of my back pocket !

Re:It does little for Windows (1, Informative)

Anonymous Coward | more than 9 years ago | (#11207052)

Man, you really have no idea what you are talking about. In my practice (and it apparently not as limited as yours) linux software goes through a lot more stringent control than windows counter parts (say adobe or winamp or even the microsoft products). On the other hand if you look at the BSD front well buddy, OpenBSD is the only OS out there that can say that it has only 2 vulnerabilities found in it's over 5 year history. Plus it is light years ahead of the Windows kernel. It has encrypted virtual memory plus a whole bunch of other security goodies. I have yet to hear of a well mainained FreeBSD server that got hacked.

Oh yeah and if you knew anything about system design you would also know that buffer overflows increase rather than decrease as your software base grows (i.e. "problem just gets lost in the systemic noise" this must be the most dilusionate thing that I have heard in a long time). First of all there is no such thing as *systemic noise* and second of all the more stuff you install the higher the chance for a buffer overflow in your system because it has to integrate all the newlly added dlls and make sure that they play nice (in layman's terms).

For now, it creates more problems than it solves. (4, Informative)

Anonymous Coward | more than 9 years ago | (#11206968)

In a recent cluster installation, we noticed that any tool (IBM's RAID console and the PolyServe cluster files system managment console) involving Java aborted with SIGSEGV errors. This was a Redhat ES 3.0 u3 installation on IBM e336 (dual Xeon 3.06 GHz) systems. Run the tools, immediate BOOM!

Noting that the problem was the JRE blowing itself out of the water with SIGSEGV (and talking to friends that had installed the same OS and same software on different hardware) led me to do some more research. "strace" can indeed be your friend. It seems that AFAICT the NX feature was added to the Xeon processor versions (stepping) that were in our machines. There was no way to disable the feature in the BIOS. There is a little, er, confusion in the various documentation about the kernel's behavior, but "noexec=on" is the default as far as I can tell.

So, what (apparently) happened here?

[personal opinion] Intel, rushing to counter the AMD marketing blitz about the wonders of "no execute", put the feature into their newest Xeon CPUs, possibly before the BIOS functionality caught up. The Linux kernel's choice of defaulting the new feature to "on" (theoretically the best choice) unfortunately resulted in numerous "issues", particularly in applications (simulators, virtual machines, etc.) that commonly execute things within the stack segment. This is done all the time in this class of application. The software development community hadn't caught up to the new feature, either. It seems that there are linker attributes that can disable the behavior (still researching this). [/personal opinion]

If you Google for this issue you will find that virtually (pun intended) anyone that relies on a JRE on Linux (Oracle, IBM, etc.) was affected iff the hardware did the NX bit. Our solution was to download the latest JRE from a source on the Web (Sun in this case) and hope that we did not run into Java compatibility issues or that the JRE versions in the software packages were not bolted in.

We squeaked by with our solution, but it only cost about a whole day figuring it out. Time is cheap. Technical problems are fun, especially with a customer watching all of the game over your shoulder. "You have done this before, right?"

... AMD is banned but ... (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11206972)

Weed is Legal?

Do I have to chose between AMD and Weed? Not Fair!

Re:... AMD is banned but ... (1)

chawly (750383) | more than 9 years ago | (#11207027)

No choice to make - you choose AMD for the CHEAP thrill.

You're looking at the wrong anology (0)

Anonymous Coward | more than 9 years ago | (#11207123)

Weed is legal, but is advertising weed legal?

Re:... AMD is banned but ... (0)

Anonymous Coward | more than 9 years ago | (#11207137)

Weed is Legal?
That's right, it is medically known to not damage people (and even has beneficial effects), so adults are allowed to use if they wish. Similar to alcohol use, tobacco use, etc.

Interesting that this should happen (4, Insightful)

MP3Chuck (652277) | more than 9 years ago | (#11206983)

I was speaking to someone on a forum just recently, and they mentioned how their processor had "built in virus scanning." After a bit of an argument (he was quite convinced that it was truly virus scanning) I ended up correcting him, and simply explained that it could help stop a "bad program from tricking your computer into doing something it shouldn't."

It's a shame that they couldn't come up with a better way to market this ... because it's definetly misleading to those who don't understand what it does and can easily become an issue of semantics for people who might confuse "virus protection" with "antivirus software." And in a world where the blue E on grandma's desktop = The Internet(TM) this may be happening more than it's apparent.

Re:Interesting that this should happen (2, Funny)

chawly (750383) | more than 9 years ago | (#11207017)

I, for one, welcome the grandma in question as our new antivirus overload .... sorry, that should have been overlord.

Can understand.. (2, Informative)

kaiwai (765866) | more than 9 years ago | (#11207043)

I can understand the stance that the Dutch took in regards to the NX issue. Ultimately, these commissions need to ensure that the information given out by companies such as AMD are as clear and accurate as possible, and I'm sorry, when they say, "advanced virus protection", after putting my end-user hat on for two minutes, what the advertisement is basically saying is this; "throw out all your anti-virus software, this new CPU can not only protect you like a normal virus protector, but does it even better!"

With that being said, however, the other flip side is how thinly do they want to slice the information; many things in IT can't be simplistically put down to a few catch words; the people to blame for this over simplification aren't the engineers, most engineers would love to give the information straight to the customer and say "here is the information, make you decision based on that", on the other side, the people who sell these products tend to have limited information technology knowledge, and not only misunderstand technology but try to break down things into simplistic language in when reality, they're complex matters now matter how much they're rephrased.

So, I guess it is more of an issue of trying to weigh up on one hand, informing customers of a product feature whilst at the same time realising that some aspects of technology are just plain well complex.

co34 (-1, Flamebait)

Anonymous Coward | more than 9 years ago | (#11207046)

Usenet. In 1995,

It only stops one specific type of attack... (0)

Anonymous Coward | more than 9 years ago | (#11207054)

... namely stack-based buffer overflows that rely on an executable stack. There are a variety of other buffer-overflow attacks (e.g. return-to-libc, corruption of data rather than code, etc etc) for which NX has no effect. So while it's certainly quite useful, it's not a brick wall. As I understand it AMDs ad campaign claimed that this stopped viruses in general (not just specifically buffer overflows but viruses in general) which isn't true, there are a huge number of attack vectors other than buffer overflows.

joe six pack is made to be owned (-1, Troll)

timmarhy (659436) | more than 9 years ago | (#11207069)

fuck joesix pack. he is just a peon to be used to do my bidding via my supieror intellect.

Re:joe six pack is made to be owned (0)

Anonymous Coward | more than 9 years ago | (#11207104)

Your's is the superior intellect!

Re:joe six pack is made to be owned (0)

Anonymous Coward | more than 9 years ago | (#11207150)

I think he's being sarcastic. At least that's what I think when someone with a positive karma posts something like that. But maybe that's just me...

(for those that are annoyed by the "...", I guarantee that more's coming. Just hang around awhile.)

How to stop Buffer overflow . (1)

zymano (581466) | more than 9 years ago | (#11207081)

Why do we have these anymore ?

Why don't the people at Monopolysoft start using more secure libraries with visual c/c++ ?

Performance hits are worth it.

Re:How to stop Buffer overflow . (0)

Anonymous Coward | more than 9 years ago | (#11207122)

How do you force people to a new platform when the old one is secure?

I mean, who cares if your OS is no longer supported with updates if it doesn't need them?

Buffer overflows not the issue on Windows (3, Interesting)

bigberk (547360) | more than 9 years ago | (#11207091)

On Windows systems, no, it's not buffer overflows that are the major problem and the CPU's capabilities with respect to flagging memory pages will do absolutely nothing. Humans install viruses on Windows systems. They fall for tricks, it's a social problem. Sure there are still some buffer overflow issues.

Ohh Cmon (4, Interesting)

logicnazi (169418) | more than 9 years ago | (#11207120)

I can't say I think the NX bit is really that big a deal, it only makes things a little harder when you can't execute code on the stack since a stack overflow lets you return program execution to any address on the system you want. Often a cleverly designed system call or another non-stack user controlled data structure will still allow the attacker to gain control.

Still it really does provide some virus protection which is alot more than can be said about most commercials. I mean is the 'lemon strength cleanser' actually a better cleanser because of the lemon. Is 'oxygenation' or whatever really important for skin care.

Maybe they manage to stop all these types of advertising exageration over there, and if so my hat is off to them. At least if they can really manage to do it objectively. Often these sorts of rules aren't applied evenly, letting false but dear cultural assumptions slide by but blocking correct but disconerting claims. For instance I have no doubt that if we had these sort of tight 'truth in advertising' laws in the US we would find condom ads forced to produce 3 peer-reviewed studies for every claim they make while gun ads would be allow to imply or outright say that carrying a gun makes you safer. But maybe other countries can pull this off, after all I'm always amazed the U.K. can function so well without an explicit constitution so who knows. If they can do it objectively my hats off to them.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?