Advanced Micro Devices Inc.’s Opteron and Athlon 64 processors can detect a commonly used attack against PCs connected to the Internet and render it harmless by blocking malicious code from executing, AMD said this week.
Known as Execution Protection, the feature detects an attacker’s attempt to overflow a buffer — a temporary holding place for data in a processor — with more data than that buffer can hold. This results in data leaking to other buffers on a microprocessor or the corruption of any data within that buffer.
Like almost all processors, AMD’s chips detect buffer overflows and trigger an overflow exception that crashes an application or operating system, said John Crank, Athlon 64 product manager. But AMD’s chips take the additional step of designating any code that enters the processor after the overflow exception is triggered as nonexecutable, he said. Otherwise, if the overflow exception was caused by a malicious attack, rather than a programming error, the new code can open the way for the attacker to place software programs known as “trojans” inside the PC, giving that attacker control of the PC, Crank said.
Execution Protection will prevent the code that caused the buffer overflow from being written into memory, blocking any further access to that PC, Crank said. The feature is already inside AMD’s 64-bit Athlon 64 and Opteron chips, and it will be enabled when Microsoft Corp. releases Windows XP Pack 2 in the second quarter, he said.
The feature will also work today with any Linux PC or server with AMD’s 64-bit chips, Crank said. AMD’s technology is new, as far as the x86 chip world is concerned, said Dean McCarron, principal analyst with Mercury Research Inc. in Cave Creek, Ariz. The x86 instruction set runs most of Intel Corp.’s and AMD’s processors.
Older microprocessors such as the venerable Alpha chip used a form of this technology, but it was designed to protect more specific hardware exploits rather than the general buffer overflow technique used against today’s PCs and servers, Crank said. AMD had avoided discussing the technology until Microsoft was ready to give more guidance about when Service Pack 2 would be released, he said.
Intel uses a variation of the technology in its Itanium processors for high-end servers, said George Alfs, an Intel spokesperson. The company is currently evaluating the technology for mainstream processors, and wants to make sure it is fully tested before releasing the technology, he said, declining to provide a time frame for its release.
Buffer overflows were responsible for some of the most damaging worms and viruses of the last year, including Slammer and Blaster. Microsoft has since issued patches to correct the flaws that allowed those attacks to occur.
AMD’s technology does not prevent all viruses or worms from damaging a user’s PC, just ones based on buffer overflow vulnerabilities, Crank said.