Advanced Micro Devices says its Opteron and Athlon 64 processors can detect a commonly used attack against PCs...
connected to the internet and render it harmless by blocking malicious code from executing.
A feature known as Execution Protection detects an attacker's attempt to overflow a buffer - a temporary holding place for data in a processor - with more data than that buffer can hold. This results in data leaking to other buffers on a microprocessor or the corruption of any data within that buffer.
Like almost all processors, AMD's chips detect buffer overflows and trigger an overflow exception that crashes an application or operating system, said John Crank, Athlon 64 product manager, although he added that the chips take the additional step of designating any code that enters the processor after the overflow exception is triggered as nonexecutable.
Otherwise, if the overflow exception was caused by a malicious attack, rather than a programming error, the new code can open the way for the attacker to place trojans inside the PC and gain control.
Execution Protection will prevent the code that caused the buffer overflow from being written into memory, blocking any further access to that PC. The feature is already inside AMD's 64-bit Athlon 64 and Opteron chips, and it will be enabled when Microsoft releases Windows XP Pack 2.
The feature will also work with any Linux PC or server with AMD's 64-bit chips.
AMD's technology is new, as far as the x86 chip world is concerned, said Dean McCarron, principal analyst with Mercury Research. The x86 instruction set runs most of Intel's and AMD's processors.
Older microprocessors such as the Alpha chip used a form of this technology, but it was designed to protect more specific hardware exploits rather than the general buffer overflow technique used nowadays.
AMD had avoided discussing the technology until Microsoft was ready to give more guidance about when Service Pack 2 would be released, Crank said.
Intel uses a variation of the technology in its Itanium processors for high-end servers, said Intel spokesman George Alfs. The company is evaluating the technology for mainstream processors, and wants to make sure it is fully tested before releasing the technology.
Buffer overflows were responsible for some of the most damaging worms and viruses of the past year, including Slammer and Blaster. Microsoft has since issued patches to correct the flaws that allowed those attacks to occur.
Tom Krazit writes for IDG News Service