Why Was Intel a No-Show on No Execute? - ' Page Two ' (
Page 2 of 2 )
Its not like the idea of marking areas non-executable is a new one. Intels old 16-bit segmented model prior to the 386 had features for marking segments non-executable. Because of the nature of segments, this probably would have been worthless as a security feature, but clearly they were thinking about it over 20 years ago.
All is not perfect with NX yet. Microsoft says, for reasons I dont understand, that in 32-bit NX systems they will protect only the Windows stack, not the paged pool and other data areas. Incidentally, Linux has supported NX on AMD processors for a while now, although Im not sure whether the heap is protected.
I used to study microprocessors pretty closely, and NX seems like an obvious feature for page-level protection. The Page Table Entry (PTE), the data structure that describes a page, has lots of free "reserved" bits, and theyve been there for almost 20 years. Meanwhile, in an era where multigigahertz PCs cost less than $500 so that users can surf the Web and do word processing as fast as they could before, a major problem that could affect everyone went ignored. What other problems are being ignored like this one?
Intel especially should be ashamed. They had to be embarrassed into supporting NX in their upcoming Prescott processors after AMD added it to their own CPUs. And at first they resisted, expressing pointless concerns over compatibility problems that pale in comparison to the benefits of NX. Intel needs to take a good hard look at how they can make their processors better, rather than just faster.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.
Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: 
More from Larry Seltzer
