- Related Stories
-
Transmeta to add antivirus feature to chips
May 17, 2004 -
Linux gets Intel help with Centrino
March 10, 2004 -
AMD, Intel put antivirus tech into chips
January 8, 2004 -
Red Hat overhauls flagship Linux
October 22, 2003
The security technology, called NX for "no execute," is built into several "x86" processors from Intel, AMD and Transmeta. The technology is designed to block vulnerabilities that viruses and worms use to spread, but operating system support is required for NX to work.
 | ||||
|
| | ||
|
Get Up to Speed on... Open source  Get the latest headlines and company-specific news in our expanded GUTS section. |
| ||
|
|
||||
|
|
||||
On Wednesday, Red Hat programmer Ingo Molnar announced a Linux patch for NX support based on a prototype from Intel.
Microsoft's Windows will support the NX technology when Service Pack 2 arrives, expected in the third quarter.
In a discussion on the Linux kernel mailing list after Molnar posted the patch, Linux founder and leader Linus Torvalds asked how many programs wouldn't work using with NX enabled. On hearing the number was low, he then said, "It sounds like we should just have NX on by default."
NX support is important enough that it's worth risking problems with some applications, Torvalds said. "I think most people have seen the security disaster that causes most of the e-mails on the Net to be spam. So this should be trivial to explain to people when they complain about default behavior breaking their strange legacy app," Torvalds argued.
Although the vast majority of Intel's processors run Windows, the company has been supporting Linux as well. In addition to the NX work, Intel this year released prototype wireless network support--albeit nearly a year after full-fledged support was available in Windows.
Programmers working for the chipmaker have contributed to several other Linux projects, including support for Itanium processors and Universal Serial Bus (USB) hardware.
It's worth noting that OpenBSD even provides a form of no-execute protection on i386 CPUs by making use of the memory management unit in a creative way.
http://en.wikipedia.org/wiki/NX
Also, the PaX documentation,
http://pax.grsecurity.net/docs/pageexec.old.txt
And there is a full PaX wikipedia article as well:
http://en.wikipedia.org/wiki/PaX
PaX was born October 1, 2001, and is the oldest out of PaX, ExecShield, OpenBSD's W^X, and MS Windows XP SP2. OBSD's W^X came out in 3.3 in May, 2003. I don't have a date for SP2 or ES.
What's the deal with that????
- Linux has had this for a long time
- by Anonymous June 8, 2004 3:15 PM PDT
- This is really just joint PR for Intel...
- Like this Reply to this comment
-
(4 Comments)Linux has supported NX functionality for CPUs that support it. For CPUs that don't support NX in hardware, Linux has the Exec Shield facility, which provides the same functionality in software. Effectively, even 386 CPUs have this function with Linux already.
NX moves the support to CPU hardware, saving a fractional percent in overhead (never noticed it).
So, while this is new for WinXP, it's old for Linux. The media blitz is just to let folks know that Linux will support the hardware function, when it's available on the Intel CPUs. There is NO CHANGE in the actual security or function on Linux