• United States

Microsoft, Red Hat to use secure CPUs

Jun 22, 20042 mins
Data CenterMicrosoftSecurity

* Microsoft, Red Hat operating systems to tap into CPU-based security

Red Hat and Microsoft last week gave users a peek at new technologies that provide for CPU-based security and that support changes already made to Intel and AMD processors.

The technologies built into Intel and AMD processors are intended to prevent malicious code from being run. Without changes to operating systems, though, they cannot be activated.

AMD’s technology, called Enhanced Virus Protection, is included in its 64-bit Athlon and Opteron processors. It affects how malicious code is treated by system memory and does not allow misbehaved code to be processed. Enhanced Virus Protection sets aside portions of system memory as “data-only,” so viruses cannot be executed.

Intel has incorporated its Execute Disabled Bit technology into its Itanium processors and expects to extend it to x86-based Pentium 4 processors in the third quarter of this year.

Red Hat is working to integrate a technology it calls NX – for “No Execute” – into the upcoming version of Red Hat Enterprise Linux 3, which is expected to ship in August. No word has been received as to whether Novell will incorporate these technologies into its upcoming operating systems, Open Enterprise Server and SuSE Linux Enterprise Server.

Red Hat’s NX technology will work on Intel x86 servers and workstations, as well as on the company’s recently announced 64-bit extension technology. Red Hat also has a technology called Execshield that separates the program area of code from its instructions to keep executables from running if a system has a buffer overflow.

Microsoft will incorporate support for both AMD’s and Intel’s technologies into Windows XP Service Pack 2, which is presently in beta and expected to ship later this year. The company will also support the technologies in Windows Server 2003 Service Pack 1, which the company claims will ship later this year. Microsoft will continue its support of Intel’s LaGrande Technology, which creates an environment on client PCs where applications can run within their own space, protected from all other software on the system.

In addition, the company will enable technology of its own, called Data Execution Prevention (DEP), which marks memory locations in a process as non-executable unless the location contains executable code. This will prevent attacks that insert executable code into non-executable memory locations.