Holland Bans AMD's 'Virus Protection' Campaign 330
Hack Jandy writes "For those of you who didn't see this coming, AMD's Advanced Virus Protection campaign has been banned in Holland since the technology does (almost) nothing to stop viruses! If you recall, AMD's NX bit attempts to stop the processor from executing pages on the stack that have been written to. Does NX even solve more problems than it causes?"
Eh, whatever. (Score:4, Insightful)
I think it would have made sense to put it as a nice side feature so that geeks see the technology and how it prevents buffer overflows, but they probably already know about it.
What is a "virus" to most people (Score:5, Insightful)
And if the NX bit were used for more than the stack, then it could protect against a lot of (non-trojan) viral activity too.
Lets face it most viruses today aren't even viruses. They are trojans, worms, and human-engeneering exploits. How often do you see an actual virus? You know a program that writes its code into another program. It's actually getting kind of rare. Now days it is whole applications delivering themselves to your computer through email and exploiting the existing code of crap like IE and Outlook by just telling those programs to run the evil code. Most exploits today are applets and packages.
All But Gone are the days of rewritten exe headers wiht appended code fragments, and programs appending themselves to other programs in memory.
Quite frankly if all the non-code memory regions in my computer were non-execute down to the very last GDI region and printer buffer, the classic virus would be dead. The IE hacks and the trojans and the worms would still be here because certian stupid programs will do arbitrarily complex things at the behest of remote entities, but that isn't a virus. Thats bad design comming home to roost.
Re:How do you explain it to Joe Sixpack? (Score:5, Insightful)
If I'm overflowing a stack buffer, I'll just write the address of system() over EIP and the address of a string I control after that. Then when the function returns, it will execute system("/whatever/program/i/want").
Maybe not quite as convenient as shellcode for crackers, but virus writers will adapt and NX will mean nothing.
Re:How do you explain it to Joe Sixpack? (Score:5, Insightful)
And since this is only a minor improvement (if an improvement at all) in the Athlon64 I wonder why they didn't think of something else to use to promote the CPU... Surely saying that the thing is 64-bit must impress some Joe Sixpacks.
Re:How do you explain it to Joe Sixpack? (Score:2, Insightful)
I have to call you on this one. It's only a "pretty nice thing" in theory, since the option has to be enabled during the compilation of the binary. In Windows (even XPsp2), this is only enabled for certain MS-created services that listen on ports. It has to run in PAE mode. Not every application is protected. Significantly, the user-space apps are not protected. You have to specify
So, moderators. How does the original post deserve such a high ranking? It's factually incorrect on a few points, and just makes general statements about "safety is good". The trend appears to be that early posters get points, and everyone else carps and trolls. What a shit hole slashdot has become. (I can recall when a 90-post story was big news, and most of the posts were useful... but don't get me started.)
Re:Holland or the Netherlands? (Score:2, Insightful)
Re:How do you explain it to Joe Sixpack? (Score:5, Insightful)
Thats why. They don't have to explain what being a 64bit processor means and why they need it, because most people don't, but everyone need virus protection and for the most part they already know that.
I have yet to see a good reason why I should get an A64, beyond the 'dude holy shit its faster then last months model.'
Its only part of the solution. (Score:1, Insightful)
Re:Its only part of the solution. (Score:5, Insightful)
Interesting that this should happen (Score:5, Insightful)
It's a shame that they couldn't come up with a better way to market this
Virus/worm distinction is growing less important (Score:3, Insightful)
This is a distinction which Joe Sixpack has a terrible time grasping. Telling someone "Your computer's got worms!" is less likely to be comprehend than "Your computer has a virus", further complicating the difficulty of explaining to Joe Sixpack that hardware buffer overflow protection could save him from the next Windows worm...
Re:How do you explain it to Joe Sixpack? (Score:1, Insightful)
Excatly. You explain to joe sixpack that he (scare him into thinking that he) needs this or he will get hacked and have his identity stollen or something, and that NX turbo supersheild max-blaster technology is the only way that he can stop it and then joe says "oh shit!" and goes and buys them for his whole family.
It's called advertising, and IT WORKS!
Re:How do you explain it to Joe Sixpack? (Score:2, Insightful)
The reason why *NX* does not work at all in the virus prevention is because there is not a single new virus out there that uses a buffer overflow. Buffer overflows are fixed very fast once they are discovered and the only people that use them to compromise systems are crackers. However, with the swiss cheese that windows is you harly need a buffer overflow exploit to compromise the system
Re:How do you explain it to Joe Sixpack? (Score:5, Insightful)
Sorry, but this isn't true - NX protection has nothing to do with compiling binaries. It is runtime protection.
In Windows (even XPsp2), this is only enabled for certain MS-created services that listen on ports. It has to run in PAE mode. Not every application is protected. Significantly, the user-space apps are not protected. You have to specify
This is unfortunate but true, the default for processors that support it really should have been to turn it on for all apps. As it is, you have to go into Control Panel->System->Advanced->Performance->Data Exec Protection and enable it for all apps yourself. It does work quite exactly how it should when you do, tho - warning you and shutting down apps that attempt to execute data as code.
So, moderators. How does the original post deserve such a high ranking? It's factually incorrect on a few points, and just makes general statements about "safety is good". The trend appears to be that early posters get points, and everyone else carps and trolls. What a shit hole slashdot has become. (I can recall when a 90-post story was big news, and most of the posts were useful... but don't get me started.)
So, moderators, how does an AC who posts factually incorrect statements also get a +4 Insightful? Is it just because he said "So, moderators"?
Comment removed (Score:2, Insightful)