Holland Bans AMD's 'Virus Protection' Campaign

Hack Jandy writes "For those of you who didn't see this coming, AMD's Advanced Virus Protection campaign has been banned in Holland since the technology does (almost) nothing to stop viruses! If you recall, AMD's NX bit attempts to stop the processor from executing pages on the stack that have been written to. Does NX even solve more problems than it causes?"

Eh, whatever.

[TWX]

I don't understand really why AMD felt a need to make an ad campaign over the technology anyway. Most uses for this technology are buffer overflow preventions, which are almost exclusively server technology. Admittedly, it is possible for any program that makes a remote connection to accept data or idles waiting for data to possibly be vulnerable, but for a userland machine this would be mostly messaging programs and p2p programs.

I think it would have made sense to put it as a nice side feature so that geeks see the technology and how it prevents buffer overflows, but they probably already know about it.

What is a "virus" to most people

[IBitOBear]

Given that, in common parlance, most people don't know the differences between the various exploits "virus" is as good a word as any.

And if the NX bit were used for more than the stack, then it could protect against a lot of (non-trojan) viral activity too.

Lets face it most viruses today aren't even viruses. They are trojans, worms, and human-engeneering exploits. How often do you see an actual virus? You know a program that writes its code into another program. It's actually getting kind of rare. Now days it is whole applications delivering themselves to your computer through email and exploiting the existing code of crap like IE and Outlook by just telling those programs to run the evil code. Most exploits today are applets and packages.

All But Gone are the days of rewritten exe headers wiht appended code fragments, and programs appending themselves to other programs in memory.

Quite frankly if all the non-code memory regions in my computer were non-execute down to the very last GDI region and printer buffer, the classic virus would be dead. The IE hacks and the trojans and the worms would still be here because certian stupid programs will do arbitrarily complex things at the behest of remote entities, but that isn't a virus. Thats bad design comming home to roost.

Re:How do you explain it to Joe Sixpack?

[jrockway]

NX doesn't fix anything.

If I'm overflowing a stack buffer, I'll just write the address of system() over EIP and the address of a string I control after that. Then when the function returns, it will execute system("/whatever/program/i/want").

Maybe not quite as convenient as shellcode for crackers, but virus writers will adapt and NX will mean nothing.

Re:How do you explain it to Joe Sixpack?

[lintux]

Let's just say it's impossible to market something like this. In their ad they said something like "AMD processors are the only processors which actively stop/prevent viruses". Surely that's not something a CPU can do at all anyway.

And since this is only a minor improvement (if an improvement at all) in the Athlon64 I wonder why they didn't think of something else to use to promote the CPU... Surely saying that the thing is 64-bit must impress some Joe Sixpacks.

Re:How do you explain it to Joe Sixpack?

[Anonymous Coward]

What the "NX bit" actually does is a pretty nice thing for preventing buffer overflows.

I have to call you on this one. It's only a "pretty nice thing" in theory, since the option has to be enabled during the compilation of the binary. In Windows (even XPsp2), this is only enabled for certain MS-created services that listen on ports. It has to run in PAE mode. Not every application is protected. Significantly, the user-space apps are not protected. You have to specify /PAE option, despite what MS says [microsoft.com].

So, moderators. How does the original post deserve such a high ranking? It's factually incorrect on a few points, and just makes general statements about "safety is good". The trend appears to be that early posters get points, and everyone else carps and trolls. What a shit hole slashdot has become. (I can recall when a 90-post story was big news, and most of the posts were useful... but don't get me started.)

Re:Holland or the Netherlands?

[Clay Pigeon -TPF-VS-]

Holland, Zeeland, and Friesland(sp?) make up the Netherlands iirc.

Re:How do you explain it to Joe Sixpack?

[0racle]

"What does 64bit mean? Obviously 32 is working for me, why do I need this. Now virus protection, that I need."

Thats why. They don't have to explain what being a 64bit processor means and why they need it, because most people don't, but everyone need virus protection and for the most part they already know that.

I have yet to see a good reason why I should get an A64, beyond the 'dude holy shit its faster then last months model.'

Its only part of the solution.

[Anonymous Coward]

Good luck writing the address of system() when that address is different every time the program runs. No one thing is a silver bullet, you use a complete solution like openbsd.

Re:Its only part of the solution.

[jrockway]

There are ways around that. The true solution to the problem is to not overflow your buffers!

Interesting that this should happen

[MP3Chuck]

I was speaking to someone on a forum just recently, and they mentioned how their processor had "built in virus scanning." After a bit of an argument (he was quite convinced that it was truly virus scanning) I ended up correcting him, and simply explained that it could help stop a "bad program from tricking your computer into doing something it shouldn't."

It's a shame that they couldn't come up with a better way to market this ... because it's definetly misleading to those who don't understand what it does and can easily become an issue of semantics for people who might confuse "virus protection" with "antivirus software." And in a world where the blue E on grandma's desktop = The Internet(TM) this may be happening more than it's apparent.

Virus/worm distinction is growing less important

[ikewillis]

Viruses are now including multiple attack vectors, and often times some of these require human intervention while some don't. As viruses grow increasingly multiparadigm and begin exhibiting both the properties of the canonical virus (requiring human intervention) and worm (spreading without human intervention) the semantic distinction grows less important.

This is a distinction which Joe Sixpack has a terrible time grasping. Telling someone "Your computer's got worms!" is less likely to be comprehend than "Your computer has a virus", further complicating the difficulty of explaining to Joe Sixpack that hardware buffer overflow protection could save him from the next Windows worm...

Re:How do you explain it to Joe Sixpack?

[secretsquirel]

joe is a sheep, you tell him what to do. he does it

Excatly. You explain to joe sixpack that he (scare him into thinking that he) needs this or he will get hacked and have his identity stollen or something, and that NX turbo supersheild max-blaster technology is the only way that he can stop it and then joe says "oh shit!" and goes and buys them for his whole family.

It's called advertising, and IT WORKS!

Re:How do you explain it to Joe Sixpack?

[Anonymous Coward]

First off all buffer overflow problem wxist only in software that has a bug. The thruth is that there probably isn't any large program out there that doesn't suffer from this. When you have a huge chunk of code you tend to over look things plus the software gets extremely hard to maintain from a security stand point, hens buffer overflows appear. What AMD supposedly invented is the same thing that VMS machines have had for ages now (or should I say used to when VMS was still kicking). As some people have already pointed out there are several software implementations of the *NX* feaure with OpenBSD being the most notable one. So in essence *NX* is not that inovative and most deffinitelly not that nessecary. With the current processing power of any CPU I hardly doubt it that you will even notice a difference if Windows were to finally decise to include a software solution rather than using the hadware one provided by AMD.
The reason why *NX* does not work at all in the virus prevention is because there is not a single new virus out there that uses a buffer overflow. Buffer overflows are fixed very fast once they are discovered and the only people that use them to compromise systems are crackers. However, with the swiss cheese that windows is you harly need a buffer overflow exploit to compromise the system ... SO yeah it was a good thing that AMD included the feature but they should have probably asked themselves why noone else did when it is so easy ... Kind of like nvidia and their soundstorm solution ... technology is great but only when it's actually needed.

Re:How do you explain it to Joe Sixpack?

[rale, the]

I have to call you on this one. It's only a "pretty nice thing" in theory, since the option has to be enabled during the compilation of the binary.

Sorry, but this isn't true - NX protection has nothing to do with compiling binaries. It is runtime protection.

In Windows (even XPsp2), this is only enabled for certain MS-created services that listen on ports. It has to run in PAE mode. Not every application is protected. Significantly, the user-space apps are not protected. You have to specify /PAE option, despite what MS says [microsoft.com].

This is unfortunate but true, the default for processors that support it really should have been to turn it on for all apps. As it is, you have to go into Control Panel->System->Advanced->Performance->Data Exec Protection and enable it for all apps yourself. It does work quite exactly how it should when you do, tho - warning you and shutting down apps that attempt to execute data as code.

So, moderators. How does the original post deserve such a high ranking? It's factually incorrect on a few points, and just makes general statements about "safety is good". The trend appears to be that early posters get points, and everyone else carps and trolls. What a shit hole slashdot has become. (I can recall when a 90-post story was big news, and most of the posts were useful... but don't get me started.)

So, moderators, how does an AC who posts factually incorrect statements also get a +4 Insightful? Is it just because he said "So, moderators"?

Comment removed

[account_deleted]

Comment removed based on user account deletion