Holland Bans AMD's 'Virus Protection' Campaign 330
Hack Jandy writes "For those of you who didn't see this coming, AMD's Advanced Virus Protection campaign has been banned in Holland since the technology does (almost) nothing to stop viruses! If you recall, AMD's NX bit attempts to stop the processor from executing pages on the stack that have been written to. Does NX even solve more problems than it causes?"
Re:How do you explain it to Joe Sixpack? (Score:0, Interesting)
Hum. (Score:5, Interesting)
...then I actually RTFA. So it appears that the complaint wasn't against the claim NX "protects against viruses", the complaint was that the advertisements did not make necessary disclaimers like "requires special operating system support". This seems definitely reasonable on the regulators' part.
This said, I have heard it claimed that NX technology is rediculously easy to circumvent. Specifically, I saw a long post by Linus Tourvalds somewhere in which he noted that NX provided protection against some classes of buffer overflow attacks, but not all, and then outlined various ways in which someone attempting a buffer overflow under Linux could potentially simply structure their buffer overflow so as to circumvent the protections NX offers. The post was very technical and I could not tell if the statements were general or just byproducts of the way Linux handles stack and such. Does WinXP suffer from these same problems with regard to the efficacy of an NX bit?
Re:Hum. (Score:2, Interesting)
I'll try to sketch a radio-commercial:
Voice of teenage girl: "Hi, I'm susan. When I come home from school Í like to chat with my girlfriends for an hour or so. If that darn brother of mine isn't gaming or doing something silly on our computer.
***But thank god that I don't have to worry about virusses.***"
Voice of AMD-man that explains that the family enjoys their AMD-based computer with built-in virus-protection.
There indeed is no talk about "in addition to our processor you will still need a virus-scanner. And a supporting OS such as Windows-XP-SP2 and a firewall".
I always did find it misleading. Especially the idea that people might buy such a computer and never bother to install virus-scanners or a firewall (as it seems you need SP2 that has the firewall defaulted to on so that is actually only one step that can be forgotten, but I didn't know that at the time).
Siggy.
Buffer overflows not the issue on Windows (Score:4, Interesting)
Ohh Cmon (Score:5, Interesting)
Still it really does provide some virus protection which is alot more than can be said about most commercials. I mean is the 'lemon strength cleanser' actually a better cleanser because of the lemon. Is 'oxygenation' or whatever really important for skin care.
Maybe they manage to stop all these types of advertising exageration over there, and if so my hat is off to them. At least if they can really manage to do it objectively. Often these sorts of rules aren't applied evenly, letting false but dear cultural assumptions slide by but blocking correct but disconerting claims. For instance I have no doubt that if we had these sort of tight 'truth in advertising' laws in the US we would find condom ads forced to produce 3 peer-reviewed studies for every claim they make while gun ads would be allow to imply or outright say that carrying a gun makes you safer. But maybe other countries can pull this off, after all I'm always amazed the U.K. can function so well without an explicit constitution so who knows. If they can do it objectively my hats off to them.
Re:How do you explain it to Joe Sixpack? (Score:4, Interesting)
Re:Holland or the Netherlands? (Score:3, Interesting)
Heck, most languages call other countries (and/or their native languages) by names that frequently have little relation to their native name. People in Byelorus even complain that germans call their country "white russia" instead of "byelorus", even though they call the German language "nyemetski" instead of "deutsch". So long as the information is passed, people need to quit pitching a fit about it. It's just the way language has developed.
Re:Self-modifying code? (Score:3, Interesting)
Simply allocating it initially as both writable and executable needlessly opens your JIT to the possibility of exploits.
Nobody has pointed out (Score:2, Interesting)
The AMD NX feature is a long, long overdue feature that processors have been missing for quite some time, and it can prevent a LOT of misuse. I admit that AMD has made it seem like its an end-all to viruses, but trying to explain it to non-technical people isn't a simple thing.
Re:How do you explain it to Joe Sixpack? (Score:4, Interesting)
"Pointer in memory protection" (Score:5, Interesting)
Every time when the processor writes an address into memory (for example, return addresses stored in stack memory by subroutine calls) the memory location is marked as containing a valid address by using a "shadowed" flag, a 65th bit (one bit of ECC memory is used, so the machine does not need special memory modules, just standard ECC memory modules). If that memory location is overwritten with data, the CPU automatically clears the "shadowed" flag. If the CPU tries to use a pointer as a memory address, that was overwritten with data before, it automatically generates an interrupt.
This feature was originally not designed to be a buffer overflow protection, but it was neccessary, because the AS/400 uses a so-called "single level storage", where all applications use the same address space. Therefore, the machine needed some method to prevent applications from writing to arbitrary locations in memory, and that's why pointer-in-memory-protection was invented.
Actually, the memory is also segmented, one segment for every "object" created by a program. Most buffer overflows can not even overwrite an address, because a character array will have its own object boundary.
For example, the following code will typically not generate a buffer overflow on an AS/400:
int main(void)
{
char space_a[20];
char space_b[20];
int i;
for (i = 0; i < 100; i++)
{
space_a[i] = 'A';
}
for (i = 0; i < 100; i++)
{
space_b[i] = 'B';
}
}
Just try it out, it should not even crash.
I tried a lot of things like these on an AS/400 Mod. 170 running V5R2 using IBM ILE C compiler.
I think, pointer protection using shadow flags is the right way to prevent execution of code inserted by exploiting buffer overflows, because all other protection methods can't prevent return-into-libc exploits, but the pointer-in-memory-protection can, so IMHO it is the only *real* protection.
Further reading: "The inside story of the IBM iSeries" by Frank Soltis (a book about the architecture of the iSeries and the POWER processors)
AMD64 Adverts Suspect Too (Score:2, Interesting)
Fortunately they did not ban PaX! (Score:3, Interesting)
NX is just one method to protect the integrity of the memory. What it basically does is that it allows an OS to implement separation between data and code in the memory of a running process. Many overflow and other attacks depend on writing data in the process memory and then executing it as if it was code. A virus or a trojan is usually a program. It depends on being run, not on memory corruption. Therefore protection against memory corruption brings you literally nothing.
NX in itself stops exploit writers for aproximately 15 minutes, which is the time it takes for them to adjust most of their overflows to make them work with NX. Only a hand full of attacks cannot be adjusted. So NX in itself doesn't bring you much, despite what the marketing departments of companies like AMD and Red Hat tell you.
The trick to provide good memory protection is not to only use NX, but to combine it with other protection methods. This is the approach taken by the PaX project http://pax.grsecurity.net/ [grsecurity.net].
However, there are also some PaX imitations which, unfortunately, do not implement all of the PaX technology (even though some of them claim they do or claim to be even better). Examples are: MS-Windows SP2, Red-Hat's Exec-shield and OpenBSD's W^X.
Anyways, back from the technical intermezzo to AMD marketing. These guys have the same problem which people from the PaX project, exec-shield, OpenBSD and others who produce stuff like this have: Try to explain why this stuff is useful. If clever people like Linus don't get it, then how is one going to explain it to John Doe or the PHB's of this world? ``Memory corruption? Exploits? Buffer overflows?'' ``Woah! Brain overload!'' At least they have heard the word ``virus'' a few times and have learned that ``virus = bad''. So ``NX = good'', which cannot be explained to lusers, became ``NX = anti-virus = good''. Even if it is disabled by default, if you cannot motivate people to try to look for it, they never will.
Oh yes, these patches break things. Most programmers are spoiled. They think it is normal to mess around with memory in any way they like. Few of them understand that what is convenient for them, is also convenient for exploit writers. It's like MS-DOS programmers complaining about the file permissions on UNIX.
I hope AMD takes the challenge to produce better marketing, so more people start using this technology. Even though it is badly implemented in MS-Windows, it is a small step in the right direction.
Re:"Pointer in memory protection" (Score:3, Interesting)
With 3 bits you can also tag a word to contain instructions, and the type of data (integer, float etc).
Re:How do you explain it to Joe Sixpack? (Score:4, Interesting)
A software stack check will already catch that. (a random number stuck under the stack frame, checked before returning. You could overflow the buffer, but you can't know what random number to write because it changes each time -> failed exploit.)
IBM did some work to put a similar feature into GCC:
http://www.research.ibm.com/trl/projects/securi
Re:Self-modifying code? (Score:1, Interesting)
"Needlessly" is really strong word to use there. For just one example caching the results of virtual method lookups by executable-code rewriting is a highly useful optimization that is used in VM implementations for a number of languages. Having to go to the bother of a system call on every such cache miss seems like it might take a big bite out of that, don't you think?
Re:How do you explain it to Joe Sixpack? (Score:3, Interesting)
Umm.. Java programs don't get buffer overflows. C++ programs that use bound-checked containers and no pointer arithmetics are reasonably safe. Perl and Python are all right. So are we only talking about old-style C code then?
Re:Self-modifying code? (Score:5, Interesting)
Who cares? (Score:4, Interesting)
Of course, the whole mess doesn't exist in the Dutch language anyway. We live in Nederland, we speak Nederlands, and we call ourselves Nederlanders - all perfectly regular. If I called myself a "Hollander" in Dutch, I would be indicating I was from either South Holland or North Holland. If I do the same in English people understand I'm from the Netherlands.
Oh, and if the audience is American, they know I'm from the capital of a country known as Kopenhagen ;-) Sorry about that, but you must understand that American tourists who are not only lost, but in fact at least two entire countries removed from where they think they are, are the stuff of legend in Europe ;-)