Intel has introduced its first desktop processors to support what it calls Execute Disable Bit (EDB) technology - essentially the same code-disabling technology found in AMD, Transmeta and other CPUs, and used by Windows XP Service Pack 2 to render some viruses ineffective.
Processors that make use of EDB technology have the letter "J" tagged onto the end of their name. All newly fabricated Socket T Pentium 4's, from 520 to 560 will contain the new security technology. Intel has also released a few EDB enabled Celeron and Pentium M processors to round off their new lineup.
Execute Disable Bit allows the processor to classify areas in memory by where application code can execute and where it cannot. When a malicious worm attempts to insert code in the buffer, the processor disables code execution, preventing damage or worm propagation.
View: Intel Processor Naming Conventions
View: Intel EDB Information
News source: The Reg
Processors that make use of EDB technology have the letter "J" tagged onto the end of their name. All newly fabricated Socket T Pentium 4's, from 520 to 560 will contain the new security technology. Intel has also released a few EDB enabled Celeron and Pentium M processors to round off their new lineup.
Execute Disable Bit allows the processor to classify areas in memory by where application code can execute and where it cannot. When a malicious worm attempts to insert code in the buffer, the processor disables code execution, preventing damage or worm propagation.
View: Intel Processor Naming Conventions View: Intel EDB Information News source: The RegWhat's new ?
Added lost extended registers unlocking code in RAM configuration detection routine for NVIDA GeForceFX and newer boards.
Hour is now displayed correctly on time markers in hardware monitoring log file viewer.
Fixed driver-level color correction for non-default rotation angles under the Detonator 42.10 and newer drivers.
Added ForceWare 66.31, 66.29, 66.32, 66.51, 66.70, 66.72 and 66.81 drivers support.
Updated databases for Detonator and ForceWare driver families. Due to more complex database build automation process used to generate database build scripts in this version, the databases contain many new system registry entries, missed in database build script in the previous versions.
Updated NVStrap antiprotection and ForceWareAntriprotector patch scripts for ForceWare 66.31, 66.29, 66.32, 66.51, 66.70, 66.72 and 66.81 drivers.
Revised antialiasing modes list for the ForceWare drivers.
Changed ForceWareFSAAModes format. Now system requirements are specified using GPU family ID rather than PCI DeviceID.
Updated Catalyst 4.9, 4.9 hotfix and 8.07 beta certified SoftR9x00 and ATIOverclockingAntiprotection patch scripts.
Added RV410 support. Now all R420 specific features including clock frequency control, temperature and fan speed monitoring / control are also available on RADEON X700 series. Thanks to Andrew Worobiew for testing RivaTuner with ATI RADEON X700XT.
Added VID monitoring for NV40 GPU based display adapters. Now GeForce 6800/GT/Ultra owners may also see either raw VID data or the corresponding voltages in hardware monitoring window.
Improved VID interpretator for "Core VID" hardware monitoring data sources:
Now besides NV30/NV35/NV38 specific "ISL6569 with hardwired VID0 / VID1" VID interpretation mode, RivaTuner's database also contains "1.1V + 0.1V / 0.3V loop", "1.1V + 0.3V / 0.2V loop" and "1.1V + 0.1V / 0.2V loop" interpretation modes allowing to translate raw VID data to the corresponding voltage on all NV40 based boards.
Added "Autoselect" button to the "VID interpretation" dialog. This button forces RivaTuner to compare voltage table stored in VGA BIOS with all VID interpretators available in the database and automatically select matched one.
Added interpretation preview window to the "VID interpretation" dialog. Now RivaTuner displays all available VID values and the corresponding voltages for selected intepretator.
Greatly improved built-in patch script engine:
Added BIOSChecksumGenerator RTS post-installation plug-in module, allowing you to restore BIOS checksum after patching a file with RivaTuner's patch script engine.
Added BIOSChecksumGenerator stub patch script, allowing you to restore VGA BIOS checksum in image file without making any additional changes in it.
Improved patch script format. Now the DstFile and BakFile fields can contain %filename% and %ext% macro strings. This feature is useful when source file name contains wildcards and is unknown a priori.
Added NV40BIOSUnitsMaskEliminator patch script, allowing you to remove software pixel / vertex units mask from VGA BIOS image file.
New patch script formats support. Now besides previously available native patch scripts, applying changes to a file, RivaTuner's patch script engine also supports so called runtime scripts, which can be applied directly to a driver loaded in memory. Runtime patch scripts are useful for patching runtime decoded drivers, protected against native patch scripts. Furthermore besides native-only and runtime-only patch scripts, patch script engine also supports so called universal patch scripts, which can be installed in both modes.
Added ATIOverclockingAntiprotectionRuntime patch script, based upon newly introduced runtime patching technology. This script is an example of universal patch script, which can be applied to both driver miniport binary file in the distributive and directly to the miniport driver, loaded in memory.
Improved NVIDIA VGA BIOS formats support:
Now BIT structure based VGA BIOS images with no BMP structure are fully supported by RivaTuner. This allows displaying "NVIDIA VGA BIOS information" diagnostic report category on GeForce 6600 display adapters family, which have no BMP structure in BIOS.
Added BIT tokens list interpretator. Now locations of tokens defining offsets to performance and voltage tables are calculated by translating and scanning whole BIT tokens list and no longer referenced using fixed offset from the beginning of BIT header.
Improved low-level graphics subsystem diagnostic report module:
Now NVIDIA VGA BIOS version is read from the BIT rather than from the BMP when both structures are available in VGA BIOS.
Added dozen of new NVIDA / Intel / SiS / AMD northbridges to RivaTuner's hardware database.
"GPU units mask" line in "NVIDIA VGA BIOS information" diagnostic report category has been renamed to "SW units mask". Software units mask representation has been also changed to make it more plain for beginners. Now RivaTuner displays "none" instead of "16x1,6vp" when there are no software masked units detected in VGA BIOS, and shows which pixel / vertex units exactly are disabled if software units mask exists in VGA BIOS.
Added "HW units mask" line to "NVIDIA specific display adapter information" diagnostic report category. This line displays "none" if the GPU doesn't have hardware masked pixel / vertex units, otherwise it shows which pixel / vertex units exactly are masked with hardware straps.
New NVStrap v1.6 driver brings you more nice exclusive features:
Now the NVStrap driver configuration tab contains "Allow enabling masked units" option, allowing the driver to force the graphics processor to activate all pixel / vertex units, even if they are hardware strapped as damaged. Please be extremely careful and use this option at your own risk. Enabling hardware masked units, which have not passed hardware quality testing, may cause unpredictable results and even permanently damage your graphics hardware.
Improved "Custom graphics processor configuration" dialog layout. Now you may also see enabled/disabled state of each pixel/vertex unit in separate column. New "HW masked" column shows you which pixel / vertex units are hardware strapped as defected and protected from enabling by default by hardware mask to prevent system instability.
Added NVStrap driver version tracking wizard. This module checks version of the currently installed NVStrap driver each time you open NVStrap configuration tab and offers you to replace outdated version with new one if you have not reinstalled the driver manually after upgrading RivaTuner version.
New NVInfo v1.4 bundled DOS utility. Now NVInfo provides RivaTuner-styled command line interface for R/W access to NVIDIA graphics processor's registers. Take a note, that NVInfo correctly supports queued R/W commands like RivaTuner's command line interface.
Due to users' requests, unofficial support for integrated NVIDIA graphics processors is returned back.
Due to numerous requests from third party developers, some components of RivaTuner's SDK are no longer available via personal email request only and will be included in distributive since this version. Now RivaTuner's publicly available SDK includes RTHMSharedMemory VC++ sample, allowing third party tools to access RivaTuner's hardware monitoring statistics in realtime.
Improved compatibility with some slow flashrom chips used on NVIDIA display adapters.
New Easter eggs. Added built-in device driver dump utility, allowing you to dump loaded driver memory and save it to the file for subsequent analysis. This utility is useful for analyzing runtime decrypted drivers as well as for creating runtime patch scripts and tracking differences caused by other tool patching driver in runtime.
Improved installer. Now RivaTunerEx.sys driver is automatically unloaded from memory during installation to ensure proper driver operation.
Added about 10 new overclocking and NV40 softmodding related questions and answers to FAQ.
Minor UI changes and improvements.
RIVATUNER IS SUPPLIED "AS IS". THE AUTHOR ASSUMES NO LIABILITY FOR DAMAGES, DIRECT OR CONSEQUENTIAL, WHICH MAY RESULT FROM THE USE OF RIVATUNER This program should be used at your own risk. We are not responsible for anything that happens to you or your computer after using this utility.
Now they are modifing hardware to comble the discrepancies in the software...
Are you sure that this will retain all virus?
maybe that's a word for smart people that I don't know cause I'm not smart.
go intel now all thepeople that bought a socket t can go and buy a new one
Data execution prevention is an absolute must and I can hardly believe it took the processor guys (esp intel) so long.
Yes, since perfect software doesn't exist, and it probably won't in the future either.
I see what you're saying -- that slopiness shouldn't be rewarded -- but what's the alternative?
Developers can't be trained to the point that they write perfect software, especially not with deadlines in place, so the alternative will only offer more risk of bugs.
Now, is THAT a better alternative than this?
I would recommend the term "dynamic code" rather than "polymorphic code", but that's a technicality. In any case, it doesn't entirely disable it or make it impossible for the application to do it. If the application wants to use dynamic code, it simply needs to enable the memory region for execution (such as by calling the Win32 API VirtualProtectEx first). Also keep in mind that any just-in-time (JIT) environment, such as the .NET CLR or the Java JVM, uses dynamic code. And executable compressors/packers/protectors are all doing dynamic code as well.
Anyway, it's a good thing Intel has this feature now.
Description of Change to the Customer:
Desktop Intel® Pentium® 4 Processor on the 90nm Process Technology will undergo the following changes for the D-0 to the E-0 core processor stepping change:
• The conversion to E-0 Step will incorporate power optimizations to enable speed enhancements
o Includes Execute Disable Bit support and additional power management features(LGA775 only)
o The CPU ID will change from 0xF34h to 0xF41h
o Updated BIOS required
o E-0 is pin compatible with D-0
o Data Sheet available July 14, 2004
• New S-Specs for affected product line items
• Customer samples will be provided. Customer qualification required
Customer Impact of Change and Recommended Action:
Although no significant changes are expected in electrical and thermal specifications relative to the D-0
stepping, it is recommended that you complete a full qualification with the Desktop Intel® Pentium® 4
Processor based on the new E-0 stepping core.
Last edited by 335 on 05 Oct 2004 - 05:29
That's a shame, because I have a few of the newer mPGA-478 Gigabyte MoBos that are more than sufficient for my needs. And while I'd love to have the NX processors, there's no way I'm going to exchange three $200.00+ motherboards for ones that support them.
Maybe Intel will rethink this in the near future, since a lot of people like me would bite the bullet and buy new processors, but wouldn't be willing to go off the financial deep end for what would essentially be a non-essential upgrade.
Desktop Intel® Pentium® 4 Processor – mPGA478
Frequency - s-Spec ID (E-0 Stepping)
3.40GHz 800MHz FSB - SL7PP
3.20GHz 800MHz FSB - SL7PN
3.00GHz 800MHz FSB - SL7PM
2.80GHz 800MHz FSB - SL7PL
2.80GHz 533MHz FSB - SL7PK
Desktop Intel® Pentium® 4 Processor – LGA775 with EM64T
Frequency - s-Spec ID (E-0 Stepping)
3.60GHz 800MHz FSB - SL7NZ
3.40GHz 800MHz FSB - SL7PZ
3.20GHz 800MHz FSB - SL7PX
Desktop Intel® Pentium® 4 Processor – LGA775
Frequency - s-Spec ID (E-0 Stepping)
560 3.60GHz 800MHz FSB - SL7Q2
550 3.40GHz 800MHz FSB - SL7PY
540 3.20GHz 800MHz FSB - SL7PW
530 3.00GHz 800MHz FSB - SL7PU
520 2.80GHz 800MHz FSB - SL7PR
As long as they aren't violating any patents, I don't see copying as a special problem, or as bad business practices. We'd be at the stone age if people didn't copy each other and improved older ideas over time.
Good job, Mr. Educated. It's viruses.
http://dictionary.reference.com/search?q=virus
n. pl. vi·rus·es
http://encyclopedia.thefreedictionary.com/Virii
Example of security company using virii (doesn't mean it's correct, though):
http://www.secureroot.com/category/viruses/
The word comes from the Latin virus, referring to poison and other noxious things. Today it is used to describe the biological viruses discussed above and also as a metaphor for other parasitically-reproducing things, such as ideas. The term computer virus has become another well-defined sense of the word. The word virion or viron is used to refer to a single infective viral particle.
Despite frequent claims to the contrary, the only correct English plural of the word for any of these senses is viruses. The Latin word does not appear to have had a plural. Virii would be the plural of the word virius, and viri was the plural of the word vir, meaning man.
Pentium 4 B = Northwood (533mhz FSB) - s478
Pentium 4 C = Northwood (800mhz FSB) + HT - s478
Pentium 4 D = Gallatin - Extreme Edition - s478
Pentium 4 E = Prescott - s478
Pentium 4 F = Prescott (EM64T) - socket T/775
Pentium 4 G = Prescott (EM64T / 1066mhz FSB) - Extreme Edition - socket T/775
Pentium 4 H = Prescott (EM64T / 1066mhz FSB) + 2MB L2 Cache + EDB - Extreme Edition - socket T/775
Pentium 4 I = Prescott (EM64T / 800mhz FSB) + 2MB L2 Cache + EDB - socket T/775
Pentium 4 J = Prescott (EM64T, EDB) - socket T/775
Is this right? I'm very confused.
Thanks for the reply
Both FloatingFatMan & ~Greeno~ are correct. Let's break it down - and NO you DON'T have EDB...because you cannot install it (not possible). It's hardware - as in, you can't download hardware and install it. It's built INTO the chip.
It's still possible to overwrite the stack (and possibly cause the CPU to jump to another location and continue execution there), if the hacker already knows where in memory some interesting code to execute is.
Also, if the hacker is able to construct his exploit so that it calls the Win32 API VirtualProtectEx() to enable the memory region for execution, then any data that was already written there (like in a buffer overflow) can now be executed.
Using a compiler (like a recent Visual Studio.NET) with the stack overflow canary checks can be used in combination to try to detect the stack overflows before giving them chance to execute, but canaries can still be bypassed with a bit of skill.
-Raptor
If sloppy programmers have the belief that it is not necessary to do manual length checking in their own code anymore because of NX protection (or stack overflow canaries injected by the compiler), then new applications will end up getting released with these hidden overflow potentials.
Relying on the system to halt the program is effectively a denial of service (DoS) attack, since the program crashes and must be restarted. If it was a server process, then that may mean that the transactions of many other users were just terminated and lost.
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.