John W. Colby
jwcolby at colbyconsulting.com
Sun Feb 27 18:30:37 CST 2005
LOL. What you forget is that the PC started from a FOUR BIT processor called a 4004 by Intel in 1972 or thereabouts. Do you really think that the mainframes with all that fancy stuff just appeared out of thin air that way? They started from machines in the forties, made from relays and later vacuum tubes. You may rest assured that those old machines did not have any of that fancy stuff either. John W. Colby www.ColbyConsulting.com Contribute your unused CPU cycles to a good cause: http://folding.stanford.edu/ -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of DJK(John) Robinson Sent: Sunday, February 27, 2005 5:01 PM To: 'Discussion of Hardware and Software issues' Subject: RE: [dba-Tech] AV product breaches Just for the record ... ICL mainframes from the early 70s (that's the 1970s - more than thirty years ago!) had two things in hardware, both exploited by operating system software: 1. EPB (Execute Permission Bit) had to be set to allow code execution. By default it was not set. 2. Bounded descriptors. A pointer wasn't just an address (to the start of a buffer), but also said how big the buffer was. Hardware interrupted if you tried to write past the end. Results? NO data executed as code; NO buffer overruns. Period. Great innovations from Intel/MS? Hmmph! John > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of > MartyConnelly > Sent: 27 February 2005 18:13 > To: Discussion of Hardware and Software issues > Subject: Re: [dba-Tech] AV product breaches > > > You can also approach this through hardware, I believe some IBM > mainframes have had this for years > On desktop cpu's this method has several names. Microsoft has several > names so does Intel and AMD. > This has to be checked before implementation in production > environments. > > See execute disable bit Win XP SP 2 enables it on 32 bit > machines > http://www.intel.com/business/bss/infrastructure/security/flash.htm > > One solution is to use Win XP SP2 and brand new Intel or AMD 32 bit > chips with Execute Disable bit set > Right now it is only available in Intel Itanium Servers and > AMD Athalon > 64 bit servers. > http://www.intel.com/business/bss/infrastructure/security/xdbit.htm > > What it does, is set apart pages of memory to be data only, so code > cannot be executed from it. > > http://www.intel.com/business/bss/infrastructure/security/flash.htm > > On CPUs that support execution protection (NX) technology, Windows XP > Service Pack 2 marks data pages non-executable. This feature of the > underlying hardware prevents execution of code from pages > marked in this > way. This prevents attackers from overrunning a marked data > buffer with > code and then executing the code; it would have stopped the > Blaster worm > dead in its tracks. The only processor families that > currently support > NX are the 64-bit AMD K8 and Intel Itanium; however, > Microsoft expects > future 32-bit and 64-bit processors to provide hardware based > execution > protection.. In addition to supporting NX, Service Pack 2 implements > sandboxing. All binaries in the system have been recompiled > with buffer > security checks enabled to allow the runtime libraries to catch most > stack buffer overruns, and "cookies" have been added to the heap to > allow the runtime libraries to catch most heap buffer overruns. > > Steve Erbach wrote: > > >John, > > > >FWIW, Jerry Pournelle has commented on his web site that all > the focus > >on C++ over the years is reaping the whirlwind, so to speak. > That is, > >with a more strongly typed language, there would be no such thing as > >buffer overflows. Do you or does anyone else here have a > feel for that? > > > >Steve Erbach > > > > > >On Fri, 25 Feb 2005 15:45:06 -0600, John Bartow <john at winhaven.net> > >wrote: > > > > > >>Just got this from Watchguard: > >> > >>Trend Micro AV Ushers Hackers Right In > >> > >>* > >><http://www.trendmicro.com/vinfo/secadvisories/default6.asp? VName=Vuln >>erabil >>ity+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution> Trend >>ity+in+VSAPI+ARJ+parsing+could+allow+Remote+Code+execution> Micro's >>ARJ Buffer Overflow Alert >> >>A similar thin ghappened to Symantec a couple weeks ago: >>* <http://xforce.iss.net/xforce/alerts/id/189> ISS X-Force's ARJ >>Buffer Overflow Alert >> >>John B. >> >> >_______________________________________________ >dba-Tech mailing list >dba-Tech at databaseadvisors.com >http://databaseadvisors.com/mailman/listinfo/dba-tech >Website: http://www.databaseadvisors.com > > > -- Marty Connelly Victoria, B.C. Canada _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com