[plug] AMD64 Debian Box3N :D

Jonathan Young jonathan at pcphix.com
Thu Dec 22 10:17:15 WST 2005 

Randal Adamson wrote:

>On Wed, 2005-12-21 at 09:48 +0800, Jonathan Young wrote:
>  
>
>>http://www.amd.com/us-en/Processors/ProductInformation/0,,30_118_9485_9487%5E9492,00.html
>>    
>>
>--[quote]--
>*Enhanced Virus Protection will by default only protect the user's
>Windows operating system. After properly installing the appropriate
>Windows release, users must enable the protection of their applications
>and associated files from memory buffer overrun attacks.  Contact your
>application software vendor for information regarding use of the
>application in conjunction with Enhanced Virus Protection.  AMD and
>Microsoft strongly recommend that users continue to use third party
>anti-virus software as part of their security strategy.
>--[/quote]--
>
>Has anyone actually tried this? 
>
Yes. 

In the System Properties:  My Computer (Right-click goto Properties) -> 
Advanced (Tab) -> Performance (section) -> Settings (button) -> Data 
Execution Prevention (tab)

Your have two choices:

(1) Turn on DEP for essential Windows programs and services only.
(2) Turn on DEP for all programs and services except those I select: <list>

Option 1 is the default and if your processor does not support the 
feature then they both do nothing with the message "Your computer's 
processor does not support hardware-based DEP. However, Windows can use 
DEP software to help prevent some types of attacks.".

Which is why on my PIV laptop I still used to get messages relating to 
DEP when Windows killed a suspicious (read: badly-written) program.

On a modern CPU, assuming you remember to go to this section and 
complete the extra step (Option 2) then it seems to work quite well.  
Though I agree that I would still want Anti-Virus to scan incoming 
emails, web content etc.

It seems quite able to stop things relating to Autorun and web page 
views (thumbnails in explorer etc.), but really then all they have done 
is patched the problems they introduced with these new features...  
Perhaps in the future this type of security will become more useful.  It 
is certainly forcing programmers for Windows to address how they allow 
their programs to access CPU and memory resources for fear of being 
killed off as a suspect application.  There was a fair bit more 
discussion of these developments on AMD's site, but I don't have a link 
right now.

-- 
Jonathan Young
Director of PC-PHIX
jonathan at pcphix.com

Phone: 0410 455 674
Web: http://www.pcphix.com/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20051222/8b8175e8/attachment.html>

More information about the plug mailing list