Microsoft to introduce hardware-linked security from XP-SP2

04 Nov 03 00:27 by Seán Byrne in category Uncategorized To news archive

Print this page

While we reported that Microsoft will be introducing hardware-tied security called NGSCB in Longhorn, Microsoft has now announced that it will introduce hardware-linked security in Windows XP Service Pack 2 called execution protection (NX). This feature is currently supported in both AMD’s K8 32/64-bit and Intel Itanium 64-bit processor families. The purpose of the feature is to protect application data from execution code and allow only memory marked as execution code to be run.

As with the previous report on NGSCB, Microsoft claims that this has nothing to do with DRM and will be only used to prevent running code from being attacked or modified by worms and viruses. While DRM may not be in the picture here, it looks like Microsoft is making a gradual approach into tying DRM into the hardware. Microsoft has announced that some applications will be broken on XP-SP2 if they are run on an NX compatible CPU. Examples include applications that perform just-in-time (JIT) code generation such as legacy debuggers.

src="http://www.cdfreaks.com/contentimages/newsimages/1323837506" align=right border=0
>Microsoft is to introduce hardware-linked security technology with Windows XP Service Pack 2, and beyond that will make “additions to Windows” supporting the technology, execution protection (NX). The feature is already supported by shipping AMD K8 and Intel Itanium processor families, and according to Microsoft: “It is expected that future 32 and 64-bit processors will provide execution protection.

“Microsoft is preparing for and encouraging this trend by supporting execution protection in its Windows operating systems.” So is it DRM?

Not exactly, not yet, but it’s another example of the closer linking of hardware and software that will result in the processors with NGSCB built-in that Bill Gates promised at the recent Professional Developers Conference, and a reread of his keynote after hearing about NX does tend to suggest that Bill might not see any clearly defined line between the two, and between hardware security and hardware ID. And linkage is helpful from the point of view of selling DRM to users; clearly, you can’t pitch hardware protection that screws up your ability to listen to music as you wish as an unalloyed benefit for the general public, but you can sell them it on the basis it stops Bad Things coming at them from The Net.

Microsoft can also use compliance with this and future hardware features as the ‘entry ticket’ for hardware manufacturers wanting Windows development relationships and support. One might speculate that Windows XP support for AMD64 might not be entirely unconnected with NX support. As Microsoft says: “The 32-bit version of Windows currently leverages the NX processor feature, as defined by the AMD64 Architecture Programmer’s Manual.” So actually, it’s not being introduced to the mass market with SP2 – it’s here already for AMD64 platforms.

NX “uses the CPU itself to enforce the separation of application code and data, preventing an application or Windows component from executing program code that an attacking worm or virus inserted into a portion of memory marked for data only.” Which is quite cute really, when you consider that one of the fundamental security problems of Windows is its failures in separating application code from data. Fix Windows? Go back to basics and write a proper operating system? Nope, we have a better idea… Whatever, although there may be applications for NX support in non-Windows operating systems, it doesn’t immediately look like a ‘must have’ for, say, Linux in the same way that it does for Windows.

Read the full article href="http://www.theregister.com/content/4/33729.html" target=_new
>here.

While this does look like an interesting feature in preventing buffer-overload attacks such as what we have already seen with the blaster worm and so on, it looks like we could be seeing more hardware tied ’security’ features before the launch of Longhorn. It also looks like we may someday come to the stage where Microsoft ties real-time encryption and decryption into the CPU, so software and multimedia would be encrypted from the source all the way to decryption and execution simultaneously within the CPU. CSS protected DVD-Video despite target=_new>already been hacked and DVD-Audio are already encrypted from the disc to the processor and it is just a matter of time before Microsoft takes this approach with software and again calls it ‘A Security Feature’.

Discuss about hardware and processor topics on our General Hardware Forum.

Source: The Register

15 Comments

Mad Burner: Posts: 186; Posted on: 04 Nov 03 02:09

Well it looks like Windows XP SP1 might be the last OS I ever use :d

Crabbyappleton: Posts: 5757; Posted on: 04 Nov 03 03:16

Guys this is serious stuff. If we don't do something we are *possibly* going to get the rug pulled out from under us. This technology is to put a meter on the internet and all other content. Guess who is the meter maid? This story may be a bit over the top but it makes you wonder... http://www.p2pnet.net/pal.html
[edited by Crabbyappleton on 04.11.2003 03:24]

electrician2002: Posts: 1; Posted on: 04 Nov 03 03:38

What a f@@ken joke.Hey bill why dont you try to write code that is worth a shit.Thats right you cant you have to steal it from everybody else!:d
[edited by electrician2002 on 04.11.2003 03:39]
[edited by electrician2002 on 04.11.2003 03:42]

Raven737: Posts: 31; Posted on: 04 Nov 03 07:29

They didn't say if you could turn it off?! And JIT is used by .Net for all it's executables... right?! You better be able to turn it off.... also M$ could instead also be pushing the .Net framework application, with a fully managed environment, buffer overrun should be impossible.

Cubeman42: Posts: 86; Posted on: 04 Nov 03 14:31

Guys listen.... They didn't even mention the Intel 775 which is due out in 4 months so I dont think this is going to be a problem and if it is so what. As the article stated CSS was cracked so will this. Security is always one step behind Freedom.:X

Rhelic: Posts: 302; Posted on: 04 Nov 03 15:00

.Net will work fine in this new security framework as all official .NET stuff is managed code, which is different than legacy JIT compilers.
[edited by Rhelic on 04.11.2003 15:00]

Lord KiRon: Posts: 257; Posted on: 04 Nov 03 15:06

Get real , so far this sounds only as a mesure to prevent executing viruses and such. It MAY be used for DRM and reverse engeneering preventation but even if this will implemented it will be just another protection

However , I do hope MS will be smart enough to make a checkbox "allow this program to execute unprotected code" in prefferences to avoid problems with older software.

ckin2001: Posts: 3468; Posted on: 04 Nov 03 17:34

So instead of fixing the real problems with windows (again), they are going to do another half-assed fix. Woooo. I can't wait to see how many apps break that aren't supposed to :d

sorti: Posts: 281; Posted on: 05 Nov 03 00:03

People will eat up DRM all Microsoft has to say is this will combat kiddy porn! And the fools will come running. We have to remove porn and free speech from the internet to save the children! Oh heck lets just burn all the books too, they might have some kiddy porn in them.
[edited by sorti on 05.11.2003 00:04]

chsbiking: Posts: 543; Posted on: 05 Nov 03 01:01

Ok they have a monopoly on the hardware. They gave us no choice really and built this tecnology into both the intel and AMD chips. Which made me sick. The only thing to do, is to get together and spread by word of mouth not to support any software that uses this technology to take advantage of people. Switch to linux, or hell switch to macintosh. Don't install software that uses the DRM fees to charge you, uninstall it, install something else. Support open source, learn how to program and make open source software. Just make it clear to microsoft that we don't want our computers to take directions from them. We want our computers to listen to us.

gmgriot: Posts: 18; Posted on: 05 Nov 03 08:05

I would think chip makers would give option to disable. after the bad press from intel using traking number in chips ect. Windows and chips using this tech will only be good for corp computing. Looks like MS has become like the old big blue of the 80s(IBM). Hopefully they will wake up before we all switch OS and use AMD/INtel clones..

icepax: Posts: 189; Posted on: 05 Nov 03 08:07

U using Windows? U r crazy. Ditch it and go with Mandrake, Debian, Red Hat, etc. Windows :r - it gives me the SHIT!

gmgriot: Posts: 18; Posted on: 05 Nov 03 08:16

BTW. Hardware DRM and BIOS DRM are very bad for consumers and may require mod chips or extra hardware to circumvent. Most likley we will just stop buying chips who design for MS and not consumers. Afterall who was AMD 10yrs ago? CSS was only cracked due to PC using SW not HW to decode and the key accidently exposed in SW code.

chsbiking: Posts: 543; Posted on: 05 Nov 03 13:35

Chip and BIOS secruity can be turned off. and even if it's on it doesn't affect current software. The problem is if this technology goes mainstream then you'll have to leave it on to run the majority of software and it may give software makers the ability to charge you per month for your software instead of a one time buy if a DRM system is built around the new features of this chip. Take note that microsoft has a patent on a DRM system that would take advantage of these features. So they're planning to build one. If it goes mainstream the hardware makers may decide not to allow you to turn it off and your computer may become more locked down after time goes on. It's like a frog. Put it in boiling water and it jumps out. Put it in cold water, and slowly warm the water up and it'll boil to death. Just have to make sure there's a plentiful amount of software out there that does not try and lock down your system. As for protected memory, and non-executable memory locations, well all PC X86 processors already had that functionality built in, since at least the 386 but MS never took advantage of it until Windows XP. Oh well.
[edited by chsbiking on 05.11.2003 13:39]

DeadMan: Posts: 1563; Posted on: 06 Nov 03 02:52

You are missing the big picture with hardware protections built in around the operating system. Companies will lap it up. Where companies adopt consumers have to follow it would seem in the current PC market.

Hello guest,: To benefit from all extra features you need to log in or sign up.

Microsoft to introduce hardware-linked security from XP-SP2

15 Comments

Post a comment

Most popular headlines

Grandmother is falsely accused of file-sharing (11)

PS3 closing ground on Xbox 360 (1)

Blame Blu-ray for lack of PS3 game downloads (13)

Murdoch: Avatar DVD won't be 3D (17)

Active Commenters