NX Technology from The Tech ARP BIOS Guide!

NX Technology

Common Options : Enabled, Disabled

 

NX Technology : A Quick Review

The NX Technology BIOS feature is actually a toggle for the processor’s No Execute feature.

In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

NX Technology : The Full Details

Buffer overflow attacks are a major threat to networked computers. For example, a worm may infect a computer and flood the processor with code, bringing the system down to a halt. The worm will also propagate throughout the network, paralyzing each and every system it infects.

Due to the prevalence of such attacks, AMD added a feature called No Execute page protection, also known as Enhanced Virus Protection (EVP) to the AMD64 processors. This feature is designed to protect the computer against certain buffer overflow attacks.

Processors that come with this feature can restrict memory areas in which application code can be executed. When paired with an operating system that supports the No Execute feature, the processor adds a new attribute bit (the No Execute bit) in the paging structures used for address translation.

If the No Execute bit of a memory page is set to 1, that page can only be used to store data. It will not be used to store executable code. But if the No Execute bit of a memory page is set to 0, that page can be used to store data or executable code.

The processor will henceforth check the No Execute bit whenever it executes code. It will not execute code in a memory page with the No Execute bit set to 1. Any attempt to execute code in such a protected memory page will result in a page-fault exception.

So, if a worm or virus inserts code into the buffer, the processor prevents the code from being executed and the attack fails. This also prevents the worm or virus from propagating to other computers on the network.

The NX technology BIOS feature is actually a toggle for the processor’s No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD’s implementation. Intel’s implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable the NX Technology BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems :

  • Microsoft Windows Server 2003 with Service Pack 1, or newer
  • Microsoft Windows XP with Service Pack 2, or newer
  • Microsoft Windows XP Tablet PC Edition 2005, or newer
  • SUSE Linux 9.2, or newer
  • Red Hat Enterprise Linux 3 Update 3, or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Recommended Reading

Go Back To > Tech ARP BIOS GuideComputer | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Leave a ReplyCancel reply