Buy the ARP T-Shirt! BIOS Optimization Guide Money Savers!
 

   
Desktop Graphics Card Comparison Guide Rev. 33.0
Covering 628 desktop graphics cards, this comprehensive comparison allows you ... Read here
BIOS Option Of The Week - Virtualization Technology
Since 1999, we have been developing the BIOS Optimization Guide, affectionately known... Read here
   
   
Buy The BOG Book Subscribe To The BOG! Latest Money Savers!

No-Execute Memory Protect

Common Options : Enabled, Disabled

Quick Review

This BIOS feature is actually a toggle for the processor's No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD's implementation. Intel's implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable this BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems (or newer) :

  • Microsoft Windows Vista
  • Microsoft Windows Server 2003 with Service Pack 1 or better
  • Microsoft Windows XP with Service Pack 2 or better
  • Microsoft Windows XP Tablet PC Edition 2005 or newer
  • SUSE Linux 9.2 or newer
  • Red Hat Enterprise Linux 3 Update 3 or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Details

Buffer overflow attacks are a major threat to networked computers. For example, a worm may infect a computer and flood the processor with code, bringing the system down to a halt. The worm will also propagate throughout the network, paralyzing each and every system it infects.

Due to the prevalence of such attacks, AMD added a feature called No Execute page protection, also known as Enhanced Virus Protection (EVP) to the AMD64 processors. This feature is designed to protect the computer against certain buffer overflow attacks.

Processors that come with this feature can restrict memory areas in which application code can be executed. When paired with an operating system that supports the No Execute feature, the processor adds a new attribute bit (the No Execute bit) in the paging structures used for address translation.

If the No Execute bit of a memory page is set to 1, that page can only be used to store data. It will not be used to store executable code. But if the No Execute bit of a memory page is set to 0, that page can be used to store data or executable code.

The processor will henceforth check the No Execute bit whenever it executes code. It will not execute code in a memory page with the No Execute bit set to 1. Any attempt to execute code in such a protected memory page will result in a page-fault exception.

So, if a worm or virus inserts code into the buffer, the processor prevents the code from being executed and the attack fails. This also prevents the worm or virus from propagating to other computers on the network.

This BIOS feature is actually a toggle for the processor's No Execute feature. In fact, the acronym NX is short for No Execute and is specific to AMD's implementation. Intel's implementation is called XD, short for Execute Disable.

When enabled, the processor prevents the execution of code in data-only memory pages. This provides some protection against buffer overflow attacks.

When disabled, the processor will not restrict code execution in any memory area. This makes the processor more vulnerable to buffer overflow attacks.

It is highly recommended that you enable this BIOS feature for increased protection against buffer overflow attacks.

However, please note that the No Execute feature is a hardware feature present only in the AMD64 family of processors. Older AMD processor do not support the No Execute feature. With such processors, this BIOS feature has no effect.

In addition, you must use an operating system that supports the No Execute feature. Currently, that includes the following operating systems (or newer) :

  • Microsoft Windows Vista
  • Microsoft Windows Server 2003 with Service Pack 1 or better
  • Microsoft Windows XP with Service Pack 2 or better
  • Microsoft Windows XP Tablet PC Edition 2005 or newer
  • SUSE Linux 9.2 or newer
  • Red Hat Enterprise Linux 3 Update 3 or newer

Incidentally, some applications and device drivers attempt to execute code from the kernel stack for improved performance. This will cause a page-fault error if No Execute is enabled. In such cases, you will need to disable this BIOS feature.

 

Support Tech ARP!

If you like our work, you can help support out work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!


If you like to know more about this and other BIOS settings, why not subscribe to the full BIOS Optimization Guide?
Click here to find out how you can do that now!


Links: Discuss BIOS options here in our forums | Back to the list of BIOS options

 
 


Copyright © Tech ARP.com. All rights reserved.