N°SERIE

Download as doc, pdf, or txt
Download as doc, pdf, or txt
You are on page 1of 2
 
KGFVY-7733B-8WCK9-KTG64-BC7D8 estOest
Hardware DEP Disabled!!
This processor does offer hardware support for valuable Data Execution Prevention (DEP) ... butit has been disabled.Hardware DEP support is so important and powerful that Microsoft has obtained the commitmentfrom all system manufacturers to begin enabling DEP support in all system BIOSes. However,early BIOSes either disabled hardware DEP in the interest of compatibility, or allow their users tooptionally enable it through BIOS setup screens ... but still disable it by default.SecurAble has confirmed that this system's processor does offer valuable support for hardwareDEP, but that it has been deliberately disabled by the BIOS. You should shutdown and restart thissystem, and enter the BIOS setup screens as the system restarts. Then locate and enable thesystem's support for "Execution Disable" or "No Execute Bit" or something similarly named. Thenrestart your system and re-run this utility to verify that hardware DEP support has been enabled.(And please also click the Hardware D.E.P. icon again to receive additional help for the next stepsto take.)If you are unable to locate anything in your BIOS to allow hardware DEP support to be enabledplease keep an eye out for our follow-on utility, DEPuty, which will provide solutions for usershaving very stubborn BIOSes.
No Hardware Virtualization
This processor does not offer advanced hardware support for hardware virtualization.There is some suggestion that future operating systems of all sorts (Linux, Mac, Windows, etc.)may be able to use hardware virtualization to indirectly enforce greater security upon theoperating system's "kernel" by preventing it from being modified as a means for thwartingdangerous "root kit" style exploits.The idea is that our future operating systems would always be running inside a virtual machineunder the watchful eye of an OS "hypervisor." This has not been practical before now, withouthardware support for virtualization, because virtualization required too much real-time involvementof software which introduced an unacceptable amount of overhead and slowed everything down.Hardware virtualization means that virtual machines - and even the entire operating systemrunning inside a virtual machine container - would be able to run at 100% full speed, thus makinga persistent security-oriented OS "hypervisor" practical for the first time.But don't hope for this to ever help with the security of 32-bit Windows platforms. Due to theamount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, "hypervisory kernel locking" could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to seriouscompatibility problems inherent in 64-bit systems, it's also not at all clear (at the start of 2007) howquickly, or even whether, 64-bit Windows will become practical on the desktop.However, the other current and real security-related application for hardware virtualization is for running your own virtual machines - at 100% full speed - on top of your host operating system.This is possible today with commercial and completely free software from Microsoft, VMware andParallels. This has an indirect, though strongly positive, impact upon security since possiblyunsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% containedwithin the virtual environment to make online activities much safer.This can still be done, of course, without hardware virtualization support, but the virtual machineenvironment as well as the hosting operating system will be running at substantially less than fullspeed.
5
 
About SecurAble
This "SecurAble" GRC freeware was an outgrowth from several "Security Now!" podcasts withLeo Laporte. These MP3 audio files are freely available for download from GRC's web site in bothsmaller-sized 16 kbps and higher-quality 64 kbps versions, and textual transcripts of the programsare also available
:
 
http://www.GRC.com/SecurityNow
 The following episodes will be of particular interest
:
# 66 - Windows Vista Security# 67 - Kernel Patch Protection# 71 - SecurAbleWhat is "SecurAble" ?Future PC security will increasingly rely upon specific hardware capabilities offered by modernprocessors
:
 As Windows makes the painful move from a 32-bit kernel to a new kernel running in 64-bit mode,Microsoft is working to avoid repeating mistakes made during the 32-bit era. Consequently, 64-bitversions of Windows will offer significantly stronger security than was ever available to Windows32-bit operating systems.Most modern computer vulnerabilities arise from communications buffers that can be overrun withmalicious data. This allows remote attackers to inject their own code into vulnerable computersacross the Internet. Modern processors incorporate explicit hardware controls to prevent themistaken execution of remotely supplied data. This "data execution prevention" (DEP), whenavailable and active, enables the most promising improvement in PC security ever seen.To improve the performance of systems running "virtual machines" (VMs), modern processorsadded hardware support to allow securely encapsulated VMs to run at the same speed as non-VM systems. This benefits security by increasing the robustness of, and removing all performancepenalties from, the continuous use of virtual machine technology. Since virtual machines allow"supervision" by their hosting environment, this supervision can be used to dramatically increasethe system's overall security.For the reasons described above, these three modern processor characteristics will play animportant role in enhancing personal computing security in the future. But it's not readily clear from "outside the box" which features individual systems may contain. So I created this little"SecurAble" utility to allow anyone to quickly and easily determine which of these usefulcapabilities their system's processor supports.
Note:
When running SecurAble, be sure to click on each of the three displayed items to receiveadditional details about the meaning of the display and the security-related implications of eachprocessor feature.North north east oust suds solin
Soling
5

Reward Your Curiosity

Everything you want to read.
Anytime. Anywhere. Any device.
No Commitment. Cancel anytime.
576648e32a3d8b82ca71961b7a986505