Author Topic: SecurAble probes the system's processor to determine if it has Enhanced Security  (Read 2142 times)

0 Members and 1 Guest are viewing this topic.

Software Santa

  • Administrator
  • *****
  • Posts: 4277
SecurAble probes the system's processor to determine if it has Enhanced Security!

Runs on Windows or Linux (Under WINE)



Quote
Modern processors incorporate features beneficial to
security.  SecurAble displays the status of the three
most significant security-related processor features.

SecurAble probes the system's processor to determine the presence, absence and operational status of three modern processor features:

    * 64-bit instruction extensions,
    * Hardware support for detecting and preventing
      the execution of code in program data areas, ... and
    * Hardware support for system resource “virtualization.”


Hardware D.E.P., NX, XD & EVP
Modern processor hardware can be instructed to designate regions of memory as non-executable. This means that the memory can be used to store reference data to be read and written, but that the processor cannot treat the contents of the memory as program code to be directly executed. Intel calls this capability in their newer processors XD for “eXecute Disable” and AMD refers to it as NX for “No eXecute.” AMD's marketing materials also sometimes refer to this capability by the annoying marketing term EVP for Enhanced Virus Protection.

As a hardware capability of modern processors this addition is important, but its use depends entirely upon support from the operating system. So when Microsoft introduced support for this into their operating systems, they termed it Hardware DEP for Data Execution Prevention. Support for hardware DEP was introduced into the 32-bit versions of Windows XP with Service Pack 2, into Windows 2003 Server with Service Pack 1, and has always been present in Windows Vista. Unfortunately, however, in every case, hardware DEP support is disabled for all or most of the system's software by default. It does no one any good unless it's turned on.

When hardware DEP support is active, an XD/NX-aware operating system running on an XD/NX-capable and enabled processor will mark all memory regions not explicitly containing executable code as non-executable. This protects the system's “heaps”, “stacks”, data and communications buffers from inadvertently running any executable code they might contain.

Why would data or communications buffers ever contain executable code? . . . because so-called “Buffer Overrun” attacks are the predominant way Internet-connected computers have historically been remotely hacked and compromised. Hackers locate obscure software vulnerabilities which allow them to “overrun” the buffers with their own data. This tricks the computer into executing the hacker's supplied data (which is actually code) contained within that buffer. But if the operating system has marked that Internet communications buffer region of memory as only being valid for containing data and NOT code, the hacker's attack will never get started. Instead, the operating system will display a notice to the user that the vulnerable program is being terminated BEFORE any of the hacker's code has the chance to run.



The real beauty of this system is that it provides strong protection
from UNKNOWN vulnerabilities in the system and user programs.

Anti-Virus and anti-malware software is useful, but as we know, virus signature files must be continually updated to keep A/V software aware of new threats. Significantly, A/V software is unable to protect against unknown viruses and malware intrusions because it searches for known malicious code rather than detecting and blocking potentially malicious behavior. Hardware DEP, on the other hand, when properly configured, hardens the entire system against both known and unknown vulnerabilities by detecting and preventing the behavior of code execution in data buffers.

Buffer overrun vulnerabilities are so difficult to prevent that scores of them are being found and exploited in operating system and application software every day. Taking advantage of modern processor XD/NX capabilities is a powerful way to fight back and prevent this most common class of Internet vulnerabilities.

Running SecurAble
• SecurAble does not require any setup or installation. The executable file can simply be run as a stand-alone Windows or Linux/Wine program. And nothing is left behind in the system after the executable file is deleted. SecurAble "runs clean" and makes no changes to the system registry or file system. This makes it ideal for quickly running on any system – for example at a computer retailer – where you want to determine which security-helping features the system's processor includes.

• SecurAble includes a built-in “kernel-mode module” that empowers it to determine with enhanced accuracy which features of the processor may be present, and whether any features have been disabled or “suppressed” by previous actions of the system's BIOS or operating system. It is not necessary to run SecurAble with administrative privilege, but when SecurAble is run without the administrative privileges required to run code in the kernel, it may indicate that it cannot be certain of its findings. In such cases, re-running SecurAble with administrative privilege will empower it to determine the system's capabilities with complete accuracy.

• Once SecurAble is running and displaying its findings, you are encouraged to click on each of the three display sections to view specific context-sensitive information about what SecurAble has determined for each processor characteristic:



• SecurAble declares its possible need to run kernel-mode code to Windows Vista UAC (User Account Control) system. Therefore, Vista users will be asked to permit this whenever SecurAble is started under Vista.

http://www.grc.com/securable.htm