Execute Disable Bit functionality blocks malware code execution
Malware Removers Detect Malicious Software: Execute-Disable Bit capability is a robust hardware feature, detectable using the CPUID instruction, that protects against malicious software executing code on IA-32 systems. Software developers who implement it can deliver a valuable security feature to their users.
by Shijong Kuo. Intel Corp.

Execute Disable Bit capability is an enhancement to 32-bit Intel® architecture. An IA-32 processor with Execute Disable Bit capability can protect data pages against being used by malicious software to execute code. The processor provides page protection in either of the following modes:

  • Legacy protected mode, if Physical Address Extension (PAE) is enabled.
  • IA-32e mode, when Intel Extended Memory 64 Technology (Intel EM64T) is enabled.
Note that entering IA-32e mode requires enabling PAE. While the Execute Disable Bit capability does not introduce new instructions, it does require operating systems to operate in a PAE-enabled environment and to establish a page-granular protection policy for memory.

Execute Disable Bit Capability Overview
Software can detect the presence of the Execute Disable Bit capability using the CPUID instruction with the input value 80000001H in EAX. Presence is indicated by a value returned in EDX. If bit 20 of EDX is set, the Execute Disable Bit is available.

If CPUID extended function 80000001H reports that Execute Disable Bit capability is available and PAE is enabled, software can enable the Execute Disable Bit capability by setting the NXE bit to 1 in IA32_EFER MSR (address C0000080H). IA32_EFER is available if bit 20 or bit 29 of the EDX register returned by CPUID-extended function 80000001H is 1.

When Physical Address Extension is enabled (either in IA-32e mode or in legacy protected mode), Execute Disable Bit capability is enabled by setting bit 11 of IA32_EFER to 1. If CPUID extended function 80000001H reports Execute Disable Bit capability is not available, bit 11 of IA32_EFER is reserved. A write to IA32_EFER.NXE will produce a #GP exception.

Table 1. Extended Feature Enable MSR (IA32_EFER):

63:121110987:10
ReservedExecute Disable
Bit Enable (NXE) 		IA-32e mode
Active (LMA) 		ReservedIA-32e mode
Enable (LME) 		ReservedSysCall Enable
(SCE)

» read more | Intel Software Network resource center

If you're interested in this topic, these articles may be helpful:

Dalmaker XE source-code generation tool
from TLWallace.NET Dalmaker, a source-code generation toolset, will...
Intel® Integrated Performance Primitives 4.1
IntelĀ® Integrated Performance Primitives (IntelĀ® IPP) is a library o...
Chronicle of malware detected during the first half of 2005
from Panda Software There were no significant epidemics during th...
Software piracy
by Vincent Alder, Fingoo Ltd. Basic software distribution When we ...
Source code for XML security layers, part 1: basic plumbing technologies
by Manish Verma, principal architect, Second Foundation. First publ...

Related Jobs:

IT Security Specialist, I #5896 - CA - Mountain View - Synopsys, Inc.
ReqCode: 5896 Position: IT Security Specialist, I Location: US01-Mou...
C#, .NET Software Development Engr #865407 - OR - Beaverton - McAfee, Inc.
C#, .NET Software Development Engr. Company: McAfee Location: Bea...
Manager - Security Analysis Operations Center #33263 - VA - Reston - Getronics
Position Summary Getronics Today Getronics is a $3.3 billion world ...
IT Security Specialist, II #5897 - CA - Mountain View - Synopsys, Inc.
ReqCode: 5897 Position: IT Security Specialist, II Location: US01-Mo...
IT Security Specialist, Sr II #5899 - CA - Mountain View - Synopsys, Inc.
ReqCode: 5899 Position: IT Security Specialist, Sr II Location: US01...
C#, .NET Software Development Engr. #865407 - OR - Beaverton - Networks Associates Technology, Inc.
Job Description McAfee creates best-of-breed computer security...
Lab Engineer #151061 - WA - Redmond - Microsoft Corporation
The Security Technologies Unit (STU) is looking for an outstanding Lab...
Principal Software Engineer #2005-0187 - PA - Johnstown - Concurrent Technologies Corporation
The successful candidate will be responsible for developing host and n...
Princ Tech Support Engineer #057081 - USA - Symantec Corporation
Job Requisition # : 057081 Job Title : Princ Tech Support Engineer ...
IT Security - CA - Mountain View - Synopsys
Job Responsibilities: Administers technical security controls to prev...
Related Searches: software developers security training, microsoft windows malicious software, future trends of malware, intel pentium security, microsoft malicious software removal tool, security policy development software, system development security management information, detect malicious software, malware remover, malicious software remover, windows server 2003 security features, remove hidden protected malware files, cpuid support dell, malware removers, removing malicious software, itanium 2 security features, software developers security, max cpuid value limit, remove malicious software, information security courses development

Malware Removers Detect Malicious Software