Fortifying Linux against common malware


Securing enterprise Linux desktops against hostile code has gotten easier, thanks to Ingo Molnar's work on the NX enabler patch in Linux kernel 2.6.8 and processor-based, page protection mechanisms. The trick is in the execution, and, as usual, the Microsoft way probably is not the right choice.

Common IT wisdom calls for measuring computational performance by execution cycles and runtime efficiency, so it seems counterintuitive to gauge a processor by what it does not execute. This approach, however, brings a much-needed preventive capability to the desktop arena, one that has been used successfully on servers to fight malware.

Although not entirely a new concept, both AMD's No-Execute (NX) and Intel's Execute Disabled (XD) capabilities provide an underlying page protection mechanism entrenched within the inner workings of microprocessor Page Table Entries (PTE). These page tables are essentially windows to information in memory regions that core operating system (OS) components use. Fortifying Linux against common malware

Linked by shanmuga Tuesday, 7th February 2006 1:45AM