Linux vendor Red Hat has added another weapon to fight virus exploits, a patched Linux kernel that takes advantage of the NX security protocol.

"It addresses one of the most common security exploits for viruses," Red Hat spokesperson Leigh Day told internetnews.com.

NX security makes use of the NX x86-based feature in AMD's 64 bit CPUs as well as processors from Intel and Transmeta.

AMD, Intel and Transmeta have also announced NX support for Microsoft's upcoming Windows XP Service Pack 2 update, a security feature that is a combination of hardware and Microsoft's Execution Protection software.

Red Hat programmer Ingo Molnar wrote in a public post that the new patch will ensure the Linux kernel has full support for the hardware feature. "The pagetable format of current x86 CPUs does not have an 'execute' bit. This means that even if an application maps a memory area without PROT_EXEC, the CPU will still allow code to be executed in this memory," Molnar wrote. "This property is often abused by exploits when they manage to inject hostile code into this memory, for example via a buffer overflow."

NX Security is slated to be incorporated in the release version of Fedora Core 3 next quarter, the next Red Hat Enterprise 3 update this year, and the Red Hat Enterprise 4 release, expected next year.

"It sounds like we should just have NX on by default," Linux creator Linus Torvalds wrote in a public post." I think most people have seen the security disaster that causes most of the emails on the net to be spam. So this should be trivial to explain to people when they complain about default [behavior] breaking their strange legacy app."

The patch is based on an earlier prototype that was written by Intel.

Pre-Article:Red Hat Now at 'NX' Level
Next-Article:Geronimo Project Joins Apache