On Thu, 11 Mar 2004 05:04, Christopher Sawtell wrote: > while they have the compute power many times that of the mainframe of yore, > they do not have the security features which every big-iron machine had as > a matter of course. > > Neither your ubiquitous *86* machines nor, to my knowledge, any other > computer chipset found in the current crop of personal machines is able to > produce a hardware segfault on array bound errors or, stack protection > errors, i.e. underflow, overflow or execution of code on the stack.
I agree Chris, these limitations in commodity chipsets, in particular x86 variants, combined with bugs in system software and applications lead to many security exploits that just weren't possible on many (I won't claim all) mainframes of old. As Rex pointed out it is possible to employ x86 protected mode to prevent certain exploits, but on its own this won't prevent stack buffer overruns. > Until those problems are addressed by the chipset makers we will continue > to have a continuum of crim-ware spewing over the 'Net. An alternative to building required levels of protection into a CISC architecture would be to incorporate this into an existing Virtual Machine implementation. I wonder if the likes of Vmware have thought of doing this???? I don't think it would be too hard to build in stack buffer overrun protection in an x86 VM for example.
