Enhanced Virus Protection / Execute Disable bit
Enhanced Virus Protection (EVP) / Execute Disable (XD) bit is a feature that prevents execution of malicious code in program data memory. The feature works only when it is supported by an operating system. Worms and other malware programs often use buffer overrun method to get unauthorized access to protected system resources, such as local or privileged computer accounts. This method targets programs that accept input data from untrusted sources, store the data in program's memory, and do not verify the length of stored data. Such programs can be easily exploited:
Enhanced Virus Protection and Execute Disable bit features allow the operating system to mark program data memory as non-executable. So, when program control is transferred to the malicious code in program's data memory, the microprocessor stops program execution and transfers control back to the operating system.
Enhanced Virus Protection, sometimes called NX-bit, is a name used by AMD. Intel uses Execute Disable bit name. Both features are compatible with each other.
Jump to CPU page