What Does Execute Disable Bit Mean?
An execute disable bit is an Intel hardware-based security component used in the central processing unit (CPU) to separate areas of a memory as storage of processor instructions or as storage of data. EDB classifies areas in memory where a code can execute or not execute. It is a basic input/output system (BIOS) feature, which if enabled reduces a computer system’s, or a server’s, vulnerability to viruses and malicious code attacks. Thus, EDB prevents these harmful viruses and malicious software from executing and spreading on a server or network.
EDB is also abbreviated as XDB. Intel markets EDB feature as XD bit. The EDB feature is only available in the most-up-to-date versions of Intel processors, but not all operating systems (OSs) support it.
This term is also known as NX-bit, the name used by Advanced Micro Devices (AMD).
Techopedia Explains Execute Disable Bit
Viruses and malicious codes, such as worms and malware, can try to use a buffer overrun method to get unauthorized access to protected system resources. The buffer overrun method targets programs accepting input data from untrusted sources. It stores the data in memory without verifying the length of the stored data. For example, a malware provides very long text, or a payload, as input data to a program containing malicious executable codes. When stored in the memory area, the payload changes how control is transferred in different parts of the program. Thus, the program transfers control to the malicious code stored in the payload. If EDB is disabled, the CPU will not restrict the malicious code execution in the memory area. It is recommended that EDB be enabled in the BIOS. Then the CPU will prevent execution of code in data only memory pages. Enabling EDB will increase protection against buffer overflow attacks.
As mentioned, EDB is only available in newer versions of Intel processors, but not all OSs support it. The following are the known current OSs that supports EDB:
-
Microsoft Windows Server 2003 with Service Pack 1
-
Microsoft XP with Service Pack 2
-
Microsoft Windows XP Tablet PC Edition 2005
-
SUSE Linux 9.2
-
Red Hat Enterprise Linux 3 Update 3
Enabling EDB helps businesses and individuals reduce costs on virus related repairs. It will also reduce the propagation of these malicious codes in a network and probably across the Internet.