How Can Non Executable Memory Be Dangerous?

In the past five years the major operating system vendors have only started to cover up a major security hole that all of them had. It does not matter if you are a Microsoft Windows fan or an Apple OS X fan; your system had this same problem as well. The problem was the ability to be able to execute code in supposedly non executable areas. That was a serious problem and while there are ways around the new protection, it still is not as bad as what was being offered a few years ago. In this article we will show why non executable memory was becoming such a problem.

How Can Non Executable Memory Be Dangerous?

But programs are supposed to execute from the memory aren’t they?

If you have ever taken a computer science course or just looked out of normal curiosity into how a computer works then you probably already know how a program is executed in your computer. It flows from the hard drive, to the memory, then to the L1 & L2 cache, to the registers, and then lastly to the CPU itself.

But with certain exploits there is a problem before it gets to the CPU. Certain programs are supposed to only execute in certain parts of the memory. Well the bad guys were able to exploit this by allowing the programs that they created to run where they wanted to in memory. It would run in areas that were supposed to be marked off to it. They made the code small enough so that it would fit inside a small memory block where it would then infect the rest of the system.

The computer vendors were able to stop this by implementing ASLR which is Address Space Layout Randomization. This made it harder for the hacker to be able to determine where they were able to implement their exploit. They had to guess where the program that they used to piggyback into the system was going to be executed at.

Now, non executable memory works like it is supposed to. But the bad guys have found other ways around this method. So now it is the operating system creators turn to fight back again.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind