Processor and Computer Configuration

Page from 2010

Connect via Social Media

EDB - Execute Disable Bit functionality

An Enterprise Security technology from Intel

It is interesting to me that the visits that I see to this page initially were related to the functionality of Intel processors in computers that have an Insyde H2O BIOS. It is now, in 2015, that there are actually people looking to see what EDB actually is.

What Intel say about EDB:

... can help prevent certain classes of malicious buffer overflow attacks when combined with a supporting operating system.

Windows is supposed to use this feature, however, if you search for: "execute disable bit vista" you get mostly references to XP and SP2. If the feature were to one that is widely used you would think that Microsoft would promote its use.

No clear indication whether the Linux kernel can use it.

Below is a screen-shot from an HP Support Forum:

EDB - Execute Disable Bit

Conspiracy theories aside - I think that it is more a case of incompetence on the part of Intel and Insyde (and the computer manufacturers) for not explaining things very well.

EDB - Execute Disable Bit - a screw-up at Insyde?

From another responder to the post:

"..... the recommendation to the industry was to disable the bit. Because of the security issues with "Blue Pill Attacks".......

Like the Intel "Virtualization Technology", the operation of this feature depends on too much "sleeping with the enemy"!

Intel's Processor Identifier software showing EDB capablility on a P7350


Observed Searches:

These are some of the searches that I have recorded that found this page: