Replies to post #42985 on Advanced Micro Devices Inc (AMD)

[CombJelly]

"Viruses can be made without buffer-overflow, and Shruggle is proof. "

Don't need Shruggle for proof, it has been known for a long while that viruses can be written without buffer-overflow. It is just that buffer-overflow viruses are especially pernicious and hard to guard against. But as long as you can get a user to run an unknown executable, viruses will still be transmitted...

[spokeshave]

wbmw: I'm not sure why you did not respond to my point, so let me try to be clearer.

Do you think that all the world's virus writers are going to...keep in writing buffer-overflow code, even after the hardware repels their attempts? No.

I disagree. I think that as long the majority of computers are still vulnerable to buffer-overflow exploits, virus writers will continue writing buffer-overflow code. That is why NX can be a considerable advantage.

If I were writing a virus, I would target the most computers with the most vulnerabilities with code that will do the most damage. For the time being, buffer-overflow tactics seems to fit the bill nicely.

NX systems will be invulnerable to this particular attack strategy.

Edit: I saw your response to my previous message. I think the answer to you question about why target 80% when you can target 100% is simple. If you can do massive damage with a buffer-overflow virus, then massive damage to 80% of the systems out there has a pretty big impact.