이 애플리케이션은 현재 자신이 사용하고 있는 CPU가 보안에 어느 정도 대응을 하고 있는가를 3가지 영역을 중심으로 점검하는 간단한 도구다.
깁슨은 세 가지 항목을 리스트업했다.
1) 64-bit instruction extensions,
2) Hardware support for detecting and preventing the execution of code in program data areas (DEP)
3) Hardware support for system resource “virtualization.”
보안상 주요 장점을 요약하면 다음과 같다.
64비트 인스트럭션 - 64비트 윈도xp 및 윈도 2003, 비스타 운영이 가능하기 때문에 과거 32비트에서 비롯된 보안 문제를 일부 해결할 수 있다.
하드웨어 DEP - CPU 연산 과정에서 unchecked buffer가 버퍼 오버런으로 착취 당하는 모든 방식들을 검출, 블로킹 등이 가능하다. 악의적인 해커의 공격을 일부 막을 수 있다.
하드웨어 가상화 - 리얼 OS와 실제 소프트웨어 사이을 떨어 뜨리고 가운데 가상의 개념을 넣어 보안이 강화됐다. 시스템 커널에 접근하는 악성 코드를 일부 막을 수 있다.
특히 최근 윈도7의 윈도XP 가상화 모드과 관심을 받으면서, 3번 항목인 가상화 테스트가 이슈로 떠올랐다. 윈도7의 '윈도XP 가상화' 기능을 사용하기 위해서는 자신의 CPU가 가상화가 지원되는지 확인하는 것이 좋겠다. 보급형 제품 상당수가 지원을 하지 않는다.
또한 곧 내놓게 될 프리웨어 DEPuty의 경우, 2번 항목인 하드웨어 DEP를 제대로 지원하는지, 또 지원한다면 기능을 선택할 수 있는지 점검하고 동작케 하는 것이 될 전망이다.
아래는 왜 세 가지 항목이 보안 테스트를 위해 중요한지 설명하는 자료 원문이다.
• How do 64-bit instructions help with security?
64-bit-capable processors have the ability to run the 64-bit versions of Microsoft's substantially more secure XP, Windows 2003, and Vista operating systems. Those operating systems are more secure because Microsoft, having learned many lessons from mistakes in the past, made the firm decision to lock-down their 64-bit OS kernels. The 64-bit Windows kernels actively police themselves to guard against many rootkit-style and other kernel attacks that have caused so many problems for users of the 32-bit Windows operating systems.
These advanced kernel-protection technologies cannot be ported back into current or even future versions of Microsoft's 32-bit operating systems because doing so would “break” so many existing programs and drivers as to make the system impossible to use. Microsoft knows that one day the personal computing industry will have moved over to 64-bit operating systems much as we all once moved from the 16-bit based systems to 32-bits.
SecurAble indicates by displaying either a “32” or a “64” whether the system's processor has the 64-bit instructions or extensions necessary to run 64-bit versions of Microsoft's present and future operating systems.
• How does Hardware DEP help with security?
As was mentioned in the boxes above, hardware support for DEP is the single most exciting and potentially powerful technology for detecting, blocking, and preventing all manner of exploitation of “unchecked buffer” buffer overruns in Windows. Hardware-enforced DEP is the malicious hacker's worst nightmare since it has the potential to catch and stop nearly all Internet-style remote communications buffer overflow attacks.
• How does Hardware Virtualization help with security?
“Virtual Machine” technology is used to create fully contained environments that can be used to insulate the real hosting operating system from any actions taken by software running within the “virtual” environment. Although this security benefiting virtual machine technology has been used for many years, its widespread adoption has been slowed down by the significant performance overhead imposed by software emulation of the virtual environment. Intel's and AMD's native hardware support for virtual machines means that virtually all of this emulation overhead can be eliminated from both the host and virtual environments. This makes the use of virtual machines for security containment much more practical.
The second benefit of hardware support is that even malicious software running with maximum privileges in the system's kernel is unable to escape from virtual containment. Thus, hardware support for virtual machine technology introduces the possibility of creating a “hypervisor” to operate at a hardware-enforced level below the operating system “supervisor” which opens many exciting possibilities for further enhancing the system's security. It will likely be several years before these capabilities are offered natively within Windows, but we might expect to see third-party security software publishers taking advantage of these features in the near future.
