Intel will incorporate
its Execute Disable Bit technology into its new processors in 2005. The security technology will appear in several lines of CPU, including the 600-series 64-bit Pentium 4 lineup, Pentium M and 775-socket Celeron D models. When combined with Windows XP SP2, EDB technology is able to prevent certain classes of malicious "buffer overflow" attacks.
Execute Disable Bit allows the processor to classify areas in memory by where application code can execute and where it cannot. When a malicious worm attempts to insert code in the buffer, the processor disables code execution, preventing damage or worm propagation. To provide end-to-end no execute (NX) coverage, Intel will offer Execute Disable Bit for workstations, and other server products beginning in late Q3 2004. Desktop and workstation products are now shipping, with system availability in Q4 2004. Mobile products begin shipping in late Q4 2004, with system availability in Q1 2005.