No Hardware Virtualization
This processor does not offer advanced hardware support for hardware virtualization.
There is some suggestion that future operating systems of all sorts (Linux, Mac, Windows, etc.) may be able to use hardware virtualization to indirectly enforce greater security upon the operating system’s “kernel” by preventing it from being modified as a means for thwarting dangerous “root kit” style exploits.
The idea is that our future operating systems would always be running inside a virtual machine under the watchful eye of an OS “hypervisor.” This has not been practical before now, without hardware support for virtualization, because virtualization required too much real-time involvement of software which introduced an unacceptable amount of overhead and slowed everything down. Hardware virtualization means that virtual machines – and even the entire operating system running inside a virtual machine container – would be able to run at 100% full speed, thus making a persistent security-oriented OS “hypervisor” practical for the first time.
But don’t hope for this to ever help with the security of 32-bit Windows platforms. Due to the amount of kernel modification already being done by benign kernel drivers in 32-bit versions of Windows, “hypervisory kernel locking” could only ever be implemented under 64-bit versions of Windows where kernel modification has always been actively prohibited. And due to serious compatibility problems inherent in 64-bit systems, it’s also not at all clear (at the start of 2007) how quickly, or even whether, 64-bit Windows will become practical on the desktop.
However, the other current and real security-related application for hardware virtualization is for running your own virtual machines – at 100% full speed – on top of your host operating system. This is possible today with commercial and completely free software from Microsoft, VMware and Parallels. This has an indirect, though strongly positive, impact upon security since possibly unsafe activities such as Internet surfing or peer-to-peer file sharing can be 100% contained within the virtual environment to make online activities much safer.
This can still be done, of course, without hardware virtualization support, but the virtual machine environment as well as the hosting operating system will be running at substantially less than full speed.
Hardware DEP Available
This processor does support hardware-based data execution prevention (DEP).
When hardware DEP support is teamed up with a properly configured operating system (and that part is crucial), computer security mistakes involving the deliberate overrunning of communications buffers can be automatically detected and prevented throughout the entire computer system. This makes data execution prevention, when available and active, the single most promising improvement for PC security ever. Really.
It is very important to note, however, that hardware support for DEP is only one of several enabling requirements that must be met before any benefit can be obtained. GRC will be following up the release of SecurAble with another powerful tool, DEPuty, that will help to properly configure, test and verify the operation of your system’s critical DEP subsystem.
64-Bit Processing Available
This processor does offer 64-bit modes of operation. This means that this system is able to run the significantly more secure 64-bit versions of Microsoft’s Windows XP and Vista operating systems.
The biggest challenge for 64-bit Windows systems is the fact that existing 32-bit device drivers cannot be used by the 64-bit operating system kernel. So if you do plan to try switching to 64-bit Windows, you should be sure to have a means for reverting to 32-bit operation if your system’s hardware turns out to be incompatible with 64-bit operation. Many people have reverted to 32-bit operation after bravely giving 64-bits a try for a short time.