- Jun 10, 2014
- 2,428 (0.96/day)
Actually, there is nothing principally wrong with speculative execution and caching. It's only a matter of making sure all caches are cleaned etc., which will require redesigns of microarchitectures, not just the mitigations we've seen this far which only makes it harder. Getting rid of SMT would help a lot though.Nothing we haven't seen before... Superscalar out of order with the levels of speculative execution and caching that are enabled by modern processes will always be vulnerable to this kind of attack.
Until this happens, we should expect a stream of new Spectre class exploits.
Local access is required, as usual. These vulnerabilites are not a real problem for consumers or non-cloud servers, so software mitigations should really be opt-in. There is no reason for all of us to suffer.So physical access is required to implement any exploit?
Well, this is exactly why we do security in layers. Sooner or later you should expect a vulnerability in one layer.This requires high level access to execute, which traditional security measures already prevent. This is one of those "if they get this you're already hosed" type situation. I'd be really surprised if the mitigations are required rather then optional patches that can be applied to just mission critical equipment that is most likely to get hit by this.
The real elephant in the room is the perpetual stupidity of (public) cloud computing, where a vulnerability on any layer can potentially bypass nearly all security measures. Nothing sensitive should ever run in the public cloud, unfortunately it does.
Yes. Consumers should not worry about the exploits, only about the mitigations. I wish patches were opt-in.Although IMO most of this stuff has been wildly overblown, the majority of CPU attacks require a pre pwned system with remote administrator/BIOS access. I can see emergency patches for the remote execution ones, but the rest should be optional IMO.
Because antimalware don't have the ability to stop any attack, just identify known bad software.Perhaps someone cleverer than me can tell me why adding its signature/behavior to antivirus/antimalware wouldn't solve the issue?
This is why there are endless streams of new virus variants for Windows, until the specific underlying vulnerabilities (/design faults) are resolved.
If you find a vulnerability, you can just make a script that makes thousands of small variants of the program performing the exploit, resulting in different binary signatures, and the cat and mouse game is on. Antimalware doesn't work the way people think, they can never fix an exploit, and it's even debatable whether they do much "good" at all. Having priveleged software like this may even open up new attack vectors, and there are even some antimalware software that can be regarded as malware/spyware itself.