قالب وردپرس درنا توس
Home / Tips and Tricks / Only new processors can really fix ZombieLoad and Specter

Only new processors can really fix ZombieLoad and Specter



  ZombieLoad logo on an Intel CPU
RMIKKA / Shutterstock

Current processors have design errors. Specter exposed them, but attacks like Foreshadow and now ZombieLoad is utilizing similar weaknesses. These "speculative execution" deficiencies can only really be solved by purchasing a new CPU with built-in protection.

Patches Often Delay Existing CPUs

The industry has frantically encrypted to patch "side channel attacks" such as Specter and Foreshadow, which trick the CPU into revealing information it shouldn't. Protection for current processors has been made available through microcode updates, operating system levels and patches to applications such as browsers.

Specter fixes have slowed down computers with old processors, although Microsoft is now rapidly resuming them. Patching these bugs often slows down the performance of existing CPUs.

Now ZombieLoad is emerging a new threat: To completely lock and secure a system from this attack, you must disable Intel's hypertext. Therefore, Google just disabled Hyperthreading on Intel Chromebooks. As usual, CPU microcode updates, browser updates, and operating system patches are on the way to trying to plug the hole. Most people should not have to disable hypertroses when these patches are in place.

New Intel processors are not exposed to ZombieLoad

But ZombieLoad is no danger to systems with new Intel processors. As Intel adds, ZombieLoad is treated in hardware that begins with selected 8th and 9th generation Intel® Core ™ processors, as well as the second generation Intel® Xeon® scalable processor family. "Systems with these modern processors are not vulnerable to this new attack.

ZombieLoad affects only Intel systems, but Specter also affects AMD and some ARM processors. It is an industry-wide problem.

CPUs have design errors, enables attacks

When the industry realized when Specter raised its ugly head, modern processors have some design flaws:

The problem here is with "speculative execution." For performance reasons, modern processors automatically drive instructions that they think may need to run and if they cannot, they can only rewind and restore the system to their previous state …

The core issue of both Meltdown and Specter is within the CPU cache, an application can try to read the memory and if it reads anything in the cache, the action will complete faster, if it tries to read something that is not in the cache, it will be completed more slowly. far something fast or slow and while everything else under speculative execution is cleaned and erased, the time required to perform the operation cannot be hidden. It can then use this information to build a map of everything in the computer's memory, one at a time. Caching speeds things up, but these attacks take advantage of that optimization and make it a security failure.

In other words, performance optimization in modern processors fails. Code that runs on CPU maybe even just JavaScript code that runs on a browser ̵

1; can exploit these flaws to read the memory outside its normal sandbox. In the worst case, a web page in a browser tab can read your online bank password from another tab in the browser.

Or on cloud servers, a virtual machine can snow on data in other virtual machines on the same system. This is not meant to be possible.

RELATED: How will the melting and spectrum deficiencies affect my computer?

Software patches are just Bandaids

It is no surprise that to prevent this type of side channel attack, patches have made the CPUs a little slower. The industry is trying to add extra controls to a performance optimization warehouse.

The suggestion to disable the hypertext is a rather typical example: By disabling a feature that makes your CPU faster, you make it safer. Malicious software can no longer take advantage of this performance feature, but it will no longer speed up your computer.

Thanks to much work from many smart people, modern systems have been reasonably protected against attacks like Specter without much slowdown. But patches like these are just bandaids: These security flaws must be fixed at the CPU hardware level.

Hardware Management Provides More Protection – Without Lowering Your CPUs. Organizations do not have to worry about whether they have the right combination of microcode (firmware) updates, operating system patches, and software versions to keep their systems safe.

As a team of security researchers put it in a research paper,

Intel and AMD build fixed solutions for new processors

<img class = "wp-image-415066 size-full" data-pagespeed-lazy-src = "https://www.howtogeek.com/wp-content/uploads/2019/05/ximg_5cdc8fa8db5f2.png.pagespeed.gp+jp+jw+pj+ws+js+rj+rp+rw+ri+cp+ md.ic.2klrpKZAwq.png "alt =" Intel Specter Protection hardware graphics showing fences.

19659027] Intel

Hardware level fixes are not only theoretical. CPU manufacturers work hard on architectural changes that will Fix this problem at the CPU hardware level Or, as Intel expressed in 2018, Intel was "to improve the security of the silicon level" with the 8th generation CPU:

We have redesigned parts of the processor to introduce new levels of protection through partitioning that protects against both [Spectre] Variants 2 and 3. Think of this partition as additional "protective walls" between applications and h user rights levels to create an obstacle for bad players.

Earlier, Intel announced that its 9th generation processors contain additional protection against Foreshadow and Meltdown V3. These CPUs are not affected by the recently revealed ZombieLoad attack, so these protections must help.

AMD is also working on changes, although no one wants to reveal many details. In 2018, AMD CEO Lisa Su said: "In the longer term, we have included changes to our future processor cores, beginning with our Zen 2 design, to further address potential Specter-like exploits".

For those who want the fastest performance without any patches slowing down things – or just an organization that wants to be absolutely sure that its servers are as protected as possible – the best solution is to buy a new CPU with these hardware-based solutions. Hardware level improvements will hopefully prevent other future attacks before they are detected.

Oplanned Obsolescence

While the press sometimes talks about "planned obsolescence" – a company's plan that the hardware becomes obsolete so you have to replace it – this is unforeseen obsolescence. No one expected so many processors to have to be replaced for security reasons.

Heaven does not fall. Everyone makes it harder for attackers to exploit bugs like ZombieLoad. You don't have to drive out and buy a new CPU right now. However, a complete measure that does not damage performance will require new hardware.


Source link