Windows 10: Windows Client Guidance against speculative execution vulnerabilities

Page 45 of 75 FirstFirst ... 35434445464755 ... LastLast
  1. johngalt's Avatar
    Posts : 1,534
    WinX Pro x64 IP current
       02 Feb 2018 #440

    Cliff S said: View Post
    [emoji106] Good one John!, Damn these non-rep-able threads
    But know now, a rep for you is in my heart
    AndreTen said: View Post
    Thanks, this is what I needed. Was thinking of it this way...

    on rep!
    Thanks, guys - I appreciate the sentiment.
      My ComputersSystem Spec

  2. dencal's Avatar
    Posts : 2,803
    W10 Pro + W10 Preview
       02 Feb 2018 #441

    Logic suggests behavioural heuristics should be able to recognise when something untoward is trying to gain access to the memory in the Windows Server....find a method to block access.....then isolate.
      My ComputersSystem Spec

  3.    02 Feb 2018 #442

    From what I read at other forums testing mitigation, Windows Defender caught their Spectre experiment... not sure if due to microcode or not tho'...
      My ComputerSystem Spec

  4. johngalt's Avatar
    Posts : 1,534
    WinX Pro x64 IP current
       02 Feb 2018 #443

    However, this is not trying to access it, per se. What it is doing is actually blocking another (legitimate) thread's access, which breaks the link between the thread and the privileged information, then another process comes along and calls for a dump of the privileged information. It is this dump, I'm guessing (educatedly, though) that everyone is in an uproar about. If the privileged information store were simply wiped clean upon breakage, there would be no issue here. But the fact that, after breaking, it just sits there until being forcibly removed by another thread is what is disconcerting - better security would have been if the CPU kills those registers as soon as the link is broken. But, that is what causes the slowdown, because a legitimate process might need the information more than once, and under the current workflow, it has access to it again and again. But i fit were done correctly then any process that needed the information store repeatedly would have to go through the process of asking for it every time it needs it.

    And because of that, I've finally figured out a good analogy for all of this. When you log in here, or anyplace, for that matter, online (with a few notable exceptions of places that take security seriously) you have the ability to save your credentials so that you don't have to enter them each time - and you can access your own information (your profile, for example) repeatedly, without submitting your credentials over and over again. It's designed that way to be user friendly.

    But if a site were to truly value your security, they would ask for your credentials every time you did something in a secured environment. And I know tons of users who would hate that. But at the same time, I also know users who've been caught with a similar type of attack, in which they don't log out of a site, and someone else is then able to access their personal information from said site.

    The difference here in the CPU world is that no one still gets direct access because they have the right credentials to access that privileged storage area. However, by dumping it all to a file, they can eventually sift through the cruft to find the goldmines - like your bank login and password (if you use it in a time frame while the exploit is in use on your system). And this is the most important point - it's not instantaneous access to privileged information, like with the website logging out thing - with that, someone who takes your place while you're still logged in sees everything that you were seeing before. In this case, it's more like someone left the main bank vault door open, and now thieves can get a hold of all the safe deposit boxes inside - but they have limited time, so they grab what they can and bug out, to their hideout, where they'll crack open each and every box they grabbed and sift through the contents until they find something worthwhile.

    This set of exploits works very similarly to that.
      My ComputersSystem Spec

  5. dencal's Avatar
    Posts : 2,803
    W10 Pro + W10 Preview
       02 Feb 2018 #444

    Banks and financial services here in the UK are very security conscious.
    Drop down cascading menus, both alphabetical and numerical are common for signing in using a mouse leaving no indication, just an * asterisk.... plus codes change after each entry.
    Further provision is provided by the use of card readers....again after each usage the code changes....again no keyboard usage.
      My ComputersSystem Spec

  6. johngalt's Avatar
    Posts : 1,534
    WinX Pro x64 IP current
       02 Feb 2018 #445

    dencal said: View Post
    Banks and financial services here in the UK are very security conscious.
    Drop down cascading menus, both alphabetical and numerical are common for signing in using a mouse leaving no indication, just an * asterisk.... plus codes change after each entry.
    Further provision is provided by the use of card readers....again after each usage the code changes....again no keyboard usage.
    That is a very good thing.

    But if an internal bank computer was hit with a variant of software that manipulated either of these exploits, it would be much, much worse than day, if you while family's computers were hit with it.

    Of course, for you, it has the potential to be devastating. But if *every* customer of that back heat their account information exposes, it would be, obviously, much larger in scope....

    So naturally, institutions that handle financial, legal, and health information need to have top notch security for their systems.

    When they don't, well, you see what happened last summer....
      My ComputersSystem Spec

  7. axe0's Avatar
    Posts : 13,601
    Windows 10 Pro
       02 Feb 2018 #446

    johngalt said: View Post
    because 0-day malware that no one has had time to research, let alone develop a signature for so your anti-malware program can block it. If you connect to a network, or connect a device from the outside that has had any sort of network (even closed ones, technically), you're automatically at risk. Period.
    These days, many protection software have heuristic analysis and possibly behavioral analysis for 0-day malware. Although heuristic analysis does rely on research of known malware, the 0-day malware has to be using unknown methods of operations to be undetected by heuristics engines.
      My ComputersSystem Spec

  8. johngalt's Avatar
    Posts : 1,534
    WinX Pro x64 IP current
       03 Feb 2018 #447

    And the best part about Spectre and Meltdown is that, technically, they're unknown.
      My ComputersSystem Spec

  9.    03 Feb 2018 #448

    dencal said: View Post
    Banks and financial services here in the UK are very security conscious.
    Drop down cascading menus, both alphabetical and numerical are common for signing in using a mouse leaving no indication, just an * asterisk.... plus codes change after each entry.
    Further provision is provided by the use of card readers....again after each usage the code changes....again no keyboard usage.
    That's true but I can still name several UK banks where you have to type in a full user name & password. This is poor security and must be vulnerable to key loggers. I suppose you could use the on-screen keyboard for these sites if concerned.
      My ComputersSystem Spec

  10.   My ComputersSystem Spec


 
Page 45 of 75 FirstFirst ... 35434445464755 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
Source: Mitigating speculative execution side-channel attacks in Microsoft Edge and Internet Explorer - Microsoft Edge Dev Blog See also update: Cumulative Update KB4056892 Windows 10 v1709 Build 16299.192 - Windows 10 Forums
Source: Google Online Security Blog: Disclosing vulnerabilities to protect users
Windows 10 - Need some guidance on recovery in Installation and Upgrade
One of my spare Windows 10 machines is on life support. I must have clobbered it somehow when I was tweaking the multiple display settings ( to incorporate a HDMI projector). It actually worked fine all week, but today, when I tired to set it...
Read more: http://www.zdnet.com/article/microsoft-offers-it-guidance-to-prepare-for-windows-as-a-service/
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 08:04.
Find Us