Windows Client Guidance against speculative execution vulnerabilities

Page 45 of 75 FirstFirst ... 35434445464755 ... LastLast

  1. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #440

    Cliff S said:
    [emoji106] Good one John!, Damn these non-rep-able threads
    But know now, a rep for you is in my heart
    AndreTen said:
    Thanks, this is what I needed. Was thinking of it this way...

    on rep!
    Thanks, guys - I appreciate the sentiment.
      My Computers


  2. Posts : 3,105
    W10 Pro + W10 Preview
       #441

    Logic suggests behavioural heuristics should be able to recognise when something untoward is trying to gain access to the memory in the Windows Server....find a method to block access.....then isolate.
      My Computers


  3. Posts : 3,453
       #442

    From what I read at other forums testing mitigation, Windows Defender caught their Spectre experiment... not sure if due to microcode or not tho'...
      My Computer


  4. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #443

    However, this is not trying to access it, per se. What it is doing is actually blocking another (legitimate) thread's access, which breaks the link between the thread and the privileged information, then another process comes along and calls for a dump of the privileged information. It is this dump, I'm guessing (educatedly, though) that everyone is in an uproar about. If the privileged information store were simply wiped clean upon breakage, there would be no issue here. But the fact that, after breaking, it just sits there until being forcibly removed by another thread is what is disconcerting - better security would have been if the CPU kills those registers as soon as the link is broken. But, that is what causes the slowdown, because a legitimate process might need the information more than once, and under the current workflow, it has access to it again and again. But i fit were done correctly then any process that needed the information store repeatedly would have to go through the process of asking for it every time it needs it.

    And because of that, I've finally figured out a good analogy for all of this. When you log in here, or anyplace, for that matter, online (with a few notable exceptions of places that take security seriously) you have the ability to save your credentials so that you don't have to enter them each time - and you can access your own information (your profile, for example) repeatedly, without submitting your credentials over and over again. It's designed that way to be user friendly.

    But if a site were to truly value your security, they would ask for your credentials every time you did something in a secured environment. And I know tons of users who would hate that. But at the same time, I also know users who've been caught with a similar type of attack, in which they don't log out of a site, and someone else is then able to access their personal information from said site.

    The difference here in the CPU world is that no one still gets direct access because they have the right credentials to access that privileged storage area. However, by dumping it all to a file, they can eventually sift through the cruft to find the goldmines - like your bank login and password (if you use it in a time frame while the exploit is in use on your system). And this is the most important point - it's not instantaneous access to privileged information, like with the website logging out thing - with that, someone who takes your place while you're still logged in sees everything that you were seeing before. In this case, it's more like someone left the main bank vault door open, and now thieves can get a hold of all the safe deposit boxes inside - but they have limited time, so they grab what they can and bug out, to their hideout, where they'll crack open each and every box they grabbed and sift through the contents until they find something worthwhile.

    This set of exploits works very similarly to that.
      My Computers


  5. Posts : 3,105
    W10 Pro + W10 Preview
       #444

    Banks and financial services here in the UK are very security conscious.
    Drop down cascading menus, both alphabetical and numerical are common for signing in using a mouse leaving no indication, just an * asterisk.... plus codes change after each entry.
    Further provision is provided by the use of card readers....again after each usage the code changes....again no keyboard usage.
      My Computers


  6. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #445

    dencal said:
    Banks and financial services here in the UK are very security conscious.
    Drop down cascading menus, both alphabetical and numerical are common for signing in using a mouse leaving no indication, just an * asterisk.... plus codes change after each entry.
    Further provision is provided by the use of card readers....again after each usage the code changes....again no keyboard usage.
    That is a very good thing.

    But if an internal bank computer was hit with a variant of software that manipulated either of these exploits, it would be much, much worse than day, if you while family's computers were hit with it.

    Of course, for you, it has the potential to be devastating. But if *every* customer of that back heat their account information exposes, it would be, obviously, much larger in scope....

    So naturally, institutions that handle financial, legal, and health information need to have top notch security for their systems.

    When they don't, well, you see what happened last summer....
      My Computers


  7. Posts : 14,901
    Windows 10 Pro
       #446

    johngalt said:
    because 0-day malware that no one has had time to research, let alone develop a signature for so your anti-malware program can block it. If you connect to a network, or connect a device from the outside that has had any sort of network (even closed ones, technically), you're automatically at risk. Period.
    These days, many protection software have heuristic analysis and possibly behavioral analysis for 0-day malware. Although heuristic analysis does rely on research of known malware, the 0-day malware has to be using unknown methods of operations to be undetected by heuristics engines.
      My Computers


  8. Posts : 2,666
    Windows 11 21H2 (22000.593)
       #447

    And the best part about Spectre and Meltdown is that, technically, they're unknown.
      My Computers


  9. Posts : 7,871
    Windows 11 Pro 64 bit
       #448

    dencal said:
    Banks and financial services here in the UK are very security conscious.
    Drop down cascading menus, both alphabetical and numerical are common for signing in using a mouse leaving no indication, just an * asterisk.... plus codes change after each entry.
    Further provision is provided by the use of card readers....again after each usage the code changes....again no keyboard usage.
    That's true but I can still name several UK banks where you have to type in a full user name & password. This is poor security and must be vulnerable to key loggers. I suppose you could use the on-screen keyboard for these sites if concerned.
      My Computers


  10. Posts : 19,516
    W11+W11 Developer Insider + Linux
       #449
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 08:12.
Find Us




Windows 10 Forums