قالب وردپرس درنا توس
Home / Tips and Tricks / Only new CPUs can really fix ZombieLoad and Specter

Only new CPUs can really fix ZombieLoad and Specter



  ZombieLoad logo on an Intel CPU
RMIKKA / Shutterstock

Current CPUs have design flaws. Specter has unmasked them, but attacks like Foreshadow and now ZombieLoad exploit similar weaknesses. These "speculative execution errors" can only be resolved by purchasing a new CPU with built-in protection.

Patches Slow Common CPUs

The industry has been frantically trying to patch "side channel attacks" like Specter and Foreshadow, which are tempting the CPU to divulge information they should not divulge. Protection for current CPUs has been provided through microcode updates, operating-system fixes, and patches for applications such as web browsers.

Specter fixes have slowed down computers with old CPUs, although Microsoft is about to accelerate them again. Patching these errors often slows performance on existing CPUs.

Now ZombieLoad poses a new threat: To completely protect and block a system from this attack, you must disable Intel Hyper-Threading. That's why Google has disabled hyperthreading on Intel Chromebooks. As usual, CPU microcode updates, browser updates, and operating system patches are on their way to closing the gap. Most users should not have to disable hyperthreading once these patches are installed.

New Intel CPUs are not vulnerable to ZombieLoad.

ZombieLoad is not a threat on systems with new Intel CPUs. According to Intel, ZombieLoad is "hardware-oriented, starting with select 2nd generation Intel® Core ™ processors and 2nd generation scalable Intel® Xeon® processor family." Systems with these advanced CPUs are not affected new attack.

ZombieLoad only affects Intel systems, but Specter also includes AMD and some ARM CPUs. It's an industry-wide problem.

CPUs have design flaws and allow attacks

As the industry noted, when Specter raised its ugly head, modern CPUs have some design flaws:

The problem lies in "speculative execution". , For performance reasons, modern CPUs automatically execute instructions that they may need to execute. Otherwise, you can simply rewind the system and return to the previous state.

The core problem with Meltdown and Specter lies in the cache of the CPU. An application may attempt to read the memory, and if it reads something in the cache, the operation will complete faster. When it tries to read something that is not in the cache, it slows down. The application can determine if an operation has completed quickly or slowly. While all other operations are pruned and deleted during speculative execution, the time required to complete the operation can not be hidden. This information can then be used to bit-map a map of all the computer's memory. Caching speeds things up, but these attacks take advantage of this optimization and turn it into a security hole.

In other words, performance optimizations in modern CPUs are abused. Code running on the CPU ̵

1; possibly just JavaScript code running in a web browser – can exploit these errors to read the memory outside the normal sandbox. In the worst case, a web page on a browser tab can read your online banking password from another browser tab.

On cloud servers, one virtual machine can monitor the data on other virtual machines on the same system. This should not be possible.

RELATED: How Do Meltdown and Specter Errors Affect My PC?

Software patches are only bandaids

No Surprisingly, the CPU uses patches to slow down to prevent such a side channel attack. The industry is trying to add additional reviews to a performance optimization layer.

The suggestion to disable hyperthreading is a very typical example: disabling a feature that makes your CPU run faster increases security. Malicious software can no longer exploit this feature, but it will not speed up your PC anymore.

Thanks to the work of many clever people, modern systems could be adequately protected against attacks such as Specter without great slowdown. However, patches like these are just bandaids: these vulnerabilities need to be addressed at the CPU hardware level.

Hardware-level fixes provide more protection – without slowing down the CPU. Organizations do not need to worry about having the right combination of microcode updates (firmware), operating system patches, and software versions to keep their systems safe.

These are "not just mistakes, but the foundation for optimization." The CPU design needs to be changed.

Intel and AMD are adding improvements to new CPUs.

<img class = "wp-image-415066 size-full" data-pagespeed-lazy-src = "https://www.howtogeek.com/wp-content/uploads/2019/05/ximg_5cdc8fa8db5f2.png. pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.2klrpKZAwq.png "alt =" Intel Specter protection hardware graphics with fences. [19659027] Intel [19659003] Hardware-level fixes are not just theoretical: CPU vendors are working hard on architectural changes that address this issue at the CPU hardware level, or, as Intel put it in 2018, Intel "improved silicon-level security" with CPUs of the 8 Generation:

We have redesigned parts of the processor to introduce new protection levels through partitioning that protect against both [Spectre]] Variant 2 and 3. Think of this partitioning as additional "barriers" between applications and user privilege levels, to create an obstacle for bad actors.

Intel previously announced that its CPUs are the one to use 9th generation provide additional protection against Foreshadow and Meltdown V3. These CPUs are not affected by the recent ZombieLoad attack, so these safeguards must be helpful.

AMD is also working on changes, though nobody wants to reveal many details. In 2018, AMD CEO Lisa Su said, "In the longer term, we've made changes to our future processor cores, starting with our Zen 2 design to better address potential Specter-like exploits."

For someone who wants the fastest performance Without That patches slow down work or that only one company wants to make sure its servers are as secure as possible, the best solution is to buy a new CPU with these hardware-based fixes. Hardware-level improvements will hopefully prevent other future attacks before they are discovered.

Unplanned obsolescence

While the press sometimes speaks of "planned obsolescence" – a business plan whereby the hardware will become obsolete, it will be so to replace it – this is unplanned obsolescence. No one expected that for security reasons so many CPUs would have to be replaced.

The sky does not fall. Everyone makes it harder for attackers to exploit bugs like ZombieLoad. You do not have to get started right away and buy a new CPU. However, a full fix that does not impact performance requires new hardware.


Source link