Google researchers say software patches will never fully protect against Spectre-like...

P

Polycount

Posts: 3,017   +590
Staff
In context: Sketchy characters are always looking for ways to take advantage of the general public, and with the power of modern technology, that process has become easier than ever. Indeed, if you were an active internet user throughout 2018, you may remember Meltdown and Spectre - two of the biggest hardware security flaws the tech industry has ever seen.

We've discussed said flaws in more detail in the past, but the gist is that virtually all modern processors take advantage of a technique called "speculative execution" to boost performance and speed up calculations.

Unfortunately, that has come at a cost: Meltdown and Spectre (and their many known or unknown variants) theoretically allow attackers to swipe personal data stored in browsers, password managers, and other parts of a given machine without leaving any evidence behind.

Patches have rolled out for these flaws, but they aren't ideal. A research paper published by Google's security team (spotted by Ars Technica) explains precisely why that's the case.

Researchers say that software-based fixes simply aren't enough to protect users against all Spectre and Meltdown variants. To prove their point, they developed their own Spectre attack that has no known patches or solutions.

Part of the reason software alone isn't enough to address all Spectre variants is the lack of consistency. Some fixes only address certain variants, meaning additional mitigation measures have to be taken for more comprehensive protection.

Unfortunately, when those measures are implemented, you can start to see some pretty hefty performance hits, which makes using this mixed-technique approach impractical.

Short of ditching speculative execution outright -- which CPU makers probably won't do for performance reasons -- there likely won't be a single fix-all approach to Spectre mitigation for years.

We'll need to see a significant leap forward in processor technology, or a similarly-impactful innovation in the security community; and neither of those possibilities seem all that likely to occur anytime soon.

Permalink to story.

https://www.techspot.com/news/78917-google-researchers-software-patches-never-fully-protect-against.html

 
Google is developing a new OS, currently called Fusica. I expect that they'll also develop a processor for it that will eliminate specter vulnerabilities. After all, Apple is doing it, why shouldn't Google? If they can be the first with a truly secure CPU and OS, they could win over the consumer market once Intel chips running Windows or MacOS start getting compromised in ways that cannot be undone. This will be interesting times for OS's and processors, in the next few years.
 
  • Like
Reactions: Charles Olson
seeprime said:
Google is developing a new OS, currently called Fusica. I expect that they'll also develop a processor for it that will eliminate specter vulnerabilities. After all, Apple is doing it, why shouldn't Google? If they can be the first with a truly secure CPU and OS, they could win over the consumer market once Intel chips running Windows or MacOS start getting compromised in ways that cannot be undone. This will be interesting times for OS's and processors, in the next few years.
Click to expand...

The only truly secure computer....is encased in concrete and placed at bottom of the ocean.
 
  • Like
Reactions: erickmendes
Are we calling them 'flaws' now? Did Voikswagen's Diesel have a little 'flaw' as well?
They are faulty. They knew what they were doing, when they ignored half the things for the sake of a "lean" speculative execution engine.
 
  • Like
Reactions: Charles Olson and PEnnn
seeprime said:
Google is developing a new OS, currently called Fusica. I expect that they'll also develop a processor for it that will eliminate specter vulnerabilities. After all, Apple is doing it, why shouldn't Google? If they can be the first with a truly secure CPU and OS, they could win over the consumer market once Intel chips running Windows or MacOS start getting compromised in ways that cannot be undone. This will be interesting times for OS's and processors, in the next few years.
Click to expand...

Google would also reap all the issues with making it's own chips as well, like potential security flaws and crappy performance. In my opinion it'd be a dumb idea for google to make it's own chips.

The only company that's done it well so far has been Apple but then again they only sell consumer products on fixed sets of hardware. That's nothing compared to the complexity of windows, let alone a google server environment.

That a problem with a lot of big companies, they get a ton of money, start making a lot of products, and loose the focus and passion they had when they were smaller.
 
Evernessince said:
seeprime said:
Google is developing a new OS, currently called Fusica. I expect that they'll also develop a processor for it that will eliminate specter vulnerabilities. After all, Apple is doing it, why shouldn't Google? If they can be the first with a truly secure CPU and OS, they could win over the consumer market once Intel chips running Windows or MacOS start getting compromised in ways that cannot be undone. This will be interesting times for OS's and processors, in the next few years.
Click to expand...

Google would also reap all the issues with making it's own chips as well, like potential security flaws and crappy performance. In my opinion it'd be a dumb idea for google to make it's own chips.

The only company that's done it well so far has been Apple but then again they only sell consumer products on fixed sets of hardware. That's nothing compared to the complexity of windows, let alone a google server environment.

That a problem with a lot of big companies, they get a ton of money, start making a lot of products, and loose the focus and passion they had when they were smaller.
Click to expand...
Keep in mind that Android is continuously vulnerable. The media server, in particular, is nothing but a Swiss cheese.
I don't know where the rumor comes from that Google has particularly good programmers. So far, they've proven the exact opposite. Their Anroid API was an agenda full of U-turns, where it was obvious that they didn't know in which direction they were heading.
Google can only do one thing really well - monitoring you.
 
  • Like
Reactions: Sausagemeat
xxLCxx said:
Evernessince said:
seeprime said:
Google is developing a new OS, currently called Fusica. I expect that they'll also develop a processor for it that will eliminate specter vulnerabilities. After all, Apple is doing it, why shouldn't Google? If they can be the first with a truly secure CPU and OS, they could win over the consumer market once Intel chips running Windows or MacOS start getting compromised in ways that cannot be undone. This will be interesting times for OS's and processors, in the next few years.
Click to expand...

Google would also reap all the issues with making it's own chips as well, like potential security flaws and crappy performance. In my opinion it'd be a dumb idea for google to make it's own chips.

The only company that's done it well so far has been Apple but then again they only sell consumer products on fixed sets of hardware. That's nothing compared to the complexity of windows, let alone a google server environment.

That a problem with a lot of big companies, they get a ton of money, start making a lot of products, and loose the focus and passion they had when they were smaller.
Click to expand...
Keep in mind that Android is continuously vulnerable. The media server, in particular, is nothing but a Swiss cheese.
I don't know where the rumor comes from that Google has particularly good programmers. So far, they've proven the exact opposite. Their Anroid API was an agenda full of U-turns, where it was obvious that they didn't know in which direction they were heading.
Google can only do one thing really well - monitoring you.
Click to expand...

I'm sure Google had some of the best programmers in the world. The problem with any large project such as Android is the sheer amount of complexity involved and the number of people working on it. Android works on thousands on devices from mobile to cars to TVs to watches, it's a modern wonder that it works as well as it does.

Compare it to iOS and the issues that keep coming up even though it's on a small amount of devices, while Apple controls the hardware too.

Modern Operation Systems are extremely complex beasts.
 
picka said:
xxLCxx said:
Evernessince said:
seeprime said:
Google is developing a new OS, currently called Fusica. I expect that they'll also develop a processor for it that will eliminate specter vulnerabilities. After all, Apple is doing it, why shouldn't Google? If they can be the first with a truly secure CPU and OS, they could win over the consumer market once Intel chips running Windows or MacOS start getting compromised in ways that cannot be undone. This will be interesting times for OS's and processors, in the next few years.
Click to expand...

Google would also reap all the issues with making it's own chips as well, like potential security flaws and crappy performance. In my opinion it'd be a dumb idea for google to make it's own chips.

The only company that's done it well so far has been Apple but then again they only sell consumer products on fixed sets of hardware. That's nothing compared to the complexity of windows, let alone a google server environment.

That a problem with a lot of big companies, they get a ton of money, start making a lot of products, and loose the focus and passion they had when they were smaller.
Click to expand...
Keep in mind that Android is continuously vulnerable. The media server, in particular, is nothing but a Swiss cheese.
I don't know where the rumor comes from that Google has particularly good programmers. So far, they've proven the exact opposite. Their Anroid API was an agenda full of U-turns, where it was obvious that they didn't know in which direction they were heading.
Google can only do one thing really well - monitoring you.
Click to expand...

I'm sure Google had some of the best programmers in the world. The problem with any large project such as Android is the sheer amount of complexity involved and the number of people working on it. Android works on thousands on devices from mobile to cars to TVs to watches, it's a modern wonder that it works as well as it does.

Compare it to iOS and the issues that keep coming up even though it's on a small amount of devices, while Apple controls the hardware too.

Modern Operation Systems are extremely complex beasts.
Click to expand...
Errm, no. Most of the MediaServer vulnerabilities are 'portable' ones. That is, the code is not tailored to a multitude of systems, but is simply bogus by itself. The seem to be unable to tame their crap code, as MediaServer vulnerabilities have become a recurring pattern, much like Flash.
Anroid is a resource hog. To this very day, people still remind us that 'the interface runs smooth' in their reviews. Why do they do that? Because, despite 4-8+ cores and Gigabytes of memory, Android may still be unable to follow your finger. ;-)
 
You must log in or register to reply here.

Similar threads

Daniel Sims
Unpatchable Apple Silicon vulnerability could leak encryption keys
Replies
15
Views
282
Dreadcthulhu
D
midian182
US prison system proposes total social media ban for inmates, sparking First Amendment concerns
2
Replies
40
Views
697
trparky
T
midian182
Minnesota burglars are using Wi-Fi jammers to disable home security systems
Replies
24
Views
4K
erickmendes
erickmendes

Latest posts

Back