 Spectre and Meltdown shook many PC enthusiasts when they came to light. They were essentially the first speculative execution flaws to attract global attention, and because they affected processors from Intel and AMD to varying degrees, the internet was awash with concern for several months. Eventually, researchers discovered more and more speculative execution flaws. But now researchers at MIT's Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they've found a way to prevent these attacks. The researchers call their solution Dynamically Allocated Way Guard (DAWG) and revealed it in a recent paper. This name stands in opposition to Intel's Cache Allocation Technology (CAT) and is said to prevent attackers from accessing ostensibly secure information through exploiting flaws in the speculative execution process. Best of all, DAWG is said to require very few resources that CAT isn't already using and can be enabled with operating system changes instead of requiring the in-silicon fixes many thoughts were needed to address the flaws. The side-channel attacks revealed earlier this year essentially work by compromising data from memory when the CPU is deciding where it should go. This would, in turn, allow them to gather passwords, encryption keys and other data they could then use to gain full access to a targeted system. The attacks varied in the vulnerabilities they leveraged and the way they could be addressed. Meltdown required the operating system and firmware updates. Spectre was thought to require changes to CPU architectures, but CSAIL said DAWG blocks Spectre attacks itself. Leram how DWAG work by visiting OUR FORUM.  After being convicted of abusing their Android monopoly to bolster their search business, Google agreed to comply with the European Union’s requirement that they make changes in their business practices to restore competition to the market. While still appealing their conviction, they agreed in the EU to unbundle the Google Play Store and other service apps from the Chrome browser and Google Search app, and offer the first part for a license fee. This would allow other companies to create their own Android distribution without delivering handsets which were uncompetitive due to lacking access to the millions of apps in the Google Play Store. It seems, however, Google had no intention to actually comply with the spirit of the order, as they set the price of the Google Play Store and associated apps at an unreasonable $40, according to leaked documentation seen by The Verge. Android OEMs can reduce that price by adding back Google Search and the Chrome browser, meaning in effect Google is extorting companies to maintain the status quo. If they choose to take the Store only they also miss out on ongoing revenue share generated by Google Search on the handsets. While Google’s machinations would likely abide by the wording of the European Commission direction, it is unlikely that the EC will tolerate an arrangement which does not allow real competition to be restored. Microsoft has in the past learn to regret playing games with the EU, and I look forward to Google learning this lesson the hard way for themselves. In-depth reading can be found on OUR FORUM.  Earlier this year two major vulnerabilities were discovered which affected the core processes of the computer. Named as Spectre and Meltdown, these “speculative execution” vulnerabilities meant hackers could steal data by simply visiting a website. Though there were no known incidents of these vulnerabilities being exploited in the wild, the processor microcode patches could have up to a 30% impact on the performance of PCs that have been patched. Various tech companies have been working on mitigation for this, and in Microsoft’s latest move, they are working to implement Retpoline in the next major version of Windows 10, 19H1 due early next year. For the rest of us it means that Spectre will no longer make our processors feel 5-10 years older than they are, and in general cause Spectre mitigation to only have an impact of 1-2%, or as Mehmet Iyigun from the Windows Kernel team notes, bring it down to “noise level” for most use cases, which is certainly good news. Some are however complaining that Microsoft does not appear to be planning to backport the fix, meaning Windows 10 users will need to update to the latest version of the OS to get their performance back, which is somewhat controversial, especially for business users who prefer a well-tested and stable OS. For more turn your attention to OUR FORUM. |
Latest Articles
|