Apr 16 2018

Intel, Microsoft to use GPU to scan memory for malware

Intel Skylake die shot. (credit: Intel)

Since the news of the Metldown and Spectre attacks earlier this year, Intel has been working to reassure the computer industry that it takes security issues very seriously and that, in spite of the Meltdown issue, the Intel platform is a sound choice the security conscious.

To that end, the company is announcing some new initiatives that use features specific to the Intel hardware platform to boost security. First up is Intel Threat Detection Technology (TDT), which uses features in silicon to better find malware.

The company is announcing two specific TDT features. The first is "Advanced Memory Scanning." In an effort to evade file-based anti-virus software, certain kinds of malware refrain from writing anything to disk. This has can have downsides for the malware—it can't persistently infect a machine and, instead, has to reinfect the machine each time it is rebooted—but makes it harder to spot and analyze. To counter this, anti-malware software can scan system memory to look for anything untoward. This, however, comes at a performance cost, with Intel claiming it can cause processor loads of as much as 20 percent.

Read 6 remaining paragraphs | Comments

Apr 04 2018

Intel drops plans to develop Spectre microcode for ancient chips

Enlarge / A Sandy Bridge wafer. Sandy Bridge is the oldest chip family that's guaranteed to get Spectre variant 2 fixes. (credit: Intel)

Intel has scaled back its plans to produce microcode updates for some of its older processors to address the "Spectre variant 2" attack. Core 2 processors are no longer scheduled to receive updates, and, while some first generation Core products have microcode updates available already, others have had their update cancelled.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The Spectre attack has two variants, numbered version 1 and version 2. Spectre version 1 attacks will need software fixes, and the nature of these attacks means that they may always need software fixes. Version 2 is amenable to hardware and firmware fixes.

Read 5 remaining paragraphs | Comments

Mar 26 2018

It’s not just Spectre: Researchers reveal more branch prediction attacks

Enlarge (credit: Ed Dunens)

Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.

That probably sounds familiar.

The Spectre attacks, published earlier this year, take advantage of the speculative execution features of modern processors to leak sensitive information. The new attack, named BranchScope by the researchers, shares some similarity with variant 2 of the Spectre attack, as both BranchScope and Spectre 2 take advantage of the behavior of the processor's branch predictor.

Read 12 remaining paragraphs | Comments

Mar 15 2018

Intel outlines plans for Meltdown and Spectre fixes, microcode for older chips

Enlarge / Intel Ivy Bridge Xeon E7 v2 die shot. (credit: Fritzchens Fritz)

Shipping in the second half of this year, the next generation of Xeon Scalable Processors (codenamed Cascade Lake) will contain hardware fixes for the Meltdown attack and certain variants of the Spectre attack. So, too, will a range of processors using the same 8th generation Core branding that some processors are already using.

Earlier this year, attacks that exploit the processor's speculative execution were published with the names Meltdown and Spectre, prompting a reaction from hardware and software companies.

The Spectre attack has two variants, numbered version 1 and version 2. Spectre version 1 attacks will need software fixes, and the nature of these attacks means that they may always need software fixes. Applications that try to build sandboxes—locked-down environments used for running potentially hostile code, such as JavaScript in the browser—will need to be examined and updated to provide robust protection against Spectre version 1.

Read 4 remaining paragraphs | Comments