In A Meltdown And Spectre World Is Digital Privacy Truly Dead?

Discussion in 'privacy general' started by Minimalist, Jan 9, 2018.

  1. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    7,715
  2. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,608
    Location:
    UK
    For BTI-Spectre, the "Retpoline" approach is discussed with selective application to OS and hypervisor implementations, which it claims is minimal performance impact, and used in Google's data centres rather than the more performance impacting OS+firmware mod. Changes are implemented by modified LVVM and GCC compilers, which implement the indirect branching used in this technique.

    https://support.google.com/faqs/answer/7625886
     
  3. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    502
    Location:
    Member state of European Union
    Google's data centres probably only use FOSS licensed software and custom written software - they have complete source code for everything. This means they can recompile every library and program binary used by them.
    Regular Windows user don't have these abilities, because most user software is closed source. Thus mitigating at OS+firmware level is the only option. Windows is not Gentoo Gnu/Linux ;)
     
  4. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,608
    Location:
    UK
    Well, there's nothing to stop MS adding these techniques to whatever compilers they use, and protecting their OS, hypervisor and browsers this way.

    Over time, I'd expect quite a few compiler switches/instructions to be appearing to support software mitigations of this kind, for Visual Studio too. Plus, hopefully coders will get cuter at minimising the exposure of secrets in RAM - there are already best practices associated with things like zeroing out secrets or using OS facilities to store secure strings etc. and these are likely not universally deployed(!)
     
  5. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    502
    Location:
    Member state of European Union
    Even with that a lot of 3-rd party commercial software projects for Windows are going to use old versions of compilers for years.

    Microsoft recompiling whole Windows OS and deploying to users? It might be possible with Windows 10 due to its update model, but for Win 7 and 8.1 I can't imagine that.
     
  6. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,608
    Location:
    UK
    @reasonablePrivacy - I think the notion is to protect particular critical modules or routines, not recompile the whole OS - even if possible, the testing would not be feasible. Probably do hypervisors and browsers too. They could be handled via a standard update or service pack. I agree the problem of orphaned or non-updated software/hardware will be with us for a very long time, the consequences not limited to this debacle. Interpreted languages might be in a better position to update ultimately than the compiled.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.