Intel CPU performance-loss by security-patch?!?

Discussion of anything and everything relating to chess playing software and machines.

Moderators: hgm, Harvey Williamson, bob

Forum rules
This textbox is used to restore diagrams posted with the [d] tag before the upgrade.
mar
Posts: 1992
Joined: Fri Nov 26, 2010 1:00 pm
Location: Czech Republic
Full name: Martin Sedlak

Re: Intel CPU performance-loss by security-patch?!?

Post by mar » Wed Jan 10, 2018 1:45 pm

Milos wrote:Yes it would have to be a malware, but problem is thanks to the general nature of exploit knowing how the exploit work would make it very easy to write millions of version of the malware that would all have different signatures effectively making it impossible for anti-malware developers to catch up to it.
AV devs have advanced a bit since the 90ies, there are emulators (heuristics) and behavioral engines, so no matter how you wrap the present, it still behaves the same
- of course nothing is perfect and this only works IF it doesn't generate many false positives and if the behavior is interesting enough to be detected this way.
Signature/heuristics works before the malware runs but behavioral engines detect after it runs so clean up/stopping is a bit more difficult, but if it works it can detect many flavors of the same thing.
There are more subtle things like vaccination (making a virus think it already infected the computer) and of course much more.

The best protection still is to avoid running untrusted SW.

syzygy
Posts: 4450
Joined: Tue Feb 28, 2012 10:56 pm

Re: Intel CPU performance-loss by security-patch?!?

Post by syzygy » Wed Jan 10, 2018 6:20 pm

mar wrote:
Milos wrote:Yes it would have to be a malware, but problem is thanks to the general nature of exploit knowing how the exploit work would make it very easy to write millions of version of the malware that would all have different signatures effectively making it impossible for anti-malware developers to catch up to it.
AV devs have advanced a bit since the 90ies, there are emulators (heuristics) and behavioral engines, so no matter how you wrap the present, it still behaves the same
I'm not so sure about that. The Meltdown and Spectre vulnerabilities can be exploited without making any systems calls, so there is not so much behaviour to detect.

mar
Posts: 1992
Joined: Fri Nov 26, 2010 1:00 pm
Location: Czech Republic
Full name: Martin Sedlak

Re: Intel CPU performance-loss by security-patch?!?

Post by mar » Wed Jan 10, 2018 10:29 pm

syzygy wrote:I'm not so sure about that. The Meltdown and Spectre vulnerabilities can be exploited without making any systems calls, so there is not so much behaviour to detect.
I was thinking along the lines that as a potential attacker, reading sensitive data is not enough - you have to transport it out somehow (this is what might be exploited),
that is unless you have direct access to the hardware

I'd personally worry more about Intel Management Engine, which is a potential huge backdoor.

Milos
Posts: 3387
Joined: Wed Nov 25, 2009 12:47 am

Re: Intel CPU performance-loss by security-patch?!?

Post by Milos » Wed Jan 10, 2018 10:36 pm

mar wrote:I'd personally worry more about Intel Management Engine, which is a potential huge backdoor.
That's the first thing I always disable in BIOS on any machine.
Main NSA backdoor for years.

APassionForCriminalJustic
Posts: 415
Joined: Sat May 24, 2014 7:16 am

Re: Intel CPU performance-loss by security-patch?!?

Post by APassionForCriminalJustic » Wed Jan 10, 2018 11:39 pm

syzygy wrote:
mar wrote:
Milos wrote:Yes it would have to be a malware, but problem is thanks to the general nature of exploit knowing how the exploit work would make it very easy to write millions of version of the malware that would all have different signatures effectively making it impossible for anti-malware developers to catch up to it.
AV devs have advanced a bit since the 90ies, there are emulators (heuristics) and behavioral engines, so no matter how you wrap the present, it still behaves the same
I'm not so sure about that. The Meltdown and Spectre vulnerabilities can be exploited without making any systems calls, so there is not so much behaviour to detect.
I believe that we're all just being paranoid.

syzygy
Posts: 4450
Joined: Tue Feb 28, 2012 10:56 pm

Re: Intel CPU performance-loss by security-patch?!?

Post by syzygy » Thu Jan 11, 2018 12:52 am

mar wrote:
syzygy wrote:I'm not so sure about that. The Meltdown and Spectre vulnerabilities can be exploited without making any systems calls, so there is not so much behaviour to detect.
I was thinking along the lines that as a potential attacker, reading sensitive data is not enough - you have to transport it out somehow (this is what might be exploited),
That is true and it is probably how the exploits will be detected. But for a lot of programs it is normal to communicate with some server.

Post Reply