Reply to post:

Meltdown/Spectre week three: World still knee-deep in something nasty


So far as I can see the only sure way out of this is to not use speculative execution. Welcome back to the Dark Ages of CPU architectures. Things will get very slow...

...or return to treating kernel protection as the accidental bug mitigation strategy it was intended to be rather than a security feature. If conventional malware gets onto one of my systems then it's already "game over" as far as I'm concerned (or at least I'm prepared to accept that premise), so the main remaining challenge is locking down interpreters that download crap over the internet without conventional installation procedures (principally, JavaScript engines).

There are plenty of processors (mostly microcontrollers) that have no concept of kernel protection or user access control. If the code is on the chip it has root/ring 0 access because that's the only sort that exists. That doesn't make them unusable, it just forces you to pay more attention to perimeter security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020