Reply to post:

Boffins promise protection and perfect performance with new ZeRØ, No-FAT memory safety techniques

Michael Wojcik Silver badge

As I noted in a comment on an article yesterday, not only is it impossible to prove that no attack of type X has been carried out using a microarchitectural exploit, it's impossible to even make any sensible statement about how likely it is. Microarchitectural information-disclosure attacks are not detectable in general without extensive and continuous scrutiny, and no one does that. So all such statements about "no evidence Spectre-class attacks have been used" are useless.

That said, you're correct that there's no reason to believe there's any association between microarchitectural attacks and ransomware.

But that said, these "memory safety" techniques appear (I haven't read the papers yet, and I'm not going to watch the videos; I hate those things) to have much broader application than thwarting information disclosure through microarchitectural side channels. In fact, my impression from the article is that's rather a peripheral benefit (and it's going to be limited) that's been touted for publicity.

But that said, improved memory safety could be a useful mitigation for a wide range of vulnerabilities, which means it could help reduce exposure to at least some of the current crop of exploits. It might even make anti-malware software more successful (there's nowhere to go but up with that rubbish), which could help with some kinds of attacks that require user intervention.

So the quote from Moore isn't completely irrelevant, just mostly.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon