Problems persist with processor security vulnerabilities

Jan. 10, 2018

Problems persist with respect to the recently publicized processor security vulnerabilities. Zeynep Tufekci in The New York Times reports, “The news prompted a rush of fixes, ruining the holiday vacations of systems administrators worldwide.”

One of those fixes seems to have missed the mark. AMD had claimed its processors were largely unaffected by the vulnerabilities, but The Wall Street Journal is reporting that some users found their AMD-powered computers unusable after applying the latest Windows security patches.

The Journal quotes Microsoft as saying “…some AMD chipsets do not conform to the documentation previously provided to Microsoft.” An AMD spokesperson replied, “Microsoft has access to our processor architecture documentation, which is essentially what is needed, and we have been engaged regularly in engineering meetings to assist since this was disclosed,” according to the Journal.

Robert McMillan and Ted Greenwald at the Journal quote Patrick Moorhead, an analyst with Moor Insights & Strategy, as saying, “It wouldn’t be the first time a Windows update had an issue. But it’s obviously not a positive thing.”

Tufekci, an associate professor at the School of information and Library Science at the University of North Carolina, says the ordinary computer user can’t do much but keep applying the latest software updates and perhaps install an ad blocker to protect against ads that carry malware. (Tufekci last year commented on the downside of upgrades.)

However, she continues, for “…a citizen of the world in which digital technology is increasingly integrated into all objects—not just phones but also cars, baby monitors, and so on—it is past time to panic.”

Tufekci contends we have built the digital world too rapidly, constructing layer upon layer, sacrificing security for speed and memory space. The early layers, she writes, “…are now emerging as enormous vulnerabilities.”

She likens speculative execution to an attentive butler, pouring you a second glass of wine before you knew you were going to ask for it. Should you not want that second glass, the butler discards it. There will be some waste, but “in the long run, as long as the overall amount of time gained by anticipating your needs exceeds the time lost, all is well.

“Except all is not well, Imaging that you don’t want others to know about the details of your wine cellar. It turns out that by watching your butler’s movements, other people can infer a lot about the cellar. Information is revealed that would not have been had the butler waited for each of your commands, rather than anticipating them.”

Recent attempts for fortify our computing systems may work for now, she writes, but they may be two late. She notes that three independent teams converged on the Spectre and Meltdown flaws, and less responsible actors may have already found these flaws and exploited them.

Tufekci advises building more isolation and separation into systems, moving security to properly audited hardware, possibly sacrificing speed for security. “But the truth is that our computers are already quite fast,” she writes. “When they are slow for the end user, it is often because of ‘bloatware”: badly written programs or advertising scripts that wreak havoc as they try to track your activity online. If we were to fix that problem, we would gain speed (and avoid threatening and needless surveillance of our behavior).”

Sponsored Recommendations


To join the conversation, and become an exclusive member of Electronic Design, create an account today!