Welcome to WebmasterWorld Guest from 54.242.115.55

Forum Moderators: open

Malicious Code on Intel Processors Can Run Out Of Reach of Antivirus Software

     
4:40 pm on Feb 13, 2019 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 9, 2000
posts:25900
votes: 871


The latest news coming from researchers that discovered Spectre vulnerability [webmasterworld.com] is a way to run malicious code out of reach of antivirus software. As part of Intel's feature of SGX (Software Guard eXtensions) on Skylake processors, it allows programs to compile enclaves where the code and data are protected for confidentiality and integrity.

The researchers are using that robustness for nefarious purposes and considering the question: what happens if it's the code in the enclave that's malicious? SGX by design will make it impossible for antimalware software to inspect or analyze the running malware. This would make it a promising place to put malicious code.

[arstechnica.com...]

Malicious Code on Intel Processors Can Run Out Of Reach of Antivirus Software
4:51 pm on Feb 13, 2019 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:9233
votes: 780


Better mousetraps frequently create better mice.
5:13 pm on Feb 13, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts: 2866
votes: 158


Did they not see this coming? Or are they more concerned with pleasing their cloud and DRM partners than protecting end customers security?

Is it possible to disable SGX?