FAQs
Frequently Asked Questions about Seculution Application-Whitelisting
Meltdown and Spectre
Can seculution protect against exploits for Meltdown and Spectre?
Meltdown and Spectre are the names for vulnerabilities affecting almost every computer chip manufactured in the last 20 years. The weaknesses are so basic and widespread that security researchers call them catastrophic. Therefore, these flaws are currently all over the press.
All forms of exploiting this vulnerability involve allowing a malicious program to gain access to data that it is not normally authorised to see. But it also means that the attacker must execute his malicious software on a secured system. Whitelisting protects in this case, because exploiting this vulnerability is always linked to the fact that the attacker gets his malware to run on the compromised system. This is exactly what seculution prevents. Therefore, the underlying gap may still exist, but the seculution security net wrapped around it does not allow the use of software that could exploit this gap
Can virus scanners protect against meltdown and spectre?
The interesting fact is that virus scanners, unlike whitelisting, cannot provide reliable protection. Unlike common malware, the exploitation of Meltdown and Spectre is difficult to distinguish from normal, benign applications. However, an antivirus program can detect malware that uses the attacks by comparing binary files after they become known. Until that happens, countless computer networks that are protected by virus scanners will have been infected.
The interesting fact is that virus scanners, unlike whitelisting, cannot provide reliable protection. Unlike common malware, the exploitation of Meltdown and Spectre is difficult to distinguish from normal, benign applications. However, an antivirus program can detect malware that uses the attacks by comparing binary files after they become known. Until that happens, countless computer networks that are protected by virus scanners will have been infected.
What is Meltdown and Spectre anyway?
Meltdown and Spectre exploit critical weak points in almost all modern processors. These hardware vulnerabilities allow programs to steal data that is currently being processed on the computer. While programs are usually not allowed to read data from other already running programs, a malicious program can exploit Meltdown and Spectre to access secrets stored in the memory of other programs. This includes passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre are present on PCs, mobile devices and in the cloud. Depending on the cloud provider's infrastructure, it is possible to steal data from other customers.
Meltdown:
Meltdown breaks through the most basic isolation between user applications and the operating system. This attack allows a program to access the memory and thus also the secrets of other programs and the operating system.
If your computer has a vulnerable processor and uses an unpatched operating system, it is not safe to work with sensitive information without leakage. This applies to both personal computers and the cloud infrastructure. Fortunately there are software patches against Meltdown.
Spectre:
Spectre breaks through the isolation between different applications. It allows an attacker to deceive error-free programs that follow best practices to reveal their secrets. In fact, the security checks of these best practices increase the attack area and can make applications more vulnerable to Spectre.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.
Meltdown and Spectre exploit critical weak points in almost all modern processors. These hardware vulnerabilities allow programs to steal data that is currently being processed on the computer. While programs are usually not allowed to read data from other already running programs, a malicious program can exploit Meltdown and Spectre to access secrets stored in the memory of other programs. This includes passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre are present on PCs, mobile devices and in the cloud. Depending on the cloud provider's infrastructure, it is possible to steal data from other customers.
Meltdown:
Meltdown breaks through the most basic isolation between user applications and the operating system. This attack allows a program to access the memory and thus also the secrets of other programs and the operating system.
If your computer has a vulnerable processor and uses an unpatched operating system, it is not safe to work with sensitive information without leakage. This applies to both personal computers and the cloud infrastructure. Fortunately there are software patches against Meltdown.
Spectre:
Spectre breaks through the isolation between different applications. It allows an attacker to deceive error-free programs that follow best practices to reveal their secrets. In fact, the security checks of these best practices increase the attack area and can make applications more vulnerable to Spectre.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate.