ReHIPS forum

English Subforum => ReHIPS => Topic started by: bootguardian on February 02, 2018, 02:22:39 PM

Title: Can ReHIPS protect against Meltdown/Spectre malware?
Post by: bootguardian on February 02, 2018, 02:22:39 PM
I'm assuming an up-to-date OS with all that implies, but no microcode update (most OEMs suck at this, especially for older systems). However, I hear Microsoft is going to use Google's Retpoline fix, so Windows machines may not require a microcode update after all?

So, assuming Microsoft applies all the necessary fixes on its side, will ReHIPS be able to contain even Meltdown/Spectre-vulnerable applications? I'm just trying to understand the level of protection ReHIPS offers in this situation.
Title: Re: Can ReHIPS protect against Meltdown/Spectre malware?
Post by: aDVll on February 02, 2018, 02:26:31 PM
Microsoft patched meltdown and spectre will be done by the cpu manufacturers. All mainstraim browsers are patched for both so no exploits can happen directly from them and rehips restricts applications running. So if you allow to run only safe applications you are pretty much protected with or without the patches but you would be crazy to risk it and not patch when available.
Title: Re: Can ReHIPS protect against Meltdown/Spectre malware?
Post by: fixer on February 02, 2018, 04:19:22 PM
I haven't dug into details of these vulnerabilities-based malware. But this security issue itself is a cross-OS bug (i.e. on Windows, Linux, etc.). So basically it's way lower than simple application level where ReHIPS operates. Of course ReHIPS mitigates this issue like any other one controlling processes and that kind of stuff, but there isn't much we can do about it to address it personally. It's like owning a floor in a building that has problems with its foundation and basement. We can harden the windows so noone falls out of them in case the building starts staggering. But if the whole building collapses because of its foundation, there is nothing we can do. And looks like even OS developers can't cover this problem 100%, they just add some mitigations and workarounds sometimes affecting performance.