News Tested: Default Windows Setting Slows Games Up to 10%, Even on RTX 4090

[bit_user]

If a website has code that's trying to sniff out data, and your browser allows that, it's a browser problem right at the start, not an OS memory integrity thing.

Relying on a single layer of security is notoriously unreliable. Remember good ol' Spectre? Tests have shown that the exploit could even be perpetrated via Javascript running in a browser. And if you understand what Spectre is, it's a way to infer the contents of the host system's memory, even to the point of being able to see inside another VM running on the same host.

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)#Remote_exploitation

Ideally, one wouldn't even use the same physical machine for online banking/investing/shopping and gaming. However, running them in separate VMs, or using features like VBI, should make Spectre-class exploits more difficult to pull off.

 

[JarredWaltonGPU]

Relying on a single layer of security is notoriously unreliable. Remember good ol' Spectre? Tests have shown that the exploit could even be perpetrated via Javascript running in a browser. And if you understand what Spectre is, it's a way to infer the contents of the host system's memory, even to the point of being able to see inside another VM running on the same host.

https://en.wikipedia.org/wiki/Spectre_(security_vulnerability)#Remote_exploitation

Ideally, one wouldn't even use the same physical machine for online banking/investing/shopping and gaming. However, running them in separate VMs, or using features like VBI, should make Spectre-class exploits more difficult to pull off.

Of course I know what Spectre and Meltdown and various other side-channel attacks are. The point is that websites even attempting to run code that sniffs out the contents of memory would be a massive issue in the first place. Like, no legitimate website should ever do that, unless it's a security site saying, "Test if Spectre works on your browser / system." I suppose a rogue advert could try and do that, but again, that would be a great way to get your ad company sued if it okayed such an ad. If you're searching for illegal software, movies, etc. where you might already get a trojan download, that's perhaps a bit different, but I don't have much sympathy for such "use cases."

I'd be very curious if there was ever a true Spectre virus / vector of attack used in the wild that succeeded. Because there's a difference between "theoretically possible and a proof of concept running in a specific environment," to "actually implemented and working in the real world." Spectre was, by definition, a very slow attack vector, on the order of kB per second leaking to a sophisticated attacker. Searching even 16GB of system RAM to try and find useful data (i.e. banking stuff) would mean running a rogue script for quite a while. And assuming it scanned a section of memory that had "useful" piece of data, it then needs to upload it somewhere. There are so many points of failure / points of detection.

Meltdown was pretty easy to implement. Spectre was far more complicated and much slower as well. Both were primarily a risk for virtualized environments, while personal PCs were mostly only at risk if they happened to visit a very unsafe website and then stay there for a while, letting the JavaScript run to scan memory. And considering the sophistication required, most malware places would just stick with the tried and true methods instead of attempting to figure out how to make Spectre work in the real world. I mean, you basically had to target a specific CPU, maybe a CPU architecture in general, but things like firmware, RAM, and other factors would likely come into play. Spectre is more for state-sponsored attacks than normal viruses, IMO. 🤷

 

[USAFRet]

I'd be very curious if there was ever a true Spectre virus / vector of attack used in the wild that succeeded.

I think the closest was here:
https://therecord.media/first-fully-weaponized-spectre-exploit-discovered-online

 

[bit_user]

websites even attempting to run code that sniffs out the contents of memory would be a massive issue in the first place. Like, no legitimate website should ever do that, unless it's a security site saying, "Test if Spectre works on your browser / system." I suppose a rogue advert could try and do that,

Rogue adverts are one possibility, although I hope most ad networks do a good job of scrubbing everything they distribute. Another is that a website is compromised and malware inserted into some of its content. Yet another is that someone does a web search and clicks on a site that is more sketchy than it seems - we've all been there - you can't always tell 100% of the time.

Spectre was, by definition, a very slow attack vector, on the order of kB per second leaking to a sophisticated attacker. Searching even 16GB of system RAM to try and find useful data (i.e. banking stuff) would mean running a rogue script for quite a while.

Successful exploits involve knowing where to look; not scanning. That's why one of the mitigations some have adopted is address layout randomization. I'm not sure if Windows does that, but Linux now has it as a kernel feature.