Reply to post: Re: Just kill ALL code in a browser.

Hate to ruin your day, but... Boffins cook up fresh Meltdown, Spectre CPU design flaw exploits

OldCrow
Holmes

Re: Just kill ALL code in a browser.

An OS where the user can't install random crap from a phishing email approaches Windows 10S or iOS in lockdown. Usability suffers as a consequence.

This is also wasteful. For protection from legal liability, it is sufficient that the machine can not be compromised without user error (i.e. user's assistance).

A likely path forward for Intel (et.al.) is to add a dedicated core with an "untrusted software" mode. This mode would disable speculative execution. Further, the operating system will have to be aware of these "untrusted processes / threads", so they can perform threat mitigations (that are now performed for all threads, sapping performance).

Of course, software such as browsers would have to support "untrusted execution" by declaring their javascript engine threads as such.

Anyone willing to make bets?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019