Meltdown and Spectre are the names for vulnerabilities affecting almost every computer chip manufactured in the last 20 years. The weaknesses are so basic and widespread that security researchers call them catastrophic. Therefore, these flaws are currently all over the press.
All forms of exploiting this vulnerability involve allowing a malicious program to gain access to data that it is not normally authorised to see. But it also means that the attacker must execute his malicious software on a secured system. Whitelisting protects in this case, because exploiting this vulnerability is always linked to the fact that the attacker gets his malware to run on the compromised system. This is exactly what seculution prevents. Therefore, the underlying gap may still exist, but the seculution security net wrapped around it does not allow the use of software that could exploit this gap. Read more in our latest update (6/2018) on Meltdown and Spectre.
The interesting fact is that virus scanners, unlike whitelisting, cannot provide reliable protection. Unlike common malware, the exploitation of Meltdown and Spectre is difficult to distinguish from normal, benign applications. However, an antivirus program can detect malware that uses the attacks by comparing binary files after they become known. Until that happens, countless computer networks that are protected by virus scanners will have been infected.
Meltdown and Spectre exploit critical weak points in almost all modern processors. These hardware vulnerabilities allow programs to steal data that is currently being processed on the computer. While programs are usually not allowed to read data from other already running programs, a malicious program can exploit Meltdown and Spectre to access secrets stored in the memory of other programs. This includes passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre are present on PCs, mobile devices and in the cloud. Depending on the cloud provider's infrastructure, it is possible to steal data from other customers.
Meltdown breaks through the most basic isolation between user applications and the operating system. This attack allows a program to access the memory and thus also the secrets of other programs and the operating system.
If your computer has a vulnerable processor and uses an unpatched operating system, it is not safe to work with sensitive information without leakage. This applies to both personal computers and the cloud infrastructure. Fortunately there are software patches against Meltdown.
Spectre breaks through the isolation between different applications. It allows an attacker to deceive error-free programs that follow best practices to reveal their secrets. In fact, the security checks of these best practices increase the attack area and can make applications more vulnerable to Spectre.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent certain known exploits based on Spectre by software patches.
Even in its basic configuration, seculution protects against more potential dangers than any virus scanner could ever do. The patented whitelisting technology makes it possible to prevent even completely unknown malware from running. We have clarified the principle for you here.
However, the seculution solution is compatible with all common antivirus solutions if you wish to continue using them.
The whitelisting of applications/software, also known as application control, is based on the concept of only allowing software that is listed on a whitelist of known applications to run. In a network whose endpoints are secured by an application whitelist/application control solution, nothing can be executed that is not explicitly allowed.
The concept completely reverses the approach that virus scanners take almost 100% to protect a network today and offers an incomparably higher level of protection. Because traditional antivirus software always relies on knowing the malicious code it is supposed to block. See also seculution Antivirus.
To put it even more simply, everyone acts exactly according to the same functional principle at your front door. You only allow those into your house who have been listed as trustworthy on your own whitelist. Everyone else will not get through the door.
While the seculution Agent has a network connection to the seculution Server Appliance, requests are always sent to the Appliance. This enables a zero-second response time for changes. If the agent is offline, it accesses a locally stored and encrypted database. See also seculution Agent.
Good question. We do not understand either. Did you know us before you visited this website today?
A hash is a checksum that can be used to verify the integrity of data. Since the checksum, similar to a cross sum of a large number, changes as soon as only one bit in the source code of the file from which the hash was created is changed, you can use hashes to identify the checksum forgery-proof. The function of seculutions Agent Software is based on this property, which generates the hash of the program every time the program is started and automatically checks against the whitelist.
No. Querying a hash that is generated by the seculution Agent from the respective software takes only 30 ms. This is approximately the time that a ping needs. Because of this behavior and the very small package size, which is checked against the Server, seculution works in an extremely resource-conserving manner. If you compare this value with a heuristic live check of a Virus-Scanner, seculution is faster about a factor of 10,000. Yes, we know this is an apples and oranges comparison. But it gives an impression of the dimensions we are talking about.
The seculution Server contains the Whitelist you maintain and the associated rules for the contained objects.It is installed as a virtual machine in your network and you have full control over your data at all times. No usage data is transferred to the Internet. Your data will remain yours. Guaranteed.
The weaknesses found in the hash algorithms MD5 and SHA1 have no effect on the security of seculution since it is still not possible to generate a malicious software that has a predetermined hash. It is not possible to create a file that has the same hash as a software already contained in seculutions whitelist.
In the media SHA1 and MD5 are described as being "broken" because it is possible to generate collisions. A “collision” with respect to hashes means that you can create two different input files (file1 and file2) which after passing through the hash algorithm result in the same hash. However, it is not possible to influence the resulting hash in any way.
To perform an attack on the security offered by seculution , an attacker would have to create a file whose hash is already contained in seculution 's Whitelist (“pre-image” attack). A collision attack is about creating two different files which have the same non-determinable hash; A pre-image attack is about creating a file that has a specific, predefined hash. These are two completely cryptographically different tasks. Successful pre-image attacks are also not known with SHA1 and MD5.
The seculution-Cloud uses so-called trust levels to classify the trustworthiness of a hash. Each hash can be assigned a TrustLevel from 0 (= known malware) to 10 (= source code is known to seculution). TrustLevels are automatically created by the seculution-Cloud when importing hashes from sources known to be trusted.