Meltdown and Spectre are the names for vulnerabilities affecting almost every computer chip manufactured in the last 20 years. The weaknesses are so basic and widespread that security researchers call them catastrophic. Therefore, these flaws are currently all over the press.
All forms of exploiting this vulnerability involve allowing a malicious program to gain access to data that it is not normally authorised to see. But it also means that the attacker must execute his malicious software on a secured system. Whitelisting protects in this case, because exploiting this vulnerability is always linked to the fact that the attacker gets his malware to run on the compromised system. This is exactly what SecuLution prevents. Therefore, the underlying gap may still exist, but the SecuLution security net wrapped around it does not allow the use of software that could exploit this gap.
The interesting fact is that virus scanners, unlike whitelisting, cannot provide reliable protection. Unlike common malware, the exploitation of Meltdown and Spectre is difficult to distinguish from normal, benign applications. However, an antivirus program can detect malware that uses the attacks by comparing binary files after they become known. Until that happens, countless computer networks that are protected by virus scanners will have been infected.
Meltdown and Spectre exploit critical weak points in almost all modern processors. These hardware vulnerabilities allow programs to steal data that is currently being processed on the computer. While programs are usually not allowed to read data from other already running programs, a malicious program can exploit Meltdown and Spectre to access secrets stored in the memory of other programs. This includes passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.
Meltdown and Spectre are present on PCs, mobile devices and in the cloud. Depending on the cloud provider's infrastructure, it is possible to steal data from other customers.
Meltdown breaks through the most basic isolation between user applications and the operating system. This attack allows a program to access the memory and thus also the secrets of other programs and the operating system.
If your computer has a vulnerable processor and uses an unpatched operating system, it is not safe to work with sensitive information without leakage. This applies to both personal computers and the cloud infrastructure. Fortunately there are software patches against Meltdown.
Spectre breaks through the isolation between different applications. It allows an attacker to deceive error-free programs that follow best practices to reveal their secrets. In fact, the security checks of these best practices increase the attack area and can make applications more vulnerable to Spectre.
Spectre is harder to exploit than Meltdown, but it is also harder to mitigate. However, it is possible to prevent certain known exploits based on Spectre by software patches.
SecuLution security-by-design approach already secures in default configuration against more potential dangers than any Antivirus solution ever could. The patented Whitelisting technology makes it possible to prevent even completely unknown malicious software from running. We illustrated the principle here here for you.
However, SecuLution is compatible with all current Antivirus solutions, if you want to continue using them.
The whitelisting of applications/software, also known as Application Whitelisting, is based on the concept of allowing only software that is whitelisted by known applications to run. In a network whose endpoints are protected by an Application Whitelist/Application Control solution, it can no longer run anything that is not explicitly allowed.
The concept completely reverses the approach taken with virus scanners today, almost 100% of which is used to protect a network, and therefore offers an incomparably higher level of protection. Because classical Antivirus software always depends on knowing the malicious code it is supposed to block. See also SecuLution Antivirus.
To put it even more simply, each of us acts at the doorstep according to exactly the same principle. You only let those in your house who are listed on your own whitelist as being trustworthy. All the others can't get through the door.
While the SecuLution Agent has a network connection to the SecuLution Server appliance, requests are always sent to the appliance. This allows a zero-second reaction time for changes. If the agent is offline, it accesses a locally stored and encrypted database. See also SecuLution Agent
Good question. We do not understand either. Did you know about Application Whitelisting before you read this today?
No. Querying a hash that is generated by the SecuLution Agent from the respective software takes only 30 ms. This is approximately the time that a ping needs. Because of this behavior and the very small package size, which is checked against the Server, SecuLution works in an extremely resource-conserving manner. If you compare this value with a heuristic live check of a Virus-Scanner, SecuLution is faster about a factor of 10,000. Yes, we know this is an apples and oranges comparison. But it gives an impression of the dimensions we are talking about.
The SecuLution Server contains the Whitelist you maintain and the associated rules for the contained objects.It is installed as a virtual machine in your network and you have full control over your data at all times. No usage data is transferred to the Internet. Your data will remain yours. Guaranteed.
The weaknesses found in the hash algorithms MD5 and SHA1 have no effect on the security of SecuLution since it is still not possible to generate a malicious software that has a predetermined hash. It is not possible to create a file that has the same hash as a software already contained in SecuLutions whitelist.
In the media SHA1 and MD5 are described as being "broken" because it is possible to generate collisions. A "collision" with respect to hashes means that you can create two different input files (file1 and file2) which after passing through the hash algorithm result in the same hash. However, it is not possible to influence the resulting hash in any way.
To perform an attack on the security offered by SecuLution, an attacker would have to create a file whose hash is already contained in SecuLution's Whitelist ("pre-image" attack). A collision attack is about creating two different files which have the same non-determinable hash; A pre-image attack is about creating a file that has a specific, predefined hash. These are two completely cryptographically different tasks. Successful pre-image attacks are also not known with SHA1 and MD5.
For technical questions about SecuLution in practice, please refer to our online documentation for a FAQ section:
Could not find your question in our FAQ? Just write us what you want to know, our support team will answer you as soon as possible.
Weekdays from 7am – 4pm