That isn’t exactly what they said, but it’s pretty close. Here’s what they do say: A year with Spectre… When it was shown that JavaScript could be u
[See the full post at: Google’s JavaScript team: Spectre mitigation doomed to failure]
![]() |
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
SIGN IN | Not a member? | REGISTER | PLUS MEMBERSHIP |
-
Google’s JavaScript team: Spectre mitigation doomed to failure
Home » Forums » Newsletter and Homepage topics » Google’s JavaScript team: Spectre mitigation doomed to failure
- This topic has 18 replies, 11 voices, and was last updated 6 years ago by
anonymous.
AuthorTopicViewing 7 reply threadsAuthorReplies-
GoneToPlaid
AskWoody LoungerApril 23, 2019 at 12:19 pm #848238I have tried contacting several of the AV companies about my solution to detect any and all Meltdown and Spectre attacks, since such attacks require zero malware techniques**.
** Zero malware techniques in terms of implementation, yet not zero in terms of potential delivery methods to a target computer.
None of them responded since I was not willing to disclose my detection methods. Does anyone here work for an AV company who might see the value of being able to detect any variant of Meltdown, Spectre, BranchScope and Side Channel attacks, no matter what, such that until an attack is detected then all OS and BIOS mitigations can remain disabled for maximum CPU performance, and without allowing any confidential data escape from a computer? Needless to say, Intel and motherboard manufacturers would not be happy if this could be done, since all want to sell newer hardware. It is what it is.
-
jabeattyauditor
AskWoody LoungerApril 23, 2019 at 12:32 pm #848742None of them responded since I was not willing to disclose my detection methods.
In all fairness, that’s kind of like trying to sell a “guaranteed alchemy device” to a chain of jewelry stores without offering proof of functionality.
Spin up a server on a cloud platform, deploy your technology on it, and invite those same folks to try to side-channel their way in. Send them logs of their detected attempts, then collect your rewards.
-
warrenrumak
AskWoody Lounger
-
-
OscarCP
MemberApril 23, 2019 at 12:21 pm #848323So, according to the V8 experts, Spectrum it is one of those things that hang over our heads, but it is unclear what risk, if any, they present to us below and, as no one can do much in practice about them anyway, we are probably better off if we shrug them off and go on with our everyday lives. If they are right, then their advice is as good as it can be.
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV -
Bluetrix
AskWoody MVPApril 23, 2019 at 1:36 pm #851807I get the sneeky-pete feeling if and when Meltdown or Spectre is exploited it will be from a Nation-State entity that has the resources to do such. They will not just exploit it, but hang the albatross around an innocent bystander’s neck, then slip back into the darkness. Then again some person sitting in Mom’s basement in a bathrobe might beat them to it and be caught because they left a trail even a weak link could follow.
If they could dumb the language down enough it would make a so~so cyber-spy novel.
Mission Impossible XII? Hackers IV? Who am I kidding, movie rights are probably being negotiated as I type this.
-
-
Alex5723
AskWoody Plus -
Bluetrix
AskWoody MVPApril 23, 2019 at 1:42 pm #851997Wonder if Intel has fixed all Specter and Meltdown mitigations in its new 9th-gen CPUs announced to day.
From what I read here, Ice fails in that respect.
https://www.digitaltrends.com/computing/intel-ice-lake-wont-rid-spectre/ -
OscarCP
MemberApril 23, 2019 at 2:41 pm #854888Bluetrix,
I excerpt below a few paragraphs from the article you gave a link to, and that I think make the case that, as you think, this is more likely to be something to be exploited by national cyber military organizations against other nations’ critical infrastructures, rather than against users like us.
There are already other ways to get to individual users and small businesses, known to be effective enough, so launching such a sophisticated attack against any such a user may not be worth the bother.
This may change when there is an actual attack, most likely from one nation against another. Then chip makers and software developers will get motivated to put security above raw processing speed as a defining consideration. Until then, I suspect that being faster than the competition will get in the way of plugging this vulnerability in an effective way.
“The problem is that these fixes don’t go far enough. As far as Kocher [a security expert quoted in this article] sees it, Intel has no concrete plan for fixing Spectre variant one. The only proposed solution that he’s caught wind of pushes the problem onto software developers and asks them to input what’s known as an “LFENCE” command within an application every time there’s an “if” statement within its coding.”
“Worse still, Kocher believes that there is little in the future of CPU chip design at a variety of companies which will ward of these kind of speculative bugs. His view of the future sees many manufacturers using lots of speculative optimizations to further enhance performance, which leaves them vulnerable to these sorts of attacks.”
“The only silver lining to all this is that for the average person, Spectre and its fellow branch misdirection exploits are the least of our security worries. There are far easier ways for nefarious hackers to infiltrate systems. Malware and social engineering have been successful attack vectors for decades and that seems unlikely to change any time soon.”“Spectre and its contemporaries will likely remain a looming apparition over the CPU industry for years to come, and it’s something that bears remembering it exists. But if you want to improve your chances of avoiding being hacked, there are are certainly more things to worry about than any potential fixes Ice Lake might bring to the table.“
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV1 user thanked author for this post.
-
Bluetrix
AskWoody MVPApril 23, 2019 at 3:32 pm #857236“The only silver lining to all this is that for the average person, Spectre and its fellow branch misdirection exploits are the least of our security worries.
Correct me if I am wrong, but didn’t the breach of passwords and financial information from large data bases affect the “average” person. It seems to me this is where the little person falls between the cracks. Just because it is a conglomerate that most likely will be a target doesn’t mean we the ants won’t be affected, and for more reasons than I care to type.
I’m responding to your posted excerpt, not you personally. It doesn’t matter that my examples weren’t Spectre or Meltdown related, in the future it’s possible they may be responsible. -
OscarCP
MemberApril 23, 2019 at 4:29 pm #860270Bluetrix,
Sorry that I was not clear enough: I was referring as unlikely only to direct attacks against you, me and the guy next door and his small business. An attack on critical infrastructures, on the other hand, whether they belong to the government (military bases, water purification stations, traffic lights…) or are privately run (nuclear power stations, large telecoms, social networks, data vaults, …), that can badly affect the whole nation, or a good portion of it, can, of course, also affect us small-timers.
We are not going to be immune to the effects of such attacks; just not likely to be targeted individually for them. Which is already something good enough to feel at least a little better about, I think.
Recent events show that we might have reason to be concerned personally about, for example, personal data breaches in Facebook (even if we don’t have Facebook accounts, but other people that know us have put up our pictures, addresses, etc. in theirs).
Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).
MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV -
Bluetrix
AskWoody MVP -
Fred
AskWoody LoungerApril 24, 2019 at 3:02 am #892626To me it all underlines the kind of toolboxes that are (becoming) available for highlevel compromising computerized networks…. From Stuxnet invading nuclear plants in Iran to ordinary databasebreaches. The whistleblowers will be followed by many to come, I fear.
* _ ... _ *1 user thanked author for this post.
-
-
-
-
-
_Reassigned Account
AskWoody LoungerApril 23, 2019 at 2:32 pm #854463I felt like the solutions were cobbled together and rushed out and caused more issues then the Spectre/Meltdown threats that had yet materialized. So over hyped in so many ways that it was hard to tell the truth from the headline grabbers. Other then some flaky firmware releases I felt it was a non event.
-
anonymous
Guest -
PKCano
Manager
-
-
anonymous
Guest -
Fred
AskWoody LoungerApril 24, 2019 at 3:09 am #893025Maybe the Chrome/V8 team should have an easy to access JavaScript kill switch just in case Spectre and fiends become serious trouble.
5G networks compromized by ? …
* _ ... _ * -
anonymous
Guest
Viewing 7 reply threads - This topic has 18 replies, 11 voices, and was last updated 6 years ago by
-

Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Welcome to our unique respite from the madness.
It's easy to post questions about Windows 11, Windows 10, Win8.1, Win7, Surface, Office, or browse through our Forums. Post anonymously or register for greater privileges. Keep it civil, please: Decorous Lounge rules strictly enforced. Questions? Contact Customer Support.
Search Newsletters
Search Forums
View the Forum
Search for Topics
Recent Topics
-
Kevin Beaumont on Microsoft Recall
by
Susan Bradley
6 hours, 51 minutes ago -
The Surface Laptop Studio 2 is no longer being manufactured
by
Alex5723
7 hours, 58 minutes ago -
0Patch, where to begin
by
cassel23
2 hours ago -
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
by
Alex5723
21 hours, 36 minutes ago -
89 million Steam account details just got leaked,
by
Alex5723
9 hours, 21 minutes ago -
KB5058405: Linux – Windows dual boot SBAT bug, resolved with May 2025 update
by
Alex5723
1 day, 6 hours ago -
A Validation (were one needed) of Prudent Patching
by
Nibbled To Death By Ducks
21 hours, 7 minutes ago -
Master Patch Listing for May 13, 2025
by
Susan Bradley
8 hours, 15 minutes ago -
Installer program can’t read my registry
by
Peobody
3 hours, 12 minutes ago -
How to keep Outlook (new) in off position for Windows 11
by
EspressoWillie
18 hours, 54 minutes ago -
Intel : CVE-2024-45332, CVE-2024-43420, CVE-2025-20623
by
Alex5723
1 day, 2 hours ago -
False error message from eMClient
by
WSSebastian42
1 day, 17 hours ago -
Awoke to a rebooted Mac (crashed?)
by
rebop2020
2 days, 2 hours ago -
Office 2021 Perpetual for Mac
by
rebop2020
2 days, 3 hours ago -
AutoSave is for Microsoft, not for you
by
Will Fastie
1 day ago -
Difface : Reconstruction of 3D Human Facial Images from DNA Sequence
by
Alex5723
2 days, 7 hours ago -
Seven things we learned from WhatsApp vs. NSO Group spyware lawsuit
by
Alex5723
1 day, 8 hours ago -
Outdated Laptop
by
jdamkeene
2 days, 12 hours ago -
Updating Keepass2Android
by
CBFPD-Chief115
2 days, 17 hours ago -
Another big Microsoft layoff
by
Charlie
2 days, 17 hours ago -
PowerShell to detect NPU – Testers Needed
by
RetiredGeek
14 hours, 58 minutes ago -
May 2025 updates are out
by
Susan Bradley
32 minutes ago -
Windows 11 Insider Preview build 26200.5600 released to DEV
by
joep517
2 days, 23 hours ago -
Windows 11 Insider Preview build 26120.3964 (24H2) released to BETA
by
joep517
2 days, 23 hours ago -
Drivers suggested via Windows Update
by
Tex265
2 days, 23 hours ago -
Thunderbird release notes for 128 esr have disappeared
by
EricB
19 hours, 35 minutes ago -
CISA mutes own website, shifts routine cyber alerts to X, RSS, email
by
Nibbled To Death By Ducks
3 days, 6 hours ago -
Apple releases 18.5
by
Susan Bradley
3 days ago -
Fedora Linux 40 will go end of life for updates and support on 2025-05-13.
by
Alex5723
3 days, 7 hours ago -
How a new type of AI is helping police skirt facial recognition bans
by
Alex5723
3 days, 8 hours ago
Recent blog posts
Key Links
Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.
Mastodon profile for DefConPatch
Mastodon profile for AskWoody
Home • About • FAQ • Posts & Privacy • Forums • My Account
Register • Free Newsletter • Plus Membership • Gift Certificates • MS-DEFCON Alerts
Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.