Jump to content
Sign in to follow this  
verdy_p

MBAE can't start due to Memory Integrity

Recommended Posts

I also cannot start MBAE. I uninstall MB and reinstalled, but apparently this is caused by the Virtual Memory protection in Windows 10, which is now ENABLED by default, but that CANNOT be disabled (and I think it is a bad idea to ask your users to disable it, as it is already an antimalware protection built in Windows core).

MBAE is then not working at all and now needs a patch, if it needs this to be off to install its own version instead of the Windwos module enabled by default to do the same thing (memory protection is enabled no by default as a protection against time-based attacks like Meldown/Spectre that can bypass memory/process protection and isolation in virtualization by using high-performance timer metrics and get measurable and predictable results about the state of other processes or even virtual machines on the same host, by trying to force them to react to some events in side channels, and cause significantly measurable differences on performance mesured in the isolated VM, such as Javascript isolated in a browser session)

The Spectre/meldown issue is very complex, and the only solution to prevent it in long term will be that the core OS to implement securely randomized response time in their high performance timers, but without breaking their monotony and without affecting the performance for realtime and synchronized contents, notably for audio/video synchronization, or synchronization of rendered frames and user input in games, or smooth scrolling in browsers). Another solution will be to force some processes or thread to switch to other CPU cores randomly or use one of the many GPU cores and dynamically adjust their performance with more randomization. The randomization of memory spaces in VMs is not sufficient, we'll also need secure randomizers, and this requires increasing the bitrate of entropy providers (which are is most PCs very slow to generate enough entropy on demand, meaning that to get faster random numbers, they need to complement the bitrate using pseudo-random generators that are generally very unsecure and very predictable with attacks like Spectre/Meldown capable of knowing their current state).

I think that Malware bytes should work with Microsoft to provide better PRNG that can use more sources of entropy and have really secure implementations (the basic PRNG using simple modular arithmetic, generally by a single multiplication with a known prime number, is bad). We need that Windows provides a good source of randomness, and separate instances of random number generators, separate PRNG sequences for separate processes and separate VMs and strong drivers in the core to collect many more sources of entropy with higher bitrates; CPU are too limited in their builtin source of entropy (the old entropy sources based on mouse/keyboard or harddisk spinning are really too slow), but GPUs offer many more entropy sources and probably we should have entropy sources from mainboard bridges, temperature sensors, webcams noise, noise from unused audio inputs, noise from power sources and amplifiers, noise from unused radio sensors, light sensors, magnetic sensors; secure professional or military solutions should be absle to use very fast entropy sources such as radioactivity decay, laser stabilizers, electronic accelerators, electron beams, tunnel amplication diodes, X ray detectors, instability of solar rays through the atmosphere, every kind of random that was causing already what we just saw as "snow" on analog TV cause caused by various instabilitilities...).

PCs will probably need fast GPU-like chips to generate high bit rate of entropy by securely combining many entropy sources using strong algorithms.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.