Win-9x and meltdown vulnerability

[Nomen]

I don't know if there's a thread anywhere on MSFN discussing the recent Meltdown and Spectre CPU-related vulnerabilities, but I thought I'd post here a question about how this might affect (or not) win-9x/me.  Would code (ie - code typically executed by or in a browser) be able to perform Meltdown memory-scanning activities on a 9x system?

 

 

[Dibya]

My answer is big no

[Tripredacus]

General thread in Technology News:

http://www.msfn.org/board/topic/177345-cpu-kernel-page-table-isolation-bug-disclosure/

 

[rloew]

The Meltdown vulnerability is not an issue for Windows 9x because Kernel Memory was never protected in the first place. Only the Page Tables and maybe a few other areas are protected.
Windows 9x was never secure with respect to the Kernel.

The Spectre vulnerability is more relevant as it gives interprocess access that is not available to Meltdown. Windows 9x does not map "all" Physical RAM as does Linux according to the published articles.

I don't know how hard it is to use these vulnerabilities through a Browser.

[Destro]

no

[Nomen]

On 1/6/2018 at 12:04 AM, rloew said:

The Meltdown vulnerability is not an issue for Windows 9x because Kernel Memory was never protected in the first place.

That's what I figured.  So why wasn't everyone running around back in 2000 - 2006 screaming that hackers were going to be stealing passwords from win-9x kernel memory  back then?   For a typical single-user windoze system (9x or NT) - what's in the kernel ram that is such a big deal to get your hands on?

In the bigger picture, what does this say about the whole concept of having a separate admin (or root) access level vs user-level access to a system (again, thinking only of single-user, non-enterprise systems)?  Given all the hundreds of ways that separation has been shown to be faulty (on Windows NT systems) over the years, what has that basic design idea actually accomplished in the windows PC world?  I know it has led a a great deal of frustration (you don't have the rights or permissions to do this or that) so what did users get in return?  Looks more and more like nothing.

[rloew]

There are a number of reasons:

1. Hackers weren't as sophisticated then. There weren't many ways to monetize their hacks so they mostly did it for boasting rights. States and organized crime were not involved as much.
2. Windows 9x was never promoted as a business OS so users were not particularly juicy targets.
3. In 9x Passwords are mostly in User Space so they don't appear in Kernel Space very often. Only 64-Bit OSes can map the entire Physical Space (including all User Spaces) into Virtual Memory.
4. Windows 9x was never secure, new hacks were never needed. The Thread Context hack has been around a very long time. I have found a few more that are easier to use.

For a single user, the advantages are more limited. Level based access does reduce the impact of bugs. Higher levels of security also protect against many kinds of mistakes but also cause higher levels of frustration.

This is probably the biggest reason why I develop using 9x. I can write code with less effort and debugging is far easier when the OS is not fighting me tooth and nail.
I can then port the code to other OSes, with much less debugging needed, if I choose to do so.