hngopher.com

       [HN Gopher] New SSDs Have Built-In Protection Against Ransomware...
       ___________________________________________________________________
        
       New SSDs Have Built-In Protection Against Ransomware, Data Theft
        
       Author : dragonmost
       Score  : 20 points
       Date   : 2021-05-20 20:16 UTC (2 hours ago)
        
 (HTM) web link (www.tomshardware.com)
 (TXT) w3m dump (www.tomshardware.com)
        
       | blibble wrote:
       | so if they become common the ransomware will change to encrypting
       | the data slowly, transparently decrypting on the fly until it's
       | finished?
        
       | duskwuff wrote:
       | This is incredibly dumb. SSD firmware exists at entirely the
       | wrong level to protect against threats like ransomware or data
       | theft -- it cannot identify what application is performing disk
       | accesses and what data is being accessed, know whether that
       | access should be authorized, or display prompts to the user to
       | determine whether a given access should be allowed. All of these
       | things are only possible in software.
       | 
       | My money says that their "dynamic data defense engine" is
       | functionally independent of the SSD, and only requires their
       | branded SSD to be installed as a licensing dongle. Describing
       | this as a feature of the SSD is entirely a marketing ploy. And,
       | because hardware companies are generally not very good at making
       | decisions about software, the software they're bundling is
       | probably less effective than a standalone security suite would
       | have been.
        
         | jdsully wrote:
         | It's actually a great place to perform some types of
         | mitigations (I'm not sure if these are done by this specific
         | product though). Here's an example:
         | 
         | A ransomware attack will rewrite large sections of the drive.
         | Initial phases aren't distinguishable from things like updates
         | but as it progresses the intent becomes more clear. An SSD can
         | leave a ring buffer of old blocks around and transparently
         | revert back if an attack is discovered.
         | 
         | You could also do this as part of the filesystem, but the SSD
         | already has to perform wear levelling and so is quite adept at
         | transparently remapping blocks. It also has the benefit of
         | hardware acceleration in the controller. It's not necessarily a
         | bad place to implement the recovery.
        
           | rasz wrote:
           | "large sections of the drive" are virtual in SSD. Overwriting
           | a file doesnt mean rewriting same sectors, and once system
           | TRIMs a piece of disk it stops existing. For this to work
           | Disk device would have to understand file systems, be able to
           | decode NTFS etc.
        
       | tedunangst wrote:
       | Nothing in this article explains how you access your data after
       | the drive decides to hide it from you?
        
       ___________________________________________________________________
       (page generated 2021-05-20 23:03 UTC)