Researchers bake malware protection directly into SSDs

I would not trust this.<p>What I would trust:<p>A backup medium (SSD or whatever) which only allows writes to empty space. Unless a switch is manually switched from &quot;write&quot; to &quot;update&quot;.<p>In &quot;write&quot; mode, it would only allow writing to empty space.<p>In &quot;update&quot; mode, it would allow writing everywhere.<p>I would leave it in &quot;write&quot; mode most of the time. For me, a typical SSD has enough space for years of incremental backups. If I should ever want to delete old backups, I would set it to &quot;update&quot; mode to do that and then set it back to &quot;write&quot; mode.

I really wouldn&#x27;t trust this if the hardware encryption on SSD&#x27;s is anything to go by. Microsoft actually defaulted Bitlocker to software encryption because the state of things were so bad.<p>I&#x27;m also wondering how the hashes will be kept up to date. Will it require a host program to communicate with the drive over a proprietary protocol? If so then that arguably makes this pointless, as obviously they&#x27;re only going to work on Windows.

As a matter of principle, I&#x27;m opposed to attaching even more computers outside the user&#x27;s control to supposedly &quot;personal&quot; computers.<p>In the pursuit of security (or just the excuse of it), more functionality is being given to opaque, locked systems (SSD firmware, management engines, etc.), instead of freedom-respecting solutions (there is no technical reason systems can&#x27;t be fully open-source, with user-controlled cryptographic keys, and a tamper-evident mechanism as some smartphones already have - i.e. a &quot;bootloader unlocked&quot; warning message).<p>This moves power away from users and to the manufacturers, contributes to the jenga-tower of technical complexity, <i>and</i> eventually worsens security, once vulnerabilities in these systems are inevitably found:<p><a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Intel_Management_Engine#Security_vulnerabilities" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Intel_Management_Engine#Securi...</a>

How would it ever work without the companion software? One of the motivation is that users don&#x27;t install anti-ransomware software, but they do have to install this companion software that is effectively anti-ransomware, don&#x27;t they?<p>I don&#x27;t see the appeal compared to a fully software-based solution.

Cool, where&#x27;s the source code? Oh, right. No, thank you.<p>Much more interesting you can run Linux on HDD firmware of 2013 [1]. That would allow you to implement such yourself.<p>[1] <a href="https:&#x2F;&#x2F;spritesmods.com&#x2F;?art=hddhack" rel="nofollow">https:&#x2F;&#x2F;spritesmods.com&#x2F;?art=hddhack</a>

Detecting and&#x2F;or preventing encryption might be useful, but since recent ransomware also downloads sensitive data files and uses the threat of disclosure to force payment, the encryption is only part of the problem.

While interesting, I would never buy such an SSD due to the performance hit.

Believe Cigent claims to do something in the same vein<p><a href="https:&#x2F;&#x2F;www.cigent.com&#x2F;cigent-secure-ssd" rel="nofollow">https:&#x2F;&#x2F;www.cigent.com&#x2F;cigent-secure-ssd</a>

To cause complete data loss does not need much data to be written. I&#x27;m wondering how firmware can distinguish legitimate and malicious ones.

Alternative headline: Researchers do not know that FDE exists.