-
Competitor rules
Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.
Another Intel CPU vulnerability
- Thread starter Wommers
- Start date
Permabanned
you need to disable hyper threading.. to be 100% safe.
if you PC is a home PC and not part of a work network i cant see you having problems so just keep using it. i will not be turning of HT on my system or mum's. if a hacker want to see photos of my ass in alcudia or would like to play BF-V then my system is the one to hack.
i dont live online so have no fear of my system been hacked in any ways.... NOW my phone... then i would have problems
Associate
- Joined
- 21 Sep 2018
- Posts
- 895
Just make sure your pc is up to date in bios, drivers, and OS. If you use it for work and access sensitive data, then disabling Hyperthreading will help protect. Max pretty much covered it.
Associate
- Joined
- 21 Sep 2018
- Posts
- 895
delete
To use any of these vulnerabilities they first have to use an exploit to gain access and once a hacker has gained access if the Intel vulnerabilities didn't work they'd simply use another, or another until they've got one they need. So to protect yourself the advice is the same as it's always been, keep Windows up to date, run an up to date anti-virus (many good free ones out there, Kaspersky being one of them) and use common sense when using the internet. With the Intel vulnerabilities also make sure you are running the latest BIOS for your motherboard.
Otherwise sit back and enjoy your PC and try not to worry about it to much, there are far worse things on the internet than this set of vulnerabilities.
Otherwise sit back and enjoy your PC and try not to worry about it to much, there are far worse things on the internet than this set of vulnerabilities.
You forgot daily praying for no more vulnerabilities.
Though with Intel's interest in security of CPU design having been at same level as Boeing's interest for safety of 737 MAX that's likely futile hope...
I don't think it is as simple as that, antivirus is useless against this exploit and its hard to enjoy your hardware if you know it has a fault that can be exploited again anytime soon.
Do you need to do both to mitigate this vulnerability? These side channel exploits mostly rely on the predictive behaviour of hyperthreading.
Can't account for 40% alone. Even Intel didn't claim that in their wildest marketing.
How is an antivirus useless, you've still got to execute code on the target machine for this to be effective and if the AV has a definition to recognize the code it will be blocked? Also Kaspersky for instance have some mitigations built into their latest updates for certain vulnerabilities.
I'm not saying that an AV is the be and end all, there are certainly ways to obfuscate payloads to bypass an anti-virus but that is true for any malware and it's an continual game of cat and mouse between the security vendors and the malware writers.
Quoting from the exploiter's website https://zombieloadattack.com/
Can my antivirus detect or block the ZombieLoad attack?
While possible in theory, this is unlikely in practice. However, your antivirus may detect malware which uses the attacks by comparing binaries after they become known.
In other words to close the stable door after the horse has bolted
Soldato
Associate
- Joined
- 9 Jan 2019
- Posts
- 885
AV will help to some degree catching the malware that hides the main payload but of course is only a small part in it.
Bios update, windows updates, proper malware (paid for malwarebytes), proper virus checker (not some free crap most gamers use) and a decent browser should do the job for the now.
But make no mistake this will prob be weaponized at some point and pushed through compromised site or what not, not needing prior admin installed nasties and stuff.
I bet most gamers, heck most on this board wont care because... "well security dont affect me" or "thats a data centre or IT departments problem"
Wrong...wrong... wrong
Bios update, windows updates, proper malware (paid for malwarebytes), proper virus checker (not some free crap most gamers use) and a decent browser should do the job for the now.
But make no mistake this will prob be weaponized at some point and pushed through compromised site or what not, not needing prior admin installed nasties and stuff.
I bet most gamers, heck most on this board wont care because... "well security dont affect me" or "thats a data centre or IT departments problem"
Wrong...wrong... wrong
As a home user unless you are doing stuff like VMs, VPS, hosting database servers, etc. then all you really need to do is make sure you are using a browser with Spectre mitigations to close the main easy remote exploitation vector - anything else is basically the same as always as it will need some kind of dropper, etc. for any malware then using it to deploy - once a malicious program is able to execute on your PC it can even potentially go as far as reverting any updates, forcing HT back on via various BIOS manipulation techniques, etc. anyhow and there are far easier ways on a home user's PC to get to useful data than using these exploits (it is actually really hard potentially impossible to use them against a generic target - their main use is when an attacker has a specific target and a somewhat known environment they are attacking). The main vulnerabilities for these exploits come from if you have something that someone will craft and attack you specifically for i.e. commercial secrets or government organisations, etc.
Soldato
- Joined
- 7 Dec 2015
- Posts
- 3,034
Did they not disable SMT on Ryzen as well?
Soldato
Permabanned
no there is no need AMD are not affected, Mahahaha