Intel bug incoming? Meltdown and Spectre exploits

[beany_bot]

Im just going to take my chances till Ryzen 2 comes out. CBA updating BIOS. I hate doing it.

 

[JasonM]

I'm still a little confused as to what can be gained from the exploites, I thought passwords etc where encrypted?

They are when stored on database or sent over a network but not when inside the internal memory of a computer process reading them. This vunerability allows a rogue process to access the internal computer memory of another process, so in theory unencrypted data could be stolen.

 

[ltron]

This could roll on for decades...

According to the register https://www.theregister.co.uk/AMP/2018/01/05/spectre_flaws_explained/ only Skylake and newer will require a BIOS update to mitigate against Spectre 2. Older CPUs will rely on just the kernel countermeasures. Whether this is because they can't be bothered to fix older CPUs fully due to cost or time or they genuinely don't need it, I don't know.

 

[jigger]

Intel PR, if it has not already will go into absolute overdrive putting out fires now, i expect the internet about to be flooded with benchmarks apparently showing no performance penalties, no real security flaws and general "everything is super at Intel, nothing to see here" articles going up in the next few days.

Who really cares if the fixes slows performance though? I would much rather have Intel talk about how they are going to commit to making all their systems secure as advertised. Plus it's going to take years to see what effect the updates have on performance.

 

[ltron]

I just heard about this and unfortunately know very little about computer/network security (although probably a lot more than the average Joe.

I bought an i7 8700k in December for my gaming rig - will the software patch that would impact it's performance have already been installed? I noticed an 8% drop in BF1 fps recently, but I assumed this was as a result of a BF1 patch. I'd rather not install the patch, all I really care about with this rig is gaming performance. There's no data on there that I'd care about if it was accessed. Is it possible to avoid installing the performance hindering patch? (Or uninstall it if it has already been installed?)

Also, would having a secure VPN running constantly nullify the vurnerability or not?

All of my personal data is on my server which I will of course install all the fixes on.

I've noticed no difference in gaming frame rates on an I7 5820K even in CPU heavy games. I haven't tested bf 1 yet, but hardware unboxed did and found no difference. The performance hit is more for server workloads so far. You have nothing to worry about.

 

[humbug]

Who really cares if the fixes slows performance though? I would much rather have Intel talk about how they are going to commit to making all their systems secure as advertised. Plus it's going to take years to see what effect the updates have on performance.

Doesn't anyone care about performance? why spend 2x as much money on a CPU if its not for 10 or 15% performance?

 

[jigger]

Well yeah, but you could offer me a chip 100x performance of anything on the market and I still wouldn't buy with these bugs. It's worthless.

 

[DragonQ]

Possibly doable yourself if I'm reading the below correctly?
http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/

Interesting, I didn't know you could basically force Windows to side-load CPU microcode updates. I plan to try this tonight and see if the results from Get-SpeculationControlSettings change at all, that is assuming there are any microcode updates for Westmere-EP in the first place!

 

[beany_bot]

According to the register https://www.theregister.co.uk/AMP/2018/01/05/spectre_flaws_explained/ only Skylake and newer will require a BIOS update to mitigate against Spectre 2. Older CPUs will rely on just the kernel countermeasures. Whether this is because they can't be bothered to fix older CPUs fully due to cost or time or they genuinely don't need it, I don't know.

So my haswell doesnt? again. upgrading to AMD this year so meh.

 

[humbug]

Well yeah, but you could offer me a chip 100x performance of anything on the market and I still wouldn't buy with these bugs. It's worthless.

Its ok if they can fix it.

Speaking of why, this i a bug from 10 years worth of Intel CPU's, is everyone getting a BIOS update?

 

[beany_bot]

Well yeah, but you could offer me a chip 100x performance of anything on the market and I still wouldn't buy with these bugs. It's worthless.

It's not worthless. Because I would pay handsomely for a chip with "100x the performance of anything on the market" even if it had these bugs. One mans trash etc.

 

[LoadsaMoney]

So my haswell doesnt? again. upgrading to AMD this year so meh.

Hopefully,as im on Haswell-E 5930K, ive just been crapping while installing the windows update, so i'll be no good at all having to do a BIOS

It installed, and she booted back up fine btw.

 

[jigger]

It's not worthless. Because I would pay handsomely for a chip with "100x the performance of anything on the market" even if it had these bugs. One mans trash etc.

And what you do with this chip? Run it in quarantine?

 

[Randomface74]

And what you do with this chip? Run it in quarantine?

Yeah basically. I'd game on it and do everything else on another machine.
Loads of workplaces would love the extra performance for specific tasks, great for a video transcoding box for example.

 

[stockhausen]

...
Spectre variant 2: affects Intel and Arm cores. Pre-Skylake CPUs need a microcode update (so potentially a BIOS update) to help mitigate this.
...

Surely any BIOS update is simply going to be a "workaround" to cope with a CPU vulnerability (on which the microcode can't be changed) and this will have a performance hit (perhaps minor) over and above the OS fix?

I have recently build a number of systems based on either the i7 7700 CPU (released Q1 2017) or the i5 7600K CPU (released Q1 2017); I take it that they should NOT need a BIOS update?

As an aside - I wonder how Intel CPU sales are holding up at the minute?

 

[Armageus]

I have recently build a number of systems based on either the i7 7700 CPU (released Q1 2017) or the i5 7600K CPU (released Q1 2017); I take it that they should NOT need a BIOS update?

They will if available - I misread when I posted earlier (have now corrected), pre-Skylake will just receive OS updates, Skylake and later should be getting/need a Microcode update.

Surely any BIOS update is simply going to be a "workaround" to cope with a CPU vulnerability (on which the microcode can't be changed) and this will have a performance hit (perhaps minor) over and above the OS fix?

A workaround is all microcode updates are - hardware bugs exist in almost all CPUs ever made, microcode fixes them at a low software level.

As an aside - I wonder how Intel CPU sales are holding up at the minute?

Will have little to no impact I would imagine. At the end of the day if you need a new PC, then you need a new PC - you aren't going to hold off indefinitely to see if this all blows over.

 

[KiNgPiN83]

As an aside - I wonder how Intel CPU sales are holding up at the minute?

Businesses will probably think twice now as well as enthusiasts when speccing up their next upgrade but the average joe after a PC/Laptop is probably going to carry on buying regardless.

 

[jpaul]

Surely any BIOS update is simply going to be a "workaround" to cope with a CPU vulnerability (on which the microcode can't be changed) and this will have a performance hit (perhaps minor) over and above the OS fix?
.....
As an aside - I wonder how Intel CPU sales are holding up at the minute?

the spectre whitepaper indeed says they are workaround and would incur performance hits

The conditional branch vulnerability can be mitigated if speculative execution can be halted on potentiallysensitive execution paths. On Intel x86 processors, “serializing instructions” appear to do this in practice, although their architecturally-guaranteed behavior is to “constrain speculative execution because the results of speculatively executed instructions are discarded”
This is different from ensuring that speculative execution will not occur or leak information. As a result, serialization instructions may not be an effective countermeasure on all processors or system configurations. In addition, of the three user-mode serializing instructions listed by Intel, only cpuid can be used in normal code, and it destroys many registers. The mfence and lfence (but not sfence) instructions also appear to work, with the added benefit that they do not destroy register contents ....

I have not found material which says what 'mitigation' techniques are employed in these patches, but comments that games performance is not impacted does not seem suprising this would not be categorised as sensitive processes - no ?


Intel shares down 5% and media think board member recent sales of shares were suspicious

 

[pete910]

You Win users aware of this ?

https://www.reddit.com/r/intel/comments/7o5hbi/psa_windows_update_doesnt_automatically_activate/

Sorry if been posted, this thread has moved rather fast

 

[Chuk_Chuk]

Not sure if this has been mentioned, but i remember reading that a number of researchers came across one of the vulnerabilities almost at the same time. Is there potentially some sort of virus out there that already uses this?