• Competitor rules

    Please remember that any mention of competitors, hinting at competitors or offering to provide details of competitors will result in an account suspension. The full rules can be found under the 'Terms and Rules' link in the bottom right corner of your screen. Just don't mention competitors in any way, shape or form and you'll be OK.

Intel’s Newest Cascade Lake Chips Hit By New ‘Zombieload’ Flaw

Things change I've changed

Things change I've changed

Things change I've changed

Soldato
Joined
27 Jul 2005
Posts
13,049
Location
The Orion Spur
I'm done with Intel now, they've lost my support with all these security flaws, every month I watch my CPU losing more performance, I think I made a mistake grabbing an 8700 recently.

B450 Tomahawk Max + 3700x in my basket.

Can I use the DDR4 16gb 2400MHz that I already have or will that limit the performance of the 3700x too much?
 

TNA

TNA

TNA

Caporegime
Joined
13 Mar 2008
Posts
27,584
Location
Greater London
Things change I've changed said:
I'm done with Intel now, they've lost my support with all these security flaws, every month I watch my CPU losing more performance, I think I made a mistake grabbing an 8700 recently.

B450 Tomahawk Max + 3700x in my basket.

Can I use the DDR4 16gb 2400MHz that I already have or will that limit the performance of the 3700x too much?
Click to expand...
I would get minimum 3200MHz, ideally 3600MHz. They are super cheap right now anyways.
 

RavenXXX2

RavenXXX2

RavenXXX2

Soldato
Joined
6 Oct 2007
Posts
22,284
Location
North West
Intel Are done.


957e2ed05af6775e8fec05be50df132f0dc170bb88f4bb3980ff8c3fc9af2d9d.gif
 

Rainmaker

Rainmaker

Rainmaker

Soldato
Joined
18 Aug 2007
Posts
9,710
Location
Liverpool
Orange Nexus said:
Just disable Hyperthreading. Problem solved.
Click to expand...

This is factually true... But... I paid £500 for a binned 8700k from OcUK. Very shortly after, it transpired that I had to turn my i7 into an i5 by disabling HT in order to stay properly safe from the baked-in vulnerabilities I was sold. When I enquired about a refund from OcUK and Intel, curiously I didn't get a positive reply. I could have bought the i5 equivalent, saved a few £100 and still ended up with the same performance. What a joke. Luckily the 3950x is out today.
 

zx128k

zx128k

zx128k

Associate
Joined
9 May 2007
Posts
1,284
Rainmaker said:
This is factually true... But... I paid £500 for a binned 8700k from OcUK. Very shortly after, it transpired that I had to turn my i7 into an i5 by disabling HT in order to stay properly safe from the baked-in vulnerabilities I was sold. When I enquired about a refund from OcUK and Intel, curiously I didn't get a positive reply. I could have bought the i5 equivalent, saved a few £100 and still ended up with the same performance. What a joke. Luckily the 3950x is out today.
Click to expand...

If you run software like a game then you should be okay, the game has full access to anything anyway. If your are randomly browsing the internet and going to certain websites then its time to think about security. With certain websites its always time to think about security. The vulnerabilities will help with cracking games for example. Stealing your browser history and working out your location if you are using a vpn/tor.

For gaming, I would personal turn on HT but for internet browsing I would turn it off. For gamers, its not as big a deal as say, server admins.

I think this is not the fault of overclockers.co.uk. Normally in the USA you get class action lawsuits about these sort of things targeting the manufacturer.

------------------------------------------------------------------------------------------------------------
Intel proposes a solution called Group Scheduling, which will prevent processes from a separate trust domain from running on the same thread. The downside here is that this will undoubtedly prevent full thread utilisation within systems, reducing performance levels. If several programs don't trust one another it is likely that there will be threads that sit at idle, impacting load balancing and performance.

Another solution from Intel is to simply turn off hyperthreading, which will prevent attackers from inferring data through MDS. This is a surefire mitigation for affected systems, but undoubtedly one that will impact system performance.

Fixing these speculative execution issues isn't an easy process and there is no doubt that more vulnerabilities will be discovered over the next few years. It will likely take several years for Intel to fully address the risk of Speculative Execution attacks within their processors, and even then there is always the possibility that another exploit is waiting to be discovered.

AMD and ARM processors are unaffected by these MDA-class vulnerabilities.

https://www.overclock3d.net/news/cp...vulnerabilities_that_impact_hyper-threading/1

 
Last edited:

humbug

humbug

humbug

Caporegime
Joined
17 Mar 2012
Posts
47,662
Location
ARC-L1, Stanton System
zx128k said:
If you run software like a game then you should be okay, the game has full access to anything anyway. If your are randomly browsing the internet and going to certain websites then its time to think about security. With certain websites its always time to think about security. The vulnerabilities will help with cracking games for example. Stealing your browser history and working out your location if you are using a vpn/tor.

For gaming, I would personal turn on HT but for internet browsing I would turn it off. For gamers, its not as big a deal as say, server admins.

I think this is not the fault of overclockers.co.uk. Normally in the USA you get class action lawsuits about these sort of things targeting the manufacturer.
Click to expand...

Just turn off HT if you're online, trun it back on again if you're playing games, no biggie..... :D
 

dragonslayer

dragonslayer

dragonslayer

Associate
Joined
9 Jul 2012
Posts
694
Location
Nottingham
This will only get worse as well because people will actively be seeking new vulnerabilities makes you wonder how long these issues were actually known by people who would use them for stealing data like the Sony hacks that got all those PSN account details :D:D
 

zx128k

zx128k

zx128k

Associate
Joined
9 May 2007
Posts
1,284
humbug said:
Just turn off HT if you're online, trun it back on again if you're playing games, no biggie..... :D
Click to expand...

One option I guess if you want to feel a bit safer. Most people will not care and accept the risk. They bought the 9900ks because its the fastest gaming cpu in the world. Thus will never turn HT off or install patches that will reduce performance if it can be avoided. For the most part they will be fine.

If you are paranoid about your internet privacy, then you are really going to take an interest.
 

Rainmaker

Rainmaker

Rainmaker

Soldato
Joined
18 Aug 2007
Posts
9,710
Location
Liverpool
zx128k said:
If you run software like a game then you should be okay, the game has full access to anything anyway. If your are randomly browsing the internet and going to certain websites then its time to think about security. With certain websites its always time to think about security. The vulnerabilities will help with cracking games for example. Stealing your browser history and working out your location if you are using a vpn/tor.

For gaming, I would personal turn on HT but for internet browsing I would turn it off. For gamers, its not as big a deal as say, server admins.

I think this is not the fault of overclockers.co.uk. Normally in the USA you get class action lawsuits about these sort of things targeting the manufacturer.
Click to expand...

I don't game. I do, however, run concurrent VPNs, half a dozen virtualised WAN-facing servers, compile code and stuff like that though. So I'm very much impacted by the 'mitigations' and - as I said - my Core i7 became a Core i5 at twice the price after I'd bought it.
 

IT Troll

IT Troll

IT Troll

Soldato
Joined
15 Jun 2005
Posts
2,751
Location
Edinburgh
Please remember that these side channel vulnerabilities are only really of concern in a hosted multi-user environment. In those circumstances an attacker can prepare the environment and run arbitrary code without the victim being aware or compliant. This is covered in the above MDS video at the 7 min mark. This is unlikely to be the case for a typical home user.

If you are randomly browsing the internet and going to untrusted websites then of course you should think carefully about security. But any attack will not use side-channel methods. The payload will be something which is much more effective; a backdoor, ransomware, keylogger, or currency miner. There is no reason to use a side channel attack if you can get the victim to run your arbitrary code. The current top malware is a banking trojan and the top infection method is good old spam email. This is the area which hackers are investing their resources as it is much more productive than sampling a few bytes of data which may or may not be something of value.

Researchers have not been able to demonstrate a side-channel attack running within a modern browser. Partly because the browsers have their own mitigations and partly because you need system-level access to ensure the attack process runs on the same physical core as the victim process.

These Intel vulnerabilities are a serious concern in the right scenario. But home users really have no more to worry about than they should already worry about; regardless of what make their processor is.
 
You must log in or register to reply here.
Back
Top Bottom