Intel cpus suffering serious unfixable issue

Discussion in 'Lounge' started by tzzsmk, Jan 2, 2018.

  1. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,436
    Likes Received:
    3,571
    Location:
    Where the sun doesn't shine.
    Yes, Blorg, if you're using an Intel CPU with Windows and you're offline, you should be just fine. Also, you can stop the patch from being installed. But I simply wouldn't risk using Internet with any of these setups because malware/virus writers will make damn sure to exploit that security hole. So no Pornhub with Intel CPUs any more. :rofl: "no porn inside" :rofl:
     
    • Agree Agree x 2
    • Like Like x 1
    • List
  2. thantrax

    thantrax Audiosexual

    Joined:
    Feb 20, 2012
    Messages:
    2,593
    Likes Received:
    2,692
    Location:
    Italy
    From Woody Leonhard
    --------------------------------

    Windows 7 Monthly Rollup patch is out
    Posted on January 4th, 2018 at 20:03 woody Comment on the AskWoody Lounge

    The guesses were right. Late today, January 4, Microsoft released the usual Patch Tuesday Monthly Rollup for Windows 7.

    KB 4056894 2018-01 Security Monthly Quality Rollup for Windows 7

    I’m installing it right now on my “Group A” test Win7 machine, using Windows Update. The description only mentions the Meltdown-related patch. As far as I can tell, that’s the only fix for Win7 in January.

    No word yet on the Windows 8.1 Monthly Rollup. No word on whether we can expect another Win7 Monthly Rollup this month – but it seems unlikely.

    Windows Patches/Security
    January 2018 Black Tuesday
     
    Last edited: Jan 5, 2018
  3. Blorg

    Blorg Producer

    Joined:
    Jan 1, 2018
    Messages:
    356
    Likes Received:
    117
    Funny you should mention it. Googled
    [​IMG]
    and this shows up
    upload_2018-1-5_4-9-26.png
    :wink:
     
    • Funny Funny x 3
    • Winner Winner x 1
    • List
  4. synths4grins

    synths4grins Producer

    Joined:
    Aug 24, 2017
    Messages:
    156
    Likes Received:
    139
    It's important to know that these security flaws, Meltdown and Spectre, only allow malware to read certain memory locations. They can peek at your data, potentially passwords, credit card numbers, company secrets, etc. They can't write anything, and can't install malware or take over your system. It is essentially potential spy-ware only (but that's pretty bad). It is reported that a web page's javascript can implement this, so bad web sites might be able to spy into your memory, but they won't infect your system. There are plenty of other ways to do that anyway.:(
    Check this out for some good info:
    https://meltdownattack.com/
     
  5. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,436
    Likes Received:
    3,571
    Location:
    Where the sun doesn't shine.
    Thantrax, let us know how it went. I'm interested even though I only touch internet with Debian and it will get patched, too, anyway and it will have the same effect. I won't patch W7 on both of my computers no matter what. My desktop is AMD but my laptop is Intel and they both connect to the Internet with Debian. Shame my laptop will get slower with Internet and for regular activities with Linux. :sad:
     
  6. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,739
    Likes Received:
    2,295
    Location:
    Heart of Europe
  7. giancarlo

    giancarlo Producer

    Joined:
    Dec 27, 2015
    Messages:
    102
    Likes Received:
    135
    Spectre could be mitigated but not fixed. It is all about modern processor pipeline works.
    A new architecture for chaching is probably necessary. It's not even an easy fix.
    I'm surprised about official statements from several vendors, I don't see how they could not be affected.
     
  8. Von_Steyr

    Von_Steyr Guest

    IMO there is something sinister behind all of this. There is no logic behind it.
     
    Last edited by a moderator: May 7, 2018
    • Interesting Interesting x 2
    • Like Like x 1
    • List
  9. Piccolo

    Piccolo Newbie

    Joined:
    Sep 18, 2017
    Messages:
    8
    Likes Received:
    2
    The bad news according to all my tech bulletins is that it affects Intel, AMD and ARM processors. The advice currently is only download from authorised sites and adopt normal safe browsing/downloading procedures.
     
  10. boogiewoogie

    boogiewoogie Platinum Record

    Joined:
    Sep 15, 2012
    Messages:
    477
    Likes Received:
    196
    yeah, I never update my DAW Win10, use the original install 1511 version and disabled all updates.
     
  11. Blorg

    Blorg Producer

    Joined:
    Jan 1, 2018
    Messages:
    356
    Likes Received:
    117
    Intel, in collusion with AMD and ARM/SoC manufacturers, introduced a secret sinister flaw into their products, back in the 90s, in a dastardly ploy forcing us to buy products which they still do not make. A deft, albeit grossly unethical, business move.

    And they would have gotten away with it too, if it weren't for you ̶m̶e̶d̶d̶l̶i̶n̶g̶ ̶k̶i̶d̶s̶.
     
  12. thantrax

    thantrax Audiosexual

    Joined:
    Feb 20, 2012
    Messages:
    2,593
    Likes Received:
    2,692
    Location:
    Italy
    AMD?
    Until yesterday morning every tech source over the web was excluding AMD microprocessors because their architecture is different.
    What really happen?
     
  13. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,739
    Likes Received:
    2,295
    Location:
    Heart of Europe
    I guess people (news writers) started learning how computers work,
    if computers are designed the way processes are sharing memory pool (regardless of operating system), then the problem is valid across ALL computing devices, simple as that,
    the source of the risk is ability for ANY process to infiltrate ANY other process - Meltdown can read it, Spectre can modify it
    first one can be apparently fixed by restrictive hotfixes, as introduced by Apple (High Sierra 10.13.2, Sierra 2017-002 and El Capitan 2017-005) or Microsoft (KB4056892 - it's rushed, so may cause BSODs in combination with certain anti-viruses and other software), Linux distros are patched by various hotfixes as well
    second one cannot be easily fixed, practically requires new computer design (not just cpu) and kernel architecture (so new operating system literally from scratch), which is a matter of few years ahead
     
    • Interesting Interesting x 2
    • List
  14. thantrax

    thantrax Audiosexual

    Joined:
    Feb 20, 2012
    Messages:
    2,593
    Likes Received:
    2,692
    Location:
    Italy
    @tzzsmk

    So... Is Spectre the origin of a PCs Armageddon?
     
  15. Weasel

    Weasel Ultrasonic

    Joined:
    Jul 30, 2016
    Messages:
    30
    Likes Received:
    30
    No, @tzzsmk has no idea what he's talking about. Both exploits are read-only so they can only spy on you. Yes, that's bad, but nowhere near as bad as malware which can infect your system (because then, by definition, it can also spy on you).

    Meltdown applies only on Intel CPUs (that means also all Macs, gg) and it's the "worse" one because it can read kernel memory. Intel CPUs are affected because Intel don't do proper privilege checks when speculatively executing instructions, they thought it's not needed, they didn't realize exploiters can be this clever. I mean, it's part of the reason Intel CPUs are probably faster than AMD: every security check wastes power or performance. So they just tried to "shortcut" it here thinking it's not needed, but they were wrong. AMD implemented it by the book, so their processors are probably safe (well at least that's what they claim, I didn't reverse engineer an AMD CPU to prove this).

    Spectre, on the other hand, is an inherent flaw in the very principles of CPU designs, not Intel's fault. It applies to non-x86 CPUs with out of order execution as well (funnily, it doesn't apply on old Atoms because they have no speculative execution, so they're slow).

    There is no conspiracy here. If you know basics on how CPUs work you'd realize that it's simply something the CPU designers have never anticipated before. The exploits are extremely clever. They rely on timing attacks on information that would otherwise not be available.

    Modern CPUs execute multiple instructions in parallel and predict branches so that they don't have to wait until the result of the conditional branch is known. When they do this, they "speculatively" execute instructions, meaning they execute them but will discard them if the CPU predicted wrong. This is not just x86, ARM processors also do this (otherwise they'd be extremely slow).

    When out of order execution like this was designed, nobody thought you could exploit speculative execution like this. After all, the processor is supposed to discard ALL architectural state if it's proven wrong in a branch. Which is true and it does, but exploiters rely on "cache" timing attacks to extract information from the speculative execution.

    They poison the cache and force the branch predictor to predict it the way they want it to, then use a different input data to make it predict it wrong and this data will "speculatively access" a wrong part in memory that you design. The CPU will discard this data since it was predicted wrong, so that's fine, however now he can see whether or not the data he attempted is in the cache or not by reading his own specific memory and checking whether its access time is fast or not. He relies on cache timing to extract one bit of information this way. Now he has to flush the cache and make it branch several times in a row to predict wrong again then send another data to extract another bit.

    That's why the exploit can only read around 2KB per second of memory.

    There's no conspiracy. Just CPU designers who never thought this would be a way to extract information; it's way too clever. Not just Intel, ALL CPU designers, not just x86 either, got it wrong here.
     
    • Interesting x 3
    • Useful x 2
    • Like x 1
    • Agree x 1
    • Winner x 1
    • Love it! x 1
    • List
  16. thantrax

    thantrax Audiosexual

    Joined:
    Feb 20, 2012
    Messages:
    2,593
    Likes Received:
    2,692
    Location:
    Italy
    Ouch!

     
  17. tzzsmk

    tzzsmk Audiosexual

    Joined:
    Sep 13, 2016
    Messages:
    3,739
    Likes Received:
    2,295
    Location:
    Heart of Europe
    it appears each of us has different information (I stick to official resources such as this: https://meltdownattack.com ),
    I can not compeltely agree with what you wrote, perhaps this place isn't even a place for extensive discussion of such technically complex matter
     
  18. Gnib

    Gnib Producer

    Joined:
    Mar 29, 2013
    Messages:
    308
    Likes Received:
    145
    Location:
    Amsterdam
  19. j.cnnr

    j.cnnr Kapellmeister

    Joined:
    Nov 5, 2015
    Messages:
    67
    Likes Received:
    47
    I have tested my PC (Windows 10 Pro) with the Intel Detection Tool, just after applying the Microsoft fix (KB4056890) , and the test says that "This system is not vulnerable"
    I wonder if this result is because of applying the fix before, or if in fact my Intel i5 4460 Haswell processor is free of that defect? :unsure:

    P.D. I have uninstalled the Microsoft update (KB4056890) , and i have done the Intel test again, and it continues : "This System is not vulnerable"
    Does this mean that my system is not really vulnerable, or that this Detection Tool by Intel is just a joke?:rofl:
     
    • Interesting Interesting x 1
    • List
  20. thantrax

    thantrax Audiosexual

    Joined:
    Feb 20, 2012
    Messages:
    2,593
    Likes Received:
    2,692
    Location:
    Italy
    The Intel tool test result: "This system is not vulnerable".

    Weird. The KB 4056894 is for the Meltdown threat only (Windows 7 Pro/Ultimate).
     
    Last edited: Jan 5, 2018
Loading...
Similar Threads - Intel cpus suffering Forum Date
Apple moves to self produced ARM cpus for the Mac - Bye Bye Intel Computer Hardware Jun 22, 2020
New AMD ryzen cpus opinions; compared to old Intel? Computer Hardware Jun 6, 2017
Intel CPUs Turbo feature PC Sep 24, 2015
Bumpin a new intel CPU PC Dec 12, 2024
UAD Thunderbolt on AMD? Otherwise need to order Intel :( Computer Hardware Nov 26, 2024
Loading...