Intel to release all Meltdown and Spectre patches before the end of January

So, what about people with CPUs older than 5 years? Middle finger and a FU from Intel?

 

From Intel with love :

 

Great... I hope i can be safe until i can get ryzen...

 

Is it gonna be chipset driver update? or bios update?

 

Same here. I use an "old" i7-3820 on an original Intel DX79TO board. It is 6 years old and already announced EOL on the Intel support website since 2014.

They will point you to a knowledgebase article which tells you to buy a new Intel system to circumvent the issue.
It leads to the same, but pointing to some KB article sounds better.

The changes need to be done by firmware modification, therefore a BIOS update is needed.
Depending on what to come, there could be a software / driver update, too. (MS patches are already available)
Quote from the benchmark article:

Another quote:

Source:
http://www.guru3d.com/articles-pages/windows-vulnerability-cpu-meltdown-patch-benchmarked,1.html

 

The bulk of Intel CPUs in use are probably Sandy & Ivy Bridge, which are before 5 years.

 

what if I just do nothing? I've ended all Financial transactions on this computer.

what's the worst that can happen?

 

In worst case some java code in browser makes you part of botnet. In case you do not run any external code, you are safe as OS is.
In other words, if you just play games, then you are safe till one of games is actually malware.

But considering there are huge botnets, you are more likely to be infected due to MS not patching some OS component.

 

I would correct you comment: neither Meltdown nor Spectre are vulnerabilities which help hackers to take ownership of your OS. Both are only about getting access to a memory.

 

Correct me if I am wrong, but if you are able to write to memory, you are able to inject code into it and run it, which is the same like you run a program from the harddisk. It won't survive a reboot in RAM, but when executed, it may write data (files) to the harddisk and those will stay after a reboot.

Today, you have soooo many possibilities to infect a computer, you cannot rule out it would be impossible to infect a computer using one (or both) of these two methods, Meltdown or Spectre to help you with.

 

I will correct you: I have not met mentions of write access in all Meltdown/Spectre descriptions. If you have then share the link, please.

 

Everything that on your memory can be read. Including passwords and all information you input in sites (credit card number, pin number, etc...)

 

This actually brings up something I tell a lot of people. In a world where a craptop could cost you literally $300 and still be 100% overkill for a machine dedicated to online banking, purchases ... anything where critical info is involved why not do exactly this? Keep this system locked down, use an alternate OS, keep it 100% updated, save 0 passwords ..... anything that might make a pain for general use but for being secure online is exactly what you want.

This makes it a lot easier trying to figure out how to handle security on your "fun" rig.

As far as what could happen, these exploits will make their way into existing compound exploit kits allowing them to attack from more angles. All in all the "bad guys" just got weapon upgrades. They will be able to gain easier/more access from more initial entry points.

Creating a botnet is always one of the major goals and can be used to everything from sending spam to creating artificial site traffic to up a sites price to mining crypto to DDoSing.

 

It seems Intel considers this to be a great opportunity for upgrades. *shifty eyes*

 

What do you exactly understand as "locked down"?

 

Obv. can't speak for him/her but I see it as:

- never visit sites other than your bank, PayPal etc. what you need to
- install firewall and AV software + anti-malware/spyware software with browsing protection (no perf. consideration needed)
- don't install Java or Flash if at all possible. AFAIK no financial transactions need either.
- keep the system offline when it's not necessary to access the Internet or update OS.
- never insert a single USB disk into the system other than OS installation media (if needed).

Absolutely foolproof? No. Very unlikely to get an infection? Yes.

 

That what you suggest isn't possible, you do realize that this flow or bug or whatever you want to call it doesn't have anything to do with software. This is hardware flaw , there is no software in existence that can protect you against this hardware flaw

 

Well I see why this certainly reduces the risk, but sadly I've seen many things happen in even such an environment that's hardly used at all.
You have lots of software on most systems that might be faulty in the first place, like keyloggers on laptops, broken windows updates, factory installed trojans, utility software that was injected with malware before it's even certified, or like we have now, basic hardware design flaws.

As long as you're connected to the internet, there sadly won't be a really safe system at all, I guess. That's why I was asking.
At least on the PC you have the most options and tools to take care of your own security if you have the knowledge and time, every other device is not that impressive. Yet most people use mobile apps for banking... I honestly don't trust those in the first place (and they are affected by Meltdown / Spectre too, aren't they? ARM chips?).

 

Yeah no way to be 100 % safe and mobile apps are just as if not more susceptible to harm.

I would never use a phone to access my bank account either. Especially now that these flaws were discovered (yep ARM chips are affected too).

I do enter PayPal login info via phone if necessary and while that's essentially access to my credit card should someone get the info, at least if compromised I don't need to close my credit card but just shut down the PayPal account.