Intel to release all Meltdown and Spectre patches before the end of January

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Jan 9, 2018.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    31,336
    Likes Received:
    842
    GPU:
    AMD | NVIDIA
  2. RealNC

    RealNC Ancient Guru

    Messages:
    1,501
    Likes Received:
    133
    GPU:
    EVGA GTX 980 Ti FTW
    So, what about people with CPUs older than 5 years? Middle finger and a FU from Intel?
     
    HitokiriX, jaggerwild and 386SX like this.
  3. kruno

    kruno Master Guru

    Messages:
    243
    Likes Received:
    62
    GPU:
    4890/1
    From Intel with love :
    [​IMG]
     
    Silva likes this.
  4. Darkiee

    Darkiee Master Guru

    Messages:
    379
    Likes Received:
    17
    GPU:
    1080 Ti
    Great... I hope i can be safe until i can get ryzen...
     
    Silva and 386SX like this.

  5. sverek

    sverek Ancient Guru

    Messages:
    3,505
    Likes Received:
    329
    GPU:
    NOVIDIA -0.5GB
    Is it gonna be chipset driver update? or bios update?
     
  6. 386SX

    386SX Member

    Messages:
    40
    Likes Received:
    7
    GPU:
    ASUS GTX970 STRIXX
    Same here. I use an "old" i7-3820 on an original Intel DX79TO board. It is 6 years old and already announced EOL on the Intel support website since 2014. :)

    They will point you to a knowledgebase article which tells you to buy a new Intel system to circumvent the issue.
    It leads to the same, but pointing to some KB article sounds better. :)

    The changes need to be done by firmware modification, therefore a BIOS update is needed.
    Depending on what to come, there could be a software / driver update, too. (MS patches are already available)
    Quote from the benchmark article:
    Another quote:
    Source:
    http://www.guru3d.com/articles-pages/windows-vulnerability-cpu-meltdown-patch-benchmarked,1.html
     
    Last edited: Jan 9, 2018
  7. alanm

    alanm Ancient Guru

    Messages:
    7,461
    Likes Received:
    158
    GPU:
    1070 AMP!
    The bulk of Intel CPUs in use are probably Sandy & Ivy Bridge, which are before 5 years.
     
    rflair and Silva like this.
  8. airbud7

    airbud7 Ancient Guru

    Messages:
    5,071
    Likes Received:
    748
    GPU:
    MSI RX 480 ARMOR 4G OC
    what if I just do nothing? I've ended all Financial transactions on this computer.

    what's the worst that can happen?
     
  9. Fox2232

    Fox2232 Ancient Guru

    Messages:
    5,830
    Likes Received:
    81
    GPU:
    Fury X - XL2420T(Z)@144Hz
    In worst case some java code in browser makes you part of botnet. In case you do not run any external code, you are safe as OS is.
    In other words, if you just play games, then you are safe till one of games is actually malware.

    But considering there are huge botnets, you are more likely to be infected due to MS not patching some OS component.
     
  10. mbk1969

    mbk1969 Ancient Guru

    Messages:
    4,302
    Likes Received:
    366
    GPU:
    GeForce GTX 970
    I would correct you comment: neither Meltdown nor Spectre are vulnerabilities which help hackers to take ownership of your OS. Both are only about getting access to a memory.
     

  11. 386SX

    386SX Member

    Messages:
    40
    Likes Received:
    7
    GPU:
    ASUS GTX970 STRIXX
    Correct me if I am wrong, but if you are able to write to memory, you are able to inject code into it and run it, which is the same like you run a program from the harddisk. It won't survive a reboot in RAM, but when executed, it may write data (files) to the harddisk and those will stay after a reboot.

    Today, you have soooo many possibilities to infect a computer, you cannot rule out it would be impossible to infect a computer using one (or both) of these two methods, Meltdown or Spectre to help you with.
     
  12. mbk1969

    mbk1969 Ancient Guru

    Messages:
    4,302
    Likes Received:
    366
    GPU:
    GeForce GTX 970
    I will correct you: I have not met mentions of write access in all Meltdown/Spectre descriptions. If you have then share the link, please.
     
  13. sverek

    sverek Ancient Guru

    Messages:
    3,505
    Likes Received:
    329
    GPU:
    NOVIDIA -0.5GB
    Everything that on your memory can be read. Including passwords and all information you input in sites (credit card number, pin number, etc...)
     
  14. nosirrahx

    nosirrahx Active Member

    Messages:
    60
    Likes Received:
    20
    GPU:
    HD7700
    This actually brings up something I tell a lot of people. In a world where a craptop could cost you literally $300 and still be 100% overkill for a machine dedicated to online banking, purchases ... anything where critical info is involved why not do exactly this? Keep this system locked down, use an alternate OS, keep it 100% updated, save 0 passwords ..... anything that might make a pain for general use but for being secure online is exactly what you want.

    This makes it a lot easier trying to figure out how to handle security on your "fun" rig.

    As far as what could happen, these exploits will make their way into existing compound exploit kits allowing them to attack from more angles. All in all the "bad guys" just got weapon upgrades. They will be able to gain easier/more access from more initial entry points.

    Creating a botnet is always one of the major goals and can be used to everything from sending spam to creating artificial site traffic to up a sites price to mining crypto to DDoSing.
     
    airbud7 and lucidus like this.
  15. Embra

    Embra Master Guru

    Messages:
    426
    Likes Received:
    14
    GPU:
    Sapphire Nitro Fury
    It seems Intel considers this to be a great opportunity for upgrades. *shifty eyes*
     
    alanm and fantaskarsef like this.

  16. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    7,530
    Likes Received:
    263
    GPU:
    1080Ti @h2o
    What do you exactly understand as "locked down"?
     
  17. AsiJu

    AsiJu Ancient Guru

    Messages:
    4,240
    Likes Received:
    278
    GPU:
    EVGA 980Ti SC+
    Obv. can't speak for him/her but I see it as:

    - never visit sites other than your bank, PayPal etc. what you need to
    - install firewall and AV software + anti-malware/spyware software with browsing protection (no perf. consideration needed)
    - don't install Java or Flash if at all possible. AFAIK no financial transactions need either.
    - keep the system offline when it's not necessary to access the Internet or update OS.
    - never insert a single USB disk into the system other than OS installation media (if needed).

    Absolutely foolproof? No. Very unlikely to get an infection? Yes.
     
    airbud7 and fantaskarsef like this.
  18. kruno

    kruno Master Guru

    Messages:
    243
    Likes Received:
    62
    GPU:
    4890/1
    That what you suggest isn't possible, you do realize that this flow or bug or whatever you want to call it doesn't have anything to do with software. This is hardware flaw , there is no software in existence that can protect you against this hardware flaw
     
  19. fantaskarsef

    fantaskarsef Ancient Guru

    Messages:
    7,530
    Likes Received:
    263
    GPU:
    1080Ti @h2o
    Well I see why this certainly reduces the risk, but sadly I've seen many things happen in even such an environment that's hardly used at all.
    You have lots of software on most systems that might be faulty in the first place, like keyloggers on laptops, broken windows updates, factory installed trojans, utility software that was injected with malware before it's even certified, or like we have now, basic hardware design flaws.

    As long as you're connected to the internet, there sadly won't be a really safe system at all, I guess. That's why I was asking.
    At least on the PC you have the most options and tools to take care of your own security if you have the knowledge and time, every other device is not that impressive. Yet most people use mobile apps for banking... I honestly don't trust those in the first place (and they are affected by Meltdown / Spectre too, aren't they? ARM chips?).
     
    AsiJu likes this.
  20. AsiJu

    AsiJu Ancient Guru

    Messages:
    4,240
    Likes Received:
    278
    GPU:
    EVGA 980Ti SC+
    Yeah no way to be 100 % safe and mobile apps are just as if not more susceptible to harm.

    I would never use a phone to access my bank account either. Especially now that these flaws were discovered (yep ARM chips are affected too).

    I do enter PayPal login info via phone if necessary and while that's essentially access to my credit card should someone get the info, at least if compromised I don't need to close my credit card but just shut down the PayPal account.
     
    Last edited: Jan 9, 2018
    airbud7 likes this.

Share This Page