Three more security holes in Intel processors, big slowdowns incoming

(Ace Dragon) #1

First it was Meltdown (mainly Intel)

Then Spectre (Intel affected the most)

Then Spoiler (mainly Intel again).

And now there’s the discovery of three more holes that appear to be Intel only.

According to the article, people who use processors before the 8th generation can mitigate the flaw by disabling the hyperthreading. Otherwise, it looks like this will lead to incoming BIOS updates that in turn has the potential for more performance hits (which may not affect gamers that much, but could be another blow to content creators).

Good thing I have a Ryzen machine now, it would not be fun if every couple of months brought the possibility of my PC becoming slower. This type of PR with Ryzen 2 procs. less than 2 months away can’t be a good thing.

1 Like
#2

Intel further confirms to be a perfect example of “resting on one’s laurels”. Was time to move on and Threadripper (price/performance + ability to upgrade to next gen. later) got me.

(joseph raccoon) #3

I’m kinda torn, at this stage of the game I’m wondering if some of those flaws were engineered in intentionally.

#4

A bit smells rotten and if it proves to be so, huge fines & compensations awaits. Might finally break the giant’s monopoly, patents, licenses dispersed… hopefully more competition in fabrication.

(joseph raccoon) #5

I’m just wondering why these were not found before. But even with that said…I’m starting to wonder.

(kkar) #6

Will this ever end? And, this stuff seems to just get worse for Intel with every new security revelation.

(Ace Dragon) #7

Intel claims you won’t need to turn off hyper-threading to be safe, but it’s not stopping Google from automatically turning it off on their Chromebooks.

In addition, Intel users who just upgraded to the absolute latest chips may not need to mitigate due to fixes at the hardware level. Users of slightly older chips may be relieved to hear the mitigation on the OS end only produces a 1 percent performance penalty, but BIOS fixes aren’t released yet and those little hits add up over time.

(sundialsvc4) #8

Many of these “flaws” are actually pretty hypothetical. They’re exploiting the highly parallelized, sometimes predictive nature of the chip architectures to occasionally read or write to memory where they’re not supposed to be. But they’re not generalized exploits.

To say, “you can avoid this by disabling hyperthreading,” while it may be technically correct, is somewhat akin to saying, “you can avoid the risks inherent in driving your car thirty miles to work by walking, instead.”

3 Likes
(Ace Dragon) #9

Linux has just released patches that do full mitigation of these holes, the performance impacts range from just a few percentage points to as much as 50 percent. This is Linux, but it could be a preview of what is to come for Windows.
https://www.phoronix.com/scan.php?page=news_item&px=MDS-Zombieload-Initial-Impact

Users of AMD processors and users with new 9th Gen Intel machines are more or less safe and will not see these impacts, but those with older machines may or may not find it much harder to work with DCC apps. like Blender.

This is with hyperthreading on by the way, so there’s no way to escape it really unless you are tech. savvy with Linux and feel confident enough to have the many security holes in exchange for performance.

(Ace Dragon) #10

The fallout is being revealed, and it is a potential disaster for Intel.



https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=10

A 16 percent hit, AMD chips meanwhile are immune (though those machines still see a 3 percent hit from the OS patching).

I assume future OS updates will work on reducing the amount of unneeded mitigation for Ryzen machines, but Intel users have the misfortune of a slower machine to look forward to (if Meltdown and Spoiler weren’t bad enough).

(justwannapost) #11

I don’t get it - what are the chances that any of you guys will somehow run software on your system that utilizes these holes and screws up your system? …then why do you care??

1 Like
(ouraf) #12

as long as it’s above zero, you have the right of feeling at risk.

And not everything is just focused on the end user: imagine highly competitive IT companies using everything they can to cripple the competition (and unfortunately things like sabotage and industrial espionage do exist outside films and books), or random hackers finding ways of attacking a specific company.

Not only an attack could effectively cost millions until everything is back in place, but the reputation damage is even harder to repair. Some services have as a market difference a 99% + uptime during the year. You get hit for a single day and your customers will fly to the competitors.

So, even if it is more theoretical than present threat, even if the chances are incredibly low, Either you lose performance in thousands of machines or put your entire business at risk. would you risk it

the poisoned mm’s analogy finally works as intended.

1 Like
(Ace Dragon) #13

Tech. savvy users can turn these patches off, especially if they use Linux. Most people however will just let Microsoft, Apple, and the Linux devs. do what they need to do to maximize security.

If it’s any consolation, the reports show gaming performance won’t see much slowdown. The total advantage Intel has over AMD in framerate though may differ by just a few percentage points in some games, so the higher prices Intel commands for their chips will look like a worse deal even for that.

#14

I bet my 386SX and my 486DX2 machines are immune to these exploits! I knew keeping them around was a good decision.

On a more serious note, maintaining proper security practices as a home user essentially eliminates chances of an infection. Not visiting dodgy websites, not downloading random programs, torrenting safely, and maintaining proper AV. Much more of a concern for enterprises who can’t really ensure every hole is closed.
Safe security practices go a long way. And if you have Windows 10, Microsoft has everything covered for you without you needing to know!

Something tells me AMD also has its fair share of holes, but everyone’s focusing on Intel because they can get more publicity out of it.

(Ace Dragon) #15

It’s unlikely that AMD chips are as full of holes as Intel, as AMD put out a statement talking about security being a priority for them. That’s not to say that security holes won’t be found, but the current Intel patching has shown to be a nice break for AMD as a company as Ryzen is gaining a lot of mindshare on many tech. websites and Youtube.

Nearly all of the Intel flaws so far have been tested on AMD processors and it was found that other than being vulnerable to a couple of Spectre variants, they were generally immune.

#16

That’s the thing. They’re only testing existing vulnerabilities from Intel. AFAIK nobody’s actively or publicly searching for new ones on AMD.

(Ace Dragon) #17

There was that one instance where an unknown security company claimed to find four major issues with Ryzen. However, there was doubt they were a legitimate firm and it led to the theory that is was for the sole purpose of derailing the launch of Ryzen+.

That said, it was mentioned last year that this type of security hole was barely explored. It might be years before all of the vulnerabilities are found. For now though, it will a serious test to Intel’s apparent immunity to bad press (as they continue to sell all the chips they can make).

#18

to what benefit?

Why would they do that?

#19

I agree.
I am simply trying to look at this from all perspectives. No matter who the exploits are discovered on, there will be conspiracies about it.
We will have to see how Intel responds with future CPU generation, and how they work to mitigate future exploit possibilities in advance. Just like how AMD plans to keep their statement about security.

Time will tell…

(joseph raccoon) #20

Humm…I’m not sure what the benefit to security holes in the processors that make up the bulk of the worlds data infrastructure would be.

But as to why, if I had to guess I would be it would be tossing aside safety for benchmarks, a not uncommon thing in any form of industry to be sure, but…the moment I sit down and accept that the people at intel are some of the best in the world at making processors is also the same moment that I find it a little bit incredulous to believe that they did something like that on accident.