'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign

Discussion in 'other security issues & news' started by Minimalist, Jan 2, 2018.

  1. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    161
    I believe it is the meltdown patch for intel processors(via MS update) that has the most affect on system performance(depending on task) because of Kernel Page Table Isolation.Spectre bios/cpu microcode update affects some systems' stability resulting in random reboots or crashes.On 6th gen & newer intel processors with win 10 latest 1709 version the impact of meltdown patch should not be noticeable for most users doing typical tasks on their pc.
     
  2. SouthPark

    SouthPark Registered Member

    Joined:
    Jun 13, 2012
    Posts:
    735
    Location:
    South Park, CO
    Yesterday I applied the January MS security-only patch to my 2010-made W7 64-bit laptop with an old Intel T4400 processor and 5200-RPM HDD. After a full day of running it, I have not noticed any slowdowns with Web browsing, compressing or encrypting files, or running file backups with FastCopy.
     
  3. Infected

    Infected Registered Member

    Joined:
    Feb 9, 2015
    Posts:
    1,134
    Can anyone link me to the Linux test, so I can see if I'm patched or not?
     
  4. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    I have the second gen ivy bridge processor I-7 and have not noticed any slowdown or diff since i installed the jan os patch for Meltdown a few days ago. http://www.tomshardware.com/news/intel-22nm-3-d-tri-gate-ivy-bridge,12700.html
     
    Last edited: Feb 7, 2018
  5. whitestar_999

    whitestar_999 Registered Member

    Joined:
    Apr 1, 2010
    Posts:
    161
    The meltdown patch is supposed to negatively impact specific work scenarios usually found in server environment but may be found in some home users' pc like some big database operation task etc.The usual browsing,multimedia,backup,archiving etc are supposed to be unaffected.

    I am assuming you are on win 10 latest v1709 though.
     
  6. Dragon1952

    Dragon1952 Registered Member

    Joined:
    Sep 16, 2012
    Posts:
    2,469
    Location:
    Hollow Earth - Telos
    More like W7.
     
  7. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    The Meltdown patch didn't affect my older Win7 HP laptop noticeably either. I'd instead be far more concerned about what a Spectre micro architecture patch might do, on both performance and especially stability.
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
  9. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    One of my laptops is an Intel Penryn (2009). It is on the Intel list for a BIOS update, as 'planning'.
    - 'planning' means it is now in pre-validation. That is a 8-9 year old laptop.

    Here is the Intel List that was revised yesterday, Feb 8, 2018 ...

    https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
     
  10. HempOil

    HempOil Registered Member

    Joined:
    Jun 15, 2015
    Posts:
    224
    Location:
    Canada
    Thanks!

    My Sandy Bridge Core i7, circa 2011, is one stage further: in pre-Beta. Maybe there is still hope, but I have my doubts that ASUS will release a BIOS update for my laptop.
     
  11. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    My Core 2 Duo E8400 is in that same list... Did not expect that!

    Definitely won't get a BIOS upgrade from MSI, but I believe I can update the BIOS myself to include it?
     
  12. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    The updates from Intel are being sent to the OEMs. Intel is not listing them on their site for download, AFAIK. Considering my Lenovo is outside warranty, I can not see them spending any money testing the update, much less releasing it. it is considered a user accepted risk to install BIOS updates outside warranty. If it bricks, the OEM owes you zero support or compensation. These BIOS updates may eventually end up on some dubious sites and maybe on some OK sites. There is a lot of risk to weigh
    - brick the system trying to protect it versus a performance hit or damage from an exploit.
     
  13. JoWazzoo

    JoWazzoo Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    241
    Location:
    Ether
    Yep. Well said. And THAT is the fear I have with Spectre fixes. I will wait long and hard before installing any BIOS updates related to this. If I get any. :) but I doubt I will since my machine is so old.
     
  14. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,383
    I was planning to get the microcode from the Linux package that Intel provides.

    I have modified my BIOS before (boot image, Intel RST firmware), but have never changed the microcode.

    So there’s indeed a risk of bricking the system...
     
  15. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    Thanks for the link!

    My old machine may get a patch after all as it too shows as "Planning". :thumb:
     
  16. Reality

    Reality Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    1,198
    @emmjay
    Thanks for that link. Further back I incorrectly stated both my computers CPU's were the same. CPU-Z however showed that one is a Core2 Duo Conroe (Not listed in that pdf) and the other is a Dual Core Wolfdale and it is listed as in planning.
     
  17. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Intel's Microcode Revision Guidance updated February 12, 2018
    Link: hxxps://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
     
  18. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
    Windows Analytics now helps assess Meltdown and Spectre protections
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    https://www.theregister.co.uk/2018/02/14/meltdown_spectre_exploit_variants/
     
  20. wat0114

    wat0114 Registered Member

    Joined:
    Aug 5, 2012
    Posts:
    4,064
    Location:
    Canada
    Jake Williams from SANS Digital Forensics and Incident Response was right when he declared Spectre and Meltdown were just the beginning and he predicted there would be more, similar microcode exploits this year.
     
  21. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    8,592
    Location:
    U.S.A.
    I am not surprise by these new disclosures. Knowledgeable sources stated from "day one" that BIOS patches will not mitigate these CPU flaws.

    On the other hand until an actual in-the-wild exploit surfaces, I am not concerned about this issue. And I join the ranks of those that have stated that these vulnerabilities will not be deployed against client devices and will be targeted against network servers where the pay-back is largest.
     
  22. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    There should be a moratorium on the existing chip design(s) due to the fact that they can only be 'fiddled with' and not fully secured. For instance, if Intel declared that Kaby Lake/Sky Lake to be the end of the line instead of pushing ahead with Cannon Lake and Ice Lake on the same micro-architecture, that would limit the potential damage from exploits to products prior to 2018. There is a huge number of pre 2018 product that will never receive any firmware updates and those that do get something, it may prove to be inadequate.

    I will not be installing any firmware updates on my home systems and I will not be buying anything that has this old architecture on board. Stocking the shelves with patched-up product throughout 2018-2019 is unconscionable. Redesigning the chip(s) is the only answer.
     
  23. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    2,002
    Location:
    Member state of European Union
    Unfortunately these redesigned chips (if done properly on silicon and compared to previous unpatched products) are going to be slower in the years to come.
     
  24. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,540
    Location:
    Triassic
    Yes, I believe you are correct.

    Considering how effective, sophisticated and prolific cyber-criminals (state sponsored, organised crime and freelancers) have become, I expect the current situation will get much worse. Doing the same thing over and over again and expecting a different result, is just plain stupid.
     
  25. Mr.X

    Mr.X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    4,794
    Location:
    .
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.