Intel claims CPU security flaw not unique to its chips, implies ARM and AMD chips could be...

13»

Comments

  • Reply 41 of 49
    hattighattig Posts: 860member
    Meltdown affects all Intel x86 CPUs since the Pentium Pro, excluding Atom processors before 2013. It also apparently affects ARM Cortex A75 CPUs, but likely isn't an ISA level issue, so Apple's custom cores are possibly not affected. The solution to this affects performance badly (5-15%, peaks to 30% or more) in some circumstances (server workloads especially, and I/O heavy workloads). AMD processors are not affected. Home users, gamers, and light office users are not likely to notice but benchmarks and user experiences will come out in due course. Sceptre affects all Out of Order processors. Linux has a solution in progress that affects performance up to 1.5%, but the solution involves not just the kernel, but compilers and applications that include compilers (e.g., web browsers).
    watto_cobraxzu
  • Reply 42 of 49
    Rayz2016Rayz2016 Posts: 6,957member
    k2kw said:
    nht said:
    gatorguy said:
    wood1208 said:
    By the time some hacker understands how to exploit the flaw, patch is already in place. No foul No harm!!.

    Except over a billion Android devices that will never see a patch to fix this.
    https://support.google.com/faqs/answer/7622138
    That doesn’t help the multitude of android phones that don’t get updates or security fixes.  None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
    If you use an android phone you really don't care about security.   So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
    But what if someone grabs your phone, then shouts “hey you” and scans your … no wait, that’s a different thread. 

    As you were. 

    edited January 2018 watto_cobra
  • Reply 43 of 49
    Rayz2016Rayz2016 Posts: 6,957member
    nht said:
    k2kw said:
    nht said:
    gatorguy said:
    wood1208 said:
    By the time some hacker understands how to exploit the flaw, patch is already in place. No foul No harm!!.

    Except over a billion Android devices that will never see a patch to fix this.
    https://support.google.com/faqs/answer/7622138
    That doesn’t help the multitude of android phones that don’t get updates or security fixes.  None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
    If you use an android phone you really don't care about security.   So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
    I give them to my kids because ScreenTime works better on android than iOS.  And nope I don’t care but the implication that the majority of deployed Android devices won’t remain vulnerable because Google has a patch for the latest devices is clearly false.

    Gatorguy likes to pretend to be the voice of reasoned opposition but invariably posts idiocy like this showing his true purpose here. Concern trolling and spreading false equivalency.
    Yup, pretty much. 
    watto_cobra
  • Reply 44 of 49
    gatorguygatorguy Posts: 24,647member
    Rayz2016 said:
    nht said:
    k2kw said:
    nht said:
    gatorguy said:
    wood1208 said:
    By the time some hacker understands how to exploit the flaw, patch is already in place. No foul No harm!!.

    Except over a billion Android devices that will never see a patch to fix this.
    https://support.google.com/faqs/answer/7622138
    That doesn’t help the multitude of android phones that don’t get updates or security fixes.  None of my android phones will ever see this fix and they are younger than the iPhone 6 I’m using.
    If you use an android phone you really don't care about security.   So just don't let anyone get a hold of your phones and it won't matter that there is no fix.
    ...the implication that the majority of deployed Android devices won’t remain vulnerable because Google has a patch for the latest devices is clearly false.

    Gatorguy likes to pretend to be the voice of reasoned opposition but invariably posts idiocy like this showing his true purpose here. Concern trolling and spreading false equivalency.
    Yup, pretty much. 
    See Post 40. Don't be "that guy". 
    edited January 2018 r2d2
  • Reply 45 of 49
    Linus Torvalds , who is implementing the fix already has ruled AMD does not need to be fixed.. Only Intel depends completely on the fixes that Linux and Microsoft are implementing.. Linux will NOT implement any fix for Linux and trusts Lisa Su recommendation that AMD does not need to be fixed and will not suffer any performance issues.

    "Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security"

    "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if
         AMD is so confident that they are not affected, then we should not
         burden users with the overhead"

    xzu
  • Reply 46 of 49
    macplusplusmacplusplus Posts: 2,116member
    actech said:
    Linus Torvalds , who is implementing the fix already has ruled AMD does not need to be fixed.. Only Intel depends completely on the fixes that Linux and Microsoft are implementing.. Linux will NOT implement any fix for Linux and trusts Lisa Su recommendation that AMD does not need to be fixed and will not suffer any performance issues.

    "Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security"

    "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if
         AMD is so confident that they are not affected, then we should not
         burden users with the overhead"

    Is that so simple? “if AMD is so confident...” There are well written research papers that explain both vulnerabilities and expose proof of concepts. A team can implement those PoCs and test AMD as well. A company is able to do that. Apparently open-source individuals not,...
  • Reply 47 of 49
    actech said:
    Linus Torvalds , who is implementing the fix already has ruled AMD does not need to be fixed.. Only Intel depends completely on the fixes that Linux and Microsoft are implementing.. Linux will NOT implement any fix for Linux and trusts Lisa Su recommendation that AMD does not need to be fixed and will not suffer any performance issues.

    "Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security"

    "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if
         AMD is so confident that they are not affected, then we should not
         burden users with the overhead"

    Is that so simple? “if AMD is so confident...” There are well written research papers that explain both vulnerabilities and expose proof of concepts. A team can implement those PoCs and test AMD as well. A company is able to do that. Apparently open-source individuals not,...
    Who said it is simple..  AMD experts were made aware of these issues and investigated their code..  New AMD CPU architectures do not have the Intel issues unless they use an Intel compatibility mode, which if not used, then AMD does not have any issues..

    I wonder if Intel used these loopholes to improve their performance at the cost of security.. It definitely should be investigated to make sure this does not happen again and that customers are ensured that their data is really protected.

    Intel always uses PTI in their kernels while AMD only uses PTI as an Intel compatibility mode through a flag.. AMD doesn't use PTI kernel enabled mode, and its newest Ryzen cpu/kernel architecture does not expose the data as Intel CPU do.
    edited January 2018
  • Reply 48 of 49
    actech said:
    actech said:
    Linus Torvalds , who is implementing the fix already has ruled AMD does not need to be fixed.. Only Intel depends completely on the fixes that Linux and Microsoft are implementing.. Linux will NOT implement any fix for Linux and trusts Lisa Su recommendation that AMD does not need to be fixed and will not suffer any performance issues.

    "Linus Torvalds Trusts Lisa Su's Commitment to AMD CPU Security"

    "Exclude AMD from the PTI enforcement. Not necessarily a fix, but if
         AMD is so confident that they are not affected, then we should not
         burden users with the overhead"

    Is that so simple? “if AMD is so confident...” There are well written research papers that explain both vulnerabilities and expose proof of concepts. A team can implement those PoCs and test AMD as well. A company is able to do that. Apparently open-source individuals not,...
    Who said it is simple..  AMD experts were made aware of these issues and investigated their code..  New AMD CPU architectures do not have the Intel issues unless they use an Intel compatibility mode, which if not used, then AMD does not have any issues..

    I wonder if Intel used these loopholes to improve their performance at the cost of security.. It definitely should be investigated to make sure this does not happen again and that customers are ensured that their data is really protected.

    Intel always uses PTI in their kernels while AMD only uses PTI as an Intel compatibility mode through a flag.. AMD doesn't use PTI kernel enabled mode, and its newest Ryzen cpu/kernel architecture does not expose the data as Intel CPU do.
    What you describe is KPTI (KAISER) patch. It is related to the "Meltdown" vulnerability. There is another, broader vulnerability called "Spectre" and Spectre affects AMD Ryzen, the research paper says that it is verified. KPTI/KAISER patch does not protect against Spectre.

    https://spectreattack.com/
    edited January 2018
  • Reply 49 of 49
    r2d2r2d2 Posts: 95member
    wood1208 said:
    By the time some hacker understands how to exploit the flaw, patch is already in place. No foul No harm!!.

    Except over a billion Android devices that will never see a patch to fix this.
    Your comment shows your lack of understanding of how Apple and Android differ in implementing updates. If you do the research you wouldn't make such claims.

    Do you go by the name of Macfeast on other forums?
    edited January 2018
Sign In or Register to comment.