Intel: Spectre and Meltdown-proof CPUs coming this year

[Reefa]

 

Intel plans to have versions of its processors directly addressing the Spectre and Meltdown security flaws on the market later this year, the chip-maker has confirmed today. News on the processor update came during the earnings call with Intel CEO Brian Krzanich, after the company announced better-than-expected results for Q4 2017.

 

Indeed, while the market was predicting revenues of $16.34 billion for the three month period, Intel says it actually brought in revenues of $17.1 billion. That’s up $730m on revenues in the same quarter a year ago. Full year revenue for 2017 came to $62.8 billion.

 

What many wanted to know, however, was just what Intel was doing about the Spectre and Meltdown issues that had been identified earlier this month. Three flaws, independently discovered by different teams of researchers including Google’s Project Zero group, could have a significant impact on computer and server security. By exploiting them, hackers could access data in supposedly secure parts of the system, for example.

 

Krzanich opened the Intel earnings call with security at the top of the agenda, saying that the company was working “around the clock” to address the issues. Software fixes, however, aren’t sufficient the chief executive admitted, saying that Intel was “acutely aware” that it needed to do more. However, he also had information on just what that would be.

 

Changes to processor architecture are in the pipeline to permanently bypass the Meltdown and Spectre loopholes. However, it’ll take a little time to get them ready, and Intel says that the updated chips won’t be available on the market until later in 2018. It’s unclear what ranges Intel is prioritizing, since the security flaws affect so many models.

 

Nonetheless, it’s not hard to see this as a potential win for Intel in the long run. While Q1 may end up taking a hit since that’s when the Spectre and Meltdown situation was revealed, for many the only way to fix it – without the performance hit involved in the current patches – will be to buy new chips altogether. If Intel can prevent those customers from jumping ship, and minimize whatever sweetening of the deal is required, it could see a much faster turnover in processor lifecycle than it might have originally expected.

 

For the moment, though, it’s software fixes to the rescue. They’re hardly finalized either, with Intel forced to recommend holding off on the previous batch of patches for certain processor families after users observed greater than average reboots as a result.

 

source

[straycat19]

Just another way for them to extract money from hard working people's pockets.  What is really amazing to me still is everyone  jumping out of their skin over a fault (I won't use the term vulnerability since the only time it has been exploited is in a lab, under lab conditions, and then only as a proof of concept exploit.) that has existed since 1994. And their could be others we don't know about.  So if your machine is in a lab, and it is setup in the same specific way the test machine was, and you have the proof of concept code to run on it, then I would be concerned, but only if you are in fear of hacking your own data.

[flitox]

and in 10 years or less, we will heard that these new safe chips have indeed another flaw in them

[DKT27]

Last time I checked, whole change to the CPU architecture is said to take about a few years. So I'm not sure how they intend to fix it so fast.

 

While AMD's performance on gaming is still below par even after slowing of Intel processors, AMD's processor are looking more and more good now I think.

[straycat19]

On 1/26/2018 at 12:25 PM, DKT27 said:

Last time I checked, whole change to the CPU architecture is said to take about a few years. So I'm not sure how they intend to fix it so fast.

 

While AMD's performance on gaming is still below par even after slowing of Intel processors, AMD's processor are looking more and more good now I think.

 

The good news is you don't need the latest and greatest CPU or GPU to play the games and get decent graphics.  AMD processors looked very good back in the late 90s and were a good match for intel processors at a fraction of the cost.  Then AMD was kind of quiet for a number of years.  But the new Ryzen chips have a lot going for them if you are on a limited budget and want bang for the buck.

 

CPU architecture hasn't taken Intel that long to change historically if you remember the 1994 Pentium 60 debacle.  Shortly thereafter they released the Pentium 66 and it did not have the bug in it.  Though that bug only applied to scientists who were doing calculations that required an extreme number of decimal points.  For the normal user it had no effect.

[haxzion]

Good news from Intel and when those super safe chips will get released, i will demand a replacement of my 8700k cause when i bought this CPU for a premium price, Intel advertised it was fast and secure while they knew it wasn't. So it's either a replacement or a lawsuit, i'm just waiting.

[steven36]

Sounds like Y2K  all over again   

Get your computer Y2K ready

https://www.theguardian.com/technology/1999/sep/08/y2k

 

The Revolutionary Armed Forces of Colombia  put in beta copies of Windows 2000  because everyone believed  that all windows 98 pcs ans older would stop working . and they  still work today if you still have one lol.

  It just like people who kept using XP  after 2014  would catch a zombie virus and it never did happen.  this why i hardly even read the news any more or even use windows   it's all  marketing  and about selling you something new  . I just sit back  on Linux on my  old AMD and Intel  boxes and   it auto updates my firmware to patch these scare monger vulnerabilities and on windows you will be even lucky to find patches for a older PC  .   Only reason anyone  needs windows anymore is if they game  or are some kind of business  that sold there soul to Microsoft products.  Most consumers have switched to android . Even most videophiles use a phone to access the Internet  and a TV box hooked to the Internet to watch videos anymore . You can buy one for a 100 bucks lol.

 

I still use PCs and i'm considered  old skool,  just not with windows anymore  very often.  I still have windows on  a partition on one my pcs  but it's too much trouble  wasting hours of my life  hunting  down software updates so i don't bother booting into it very often . On Linux  once i install some kind of software  I only have to do it once and then from then on  it Auto updates  for up to 5 years  for free so I spend most of my time doing things i enjoy .  While the  consumer  version  of windows gets 2  unstable versions a year to beta test for business . All most 3  years in  and  Windows 10 has not got anymore stable  and it never will    tell the next CEO comes in and redoes marketing lol.

 

Microsoft turned  there back on us all ,  unless you want to beta test new versions  of windows 10 every 6 months  or have money to buy a long term solution like Enterprise they could care less about you,  and they use to really back  a release  for 10 years   for everyone. So i turned my back on them,  while the Linux Desktop market may still be small,    it keeps growing more and more with every new version of Windows 10 . The mobile market  and the version that uses Linux  has over took windows .  They wont never be  a year of the Linux desktop,  just like they want be  another year of  Windows  again . Desktops are going become more and more niche as time goes by .

 

Normal people  are not interested  in buying new  CPUS  for these dinosaurs  . You would be lucky if you could get them to fork out a few 100 bucks for a top of the line TV box to install Kodi on lol,  many buy cheap China android boxes for  a 100 bucks .   In this day and age you have  to have a reason to still use PC ether  you use  old hardware  keep in mind  most windows 10 boxes  came with Vista- Win 8.1 . Only people who buys new PC  hardware  are gamers and business  witch account for only like 60% of the PC  market and business don't by new hardware but about every 6 years.  

 

Anymore i spend 80%  most  of my spare time time around the real piracy scene witch has been over token by streaming and even 80 old year old grandmas  do it  and its full of people  who care less about it , there mostly noobs  . And I spend the other 20 % of my time  around you technical  people who still use PCs you're  a dying breed   . Even at this site the mobile  part of the forum be jumping and some old timers don't like it lol.

[straycat19]

Windows is definitely only for gamers and businesses, although we use a lot of linux systems at work for various things also.  Personally, I keep windows systems because I game and because I am on everyone's speed dial if they have a computer problem.  I have two new high end windows systems that haven't been turned on since I built them and installed windows. I have a Kaby Lake system (i7-7740X, ASUS ROG Rampage VI Extreme LGA 2066 X299, 128GB DDR 4200, Samsung 960 Pro M2 2TB, Samsung 860 Pro SSD 4TB, and EVGA GeForce GTX 1080 DirectX 12 8GB) that I built only to prove that I could install windows and it would update in contravention to what Microsoft claimed.  One of these days this will be a gaming machine, in the meantime it is one very expensive paperweight.

 

I also point out that in 2017 linux recorded 453 CVE vulnerabilities while Windows 10 had 268 CVE vulnerabilities, so linux isn't the ultra secure OS that many people claim it to be. But as @steven36 pointed out, updates are not a problem and much less time is spent on 'fixing' the system.  And although linux isn't  malware free, it is many times more secure than windows since there isn't much interest in attacking a platform that isn't predominant in any part of the world.

 

And we all remember Y2K and all the articles on the possibility of all the computers in the world crashing.  It never happened.  The Pentium 60 bug didn't cause space vehicles to crash or fly out of orbit because a calculation to 150 decimal points was one digit off.  Nor will the spectre/meltdown cause everyone to lose their important login and account data just because a couple people with too much time on their hands were able to find a flaw in chips that has been around for 24 years.

 

These things always remind me of the Chicken Little story (http://www.mainlesson.com/display.php3?author=treadwell&book=primer&story=chickenlittle).  Chicken Little being the researchers and the sky being whatever vulnerability they found that might be able to be exploited under specific lab conditions.

 

In the meantime, turn on your computer, whatever the OS, and do what you do, with the confidence that your system isn't sitting in someone's lab for them to spend hours figuring out how they might be able to get to your data.

[DKT27]

I again maintain that these vulnerabilities would not have given much care if it was not for it's fix's impact on the performance.

 

Another thing is, as gaming is mentioned above, graphics card have got driver updates to prevent this vulnerability, because one of them depend on CPU for some things. Now, even though this may not cause issues. But after installing those driver updates, benchmark show atleast a few percent of effect on performance. But guess what, it does not impact the gaming much. Infact, last time I checked these vulnerabilities have effected gaming from not much too highly enough. It is said that games do not use CPU much and even if they do, they do not use kernel much, atleast not as much as other things do so.

[steven36]

 

6 hours ago, straycat19 said:

 

I also point out that in 2017 linux recorded 453 CVE vulnerabilities while Windows 10 had 268 CVE vulnerabilities

 

 

I point  this out

 

Why are there fewer vulnerabilities in other operating systems, compared to Windows?

 

Quote

 

Marc Verwerft, IT Specialist at IBM

In order to compare something to something else, you need metrics. Is X larger/better/faster/… than Y? For simplicity sake, I’ll briefly compare 3 producers: Microsoft Server 2008, MacOS and Linux. Feel free to further investigate other products, but eventually, the conclusions will be the same I think.

Number of distinct vulnerabilities per product

CVSS Score Distribution For Top 50 Products By Total Number Of "Distinct" Vulnerabilities does provide that. This lists the products (vertically) and the number of vulnerabilities separated by their scores horizontally. The linux kernel has a total of (as I write this) 1837 vulnerabilities, MacOs has 1821, Windows server 2008 has 846.

Now take a good look at the numbers:

Linux: 566 for a score of 4–5, and only 116 for 9+.

MacOs: 412 for 6–7 score and 331 9+

Windows Server 2008: 296 for 7–8 and 276 for 9+

You don’t need to be a genius to see that there’s a large difference. Have a look at the second part of the table (in % of total), there it’s even clearer:

Only 6% of vulnerabilities in linux are 9+. For Windows server 2008, it’s a staggering 33% !!! One vulnerability out of 3 detected for this OS is a gigantic loophole. For MacOs, it’s 18 % - almost 1 out of 5 vulnerabilities gives an attacker a chance to easily compromise the system.

Reasons for better reliability and security of Linux

Free & open source

Many reasons can be traced back to the fact that Linux is “Free Software”, managed by a very intelligent guy (Linus Torvalds) using a sophisticated methodology for inclusion of new features or bug fixes in the kernel tree and using a terrific toolset from GNU.

• Anybody can read and investigate the code since it is freely available.
• Anybody can contribute, but each contribution is thoroughly tested and reviewed before Linus accepts it.
• They have a complete audit trail of each and every modification to the kernel.

Unix philosophy

Linux is a unix system. The design philosophy of a unix system (dates back to 1978!!):

1. Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new "features".
2. Expect the output of every program to become the input to another, as yet unknown, program. Don't clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don't insist on interactive input.
3. Design and build software, even operating systems, to be tried early, ideally within weeks. Don't hesitate to throw away the clumsy parts and rebuild them.
4. Use tools in preference to unskilled help to lighten a programming task, even if you have to detour to build the tools and expect to throw some of them out after you've finished using them.

Multi-user, multitasking from the ground up

Unix, from the very beginning, was always an OS for “more then one person” that worked on the same computer. As Linus told: his first codings had to do with resource sharing before anything else. Compare that to the idea of a ‘Personal’ computer where the assumption was that only 1 person at the time could use the system. Only afterwards, multi-threading/tasking and multi-user was added to MS windows.

Polylithic (vs. monolithic) design

The GUI centric design of Windows ‘encourages’ the design of more monolithic programs. The user interface of a program is usually closely inter-related with the business layer. Often the internal modules of the windows system are not cleanly separated.

In unix, it’s customary to write a program that can be started from a commandline. You hand over all arguments and options thru ‘switches’ (like -v gives the version of a progrm). A GUI would then interface only to the commandline, not to the inner structure of the program.

Standards conform (or not invented here syndrome)

Linux (to a very large extent) has always tried to adhere to standards or use a standard, already existing implementation for anything they design/write. Back in 1990 or so, the idea of MS was to ‘distinguish’ itself from other software by doing it their way. The idea behind it was to provide some ‘personality’ an to ensure vendor lock-in after a while. Alas, it is also the source of many flaws and inconveniences (like CRLF vs LF, // vs \\, …). As the saying goes: Those who do not understand UNIX are condemned to reinvent it, poorly. -- Henry Spencer, programmer.

 

https://www.quora.com/Why-are-there-fewer-vulnerabilities-in-other-operating-systems-compared-to-Windows

 

Windows 10 is only  2 and half  years old  it has  since  2015    (95 ) 9+  Vulnerabilities    The Linux Kernel  has  only (124)  9+  Vulnerabilities since 1999   % Of Total   6  Windows 10 has a staggering  score of 19  witch are the ones you have to really worry about .  Vulnerabilities are rated  on a scale from  0-9   there  not all the same  lol. Most bug fixes  i install on Linux are not marked urgent .

 

The longest  I remember  anyone  waiting on a patch  that involved a Linux  Distro  since i been using  it,  was when Ubuntu  released  a botched  Intel  Driver in  the Linux Kernel  that upstream (Linus  and the rest  ) told Ubuntu to never turn on to began with,  that  bricked new lenvo laptops  with Ubuntu  17.10 . The  fix was already there all you had to do was install  Linux Kernel  4.14 with Ukuu  and it fixed it.  They removed Ubuntu  17.10 from downloads and  redone the ISOs   with the SPI driver disabled.  Anything else  since I been using  Linux  by the time it makes it to the news it already on updates  no matter how  bad it is. Only reason it took Ubuntu  a few weeks  it was  the Holidays  when updates slack off  tell after the new year. What it done was  brick  the  bios were if you was dual booting with   windows you could not get into windows after you installed  it on new Lenvo laptops  but all you had to do was update the kernel   and it fixed it  because upstream never enabled it  . But people  had a panic attack.