BBC BASIC for Windows
General >> General Board >> Intel CPU vulnerability http://bb4w.conforums.com/index.cgi?board=general&action=display&num=1515010702 Intel CPU vulnerability
Post by David Williams on Jan 3rd, 2018, 7:18pm
So my brand new, very nice Intel Core i7 7700hq-based laptop has this serious security vulnerability, so now I can (apparently) look forward to my computer running around 30% slower thanks mostly to f****** Intel (after Microsoft has released the Windows update).
This means it's also going to slow down my BBC BASIC programs!
Check if your Intel-based system is vulnerable by running Intel's "Intel-SA-00086 Detection Tool" - see here:
A 30% slowdown is absolutely unacceptable. I wonder if it will also affect battery life? I really hope not.
David. --
Re: Intel CPU vulnerability
Post by ady on Jan 3rd, 2018, 11:48pm
Put simply
I wouldn't believe a word they say
For me, my Intel is fine (actually it's fabby)
If I'm running a server farm business then they can toast my chips but they aint touching my PC
Got a 333 running (Overclocked) at 400 (85%load 20 hours a day) just now and it's great, the amount of work an intel can do is almost unbelievable
Maybe they don't like that and are having second thoughts, a nice way to boost profits is to have a 30% efficiency crisis
Never ever forget, these people have no shame and would sell their own mothers for a dollar
btw I'm still on XP (phew)
Re: Intel CPU vulnerability
Post by ady on Jan 4th, 2018, 09:25am
The conspiracy nut industry is going to have a field day with this one
"One World Government to inject all computers with spyware" kinda thing
Re: Intel CPU vulnerability
Post by David Williams on Jan 4th, 2018, 5:00pm
Good article by Charlie Demerjian at SemiAccurate (although some might say he has something of an anti-Intel bias, but that's really just my perception):
Re: Intel CPU vulnerability
Post by ady on Jan 5th, 2018, 07:31am
What's the probability of being hacked by this exploit if you're online a couple of times a day?
Re: Intel CPU vulnerability
Post by David Williams on Jan 5th, 2018, 07:53am
What's the probability of being hacked by this exploit if you're online a couple of times a day?
Hopefully the probability is very low, otherwise I'm stuffed! Re: Intel CPU vulnerability
Post by DDRM on Jan 5th, 2018, 08:29am
Hi Guys,
Outside my expertise, but the way I read the papers is that you'd still need to download malware, which could then read the kernel data.
If you want to try it, Richard explains on the other forum how to do it- it's quite an elegant trick! You only have a few clock cycles of pipelined commands before the processor realises it is being naughty, but just enough to read a forbidden byte, and use it as an offset to write to a buffer. Then the processor rubs out everything you've done - but if you check which byte in your buffer has been written most recently, you can work out the value of the byte you read, even though it's now been splatted!
My reading is that if you have adequate anti-virus/anti-malware protection in place you are unlikely to have a problem, but don't quote me on that! On the other hand, the performance hit of the workarounds is likely to be only a couple of percent for normal users (who are generally using their machine as a single user at any given time), so it probably makes sense to install the patches rather than risk it. Of course, with Windows 10 you probably don't have the option anyway - Microsoft WILL install it, regardless of your wishes, within a couple of weeks...
It sounds like the killer (and the bit that worries me) is going to be in servers and cloud services: they should have good security (though the frequency of headlines suggests it isn't THAT good!), but if anything gets through it, the exploit potentially lets someone get hold of my passwords etc at a time and place where they are totally outside my control. Those services are typically running massively parallel processes for multiple users, and that's where the big performance hits are going to be. So those servers face anything up to a 50% slower service, buying 50% more processors, or changing to AMD/ARM processors, since the main/difficult to fix problem is Intel-specific, due to differences in the microarchitecture (in other words, where the pipelining gets cut off when a priority violation occurs).
Best wishes,
D
Re: Intel CPU vulnerability
Post by David Williams on Jan 6th, 2018, 11:04pm
Well, Windows 10 on my 'vulnerable' Core i7 laptop installed an update a few hours ago which may, or may not, have patched the vulnerability. First thing I notice is the new game I'm developing took noticeably longer to load, as does the editor I wrote, but the game itself doesn't seem to run any slower (mind you, it's hard to tell because it's frame-rate independent). It's possible, of course, that this apparent slowdown in my program loading the game assets (mostly graphics) might have nothing to do with the Windows update.
Re: Intel CPU vulnerability
Post by ady on Jan 7th, 2018, 11:22am
I would avoid being a first adopter in this scenario