BitDefender Researchers Discover "Terrifying" Security Vulnerability in Intel CPUs

eclypse said:
Maybe we just turn the PC's off for good? Toss the phones as well since there watching and listening everything we do.. toss the smart TV's since there spying on us as well.. Nest thermostat.. did I leave anything out? Oh yeah.. OnStar since the patriot act allows them to listen to our every words as well.

Go back to 1980 tech and find something better to do?
Click to expand...
Try early 1950s tech - I mean, I would love to go back to the IBM PC, Apple IIe, mainframe & mini, and Atari 2600 & NES days, but rose-tinted nostalgia and all that. :D
Computers were very much around and a keystone of businesses, governments, and banks from the late 1950s onward.

Like this!

 
Any reason an app couldn't be heuristically scanned for attempting these kinds of exploits. These exploits need code to be fast so disguising the code by mixing it with benign code wouldn't work.

A lot of people bag on AV's these days. There's no reason though not to have a 2nd AV that sits passively and scans code on demand.
 
Jagger100 said:
Any reason an app couldn't be heuristically scanned for attempting these kinds of exploits. These exploits need code to be fast so disguising the code by mixing it with benign code wouldn't work.

A lot of people bag on AV's these days. There's no reason though not to have a 2nd AV that sits passively and scans code on demand.
Click to expand...

As like S&M the real issue isn't you or me at home. Its all the small medium and large companies using cloud server solutions. You can run all the scanners you like and have a super secure setup... but if amazon or MS is selling server time on the same CPU to someone specifically running software designed to hunt for shared code... and bits of info the Intel server hardware isn't performing ring 0 kernel mode checks on at all (that was S&M) its not going to matter.

S&M and this exploit are not disastrous for Intel because joe schmo at home might get infected going to the wrong S&M site. Its that the move the last 5+ years in the server world has been to cloud based options. Most of them running Intel. A company using a small Amazon or MS server option even if they are doing everything possible to be ultra secure can still be compromised IF the cloud provider has things like HT turned on. Frankly the safest option for companies like Amazon MS and the like is to either disable HT complete on their server chips... or simply run AMD or even Arm solutions. Intel has made their job of selling themselves to all the smaller cloud companies much harder. Amazon was already looking past Intel... and I imagine so was/is MS. Frankly in that market x86 probably isn't the future anyway. I know we have been saying for a long time the ARM servers are coming... but they really are at some point. or RiscV long term who knows. Intel is making that future seem more and more realistic to the x86 boosters in the world. lol
 
Jagger100 said:
Any reason an app couldn't be heuristically scanned for attempting these kinds of exploits. These exploits need code to be fast so disguising the code by mixing it with benign code wouldn't work.

A lot of people bag on AV's these days. There's no reason though not to have a 2nd AV that sits passively and scans code on demand.
Click to expand...
That's more of a sledgehammer approach to these specific exploits. Any heuristics gathered today are obsolete tomorrow, because of the whole cat and mouse game.

AVs exist because software developers are lazy. Again, it's a cat and mouse game. If software was developed with security in mind, then AVs would be out of business. But then there are stupid users and admins of said software, so the lines gets a bit blurred. But, I digress.

If the exploit is simply to mine data from residual memory caches, the solution is to simply to make it very difficult, if not impossible, for the offending application to achieve this. However means necessary.

Instead of depending on hardware (future or present) to deliver full confidence in security, software developers should take an active role in literally 'securing their shit.' A lot of these exploits wouldn't even be an issue if the software itself was locked down in key areas (namely areas where security matters). Businesses should be shitting bricks whenever these exploits show up, because it's a wake up call to shitty practices they've been getting away with up until now. That may sound a bit soap-boxy, but I do software development for a living and witness companies cutting corners all the time - often without regard to security being a big deal at all. It's a lousy practice.

Some of these knee-jerk reactions, such as disabling HT as some 'global fix' are hilarious. It's like a bunch of suits in a board room panicking while asking each other 'Is our shit secure?'

Specifically, as in right now, software developers can take advantage of memory fencing instructions (mfence on x86) to protect security critical code and data. This has proven to be very effective vs. Speculation and side-channel attacks. While this sounds awfully low level, it's not. Even .NET offers this as an abstraction through Interlocked.SpeculationBarrier. Software folks that are not sitting on their ass, should be educating themselves about this stuff and maybe even consider taking a security class.

Instead of waiting for the sky to fall, the software itself can be properly developed with security in mind like it should have been from the ground up. As a software developer who preaches security during all phases of development, I'm not sitting on my ass, waiting for some magical hardware fix. Most security sensitive code is not performance sensitive. It's a rare thing if it is. For those rare case, I guess your life is going to be a bit interesting for a while.
 
Absalom said:
Some of these knee-jerk reactions, such as disabling HT as some 'global fix' are hilarious. It's like a bunch of suits in a board room panicking while asking each other 'Is our shit secure?'
Click to expand...

No amount of "good" secure software will stop people from using this exploit or S&M. They are HARDWARE flaws, plain and simple. Its not that software that exploits these is actually doing anything wrong... that is the problem. You can't say any software that tries to read its cache is doing something wrong. The problem is Intel in order to gain performance is skipping checks or trying to do them after software has executed... as predictive algorithms tend to toss a quarter of more of the work they do when software ends up not needing that math. So the software isn't doing anything sneaky like trying to copy itself or brute force anything. So if you have software from 10 VMs all sharing the same hardware cache... allowing them all to read cache space without checking to see if they have permission first is a massive massive issue.

The issue with MDS and S&M are that no amount of secure software can protect you from the software running on a different server which is sharing hardware. That is the main issue here. The VAST majority of all the software people rely on is cloud based which means its running on server farms, mostly using these flawed Intel chips. Any company on the cloud is sharing the same CPUs with potentially 100s of companies they don't know. Anyone of them could be the Troll farm specifically running software aiming to exploit the holes in Intels design. (Of course the majors like Amazon and MS are mitigating these exploits... but they come at a cost period.) It also looks like MDS can not be 100% mitigated without complete turning SMT off.

I will agree that S&M and MDS are hard to exploit if your not running on the same hardware... not impossible just harder. But anyway bottom line is the cloud market is where the big money is right now.. and Intels product is a liability. Unless they come up with some further Microcode updates that manage to allow cloud service providers to offer secure solutions while not having to disable SMT.
 
Last edited:
Luke M said:
Don't run untrusted code, seems like the best advice regardless of where the vulnerability is. Browser people need to wake up and stop running Javascript willy nilly.
Click to expand...
Bingo. Firefox loves stopping you seeing stuff if a cert isn't up to date or a webpage is insecure ( fuck you thinking you can add an exception these days), meanwhile who cares about js running, as long as muh cert is there. Completely absurd.
If your average person could see how many servers are contacted on your average mainstream news page, they would freak out. Some have 30 or 40+, latency on them is horrendous and with these exploits it just takes one bad apple..
 
N4CR said:
Some have 30 or 40+, latency on them is horrendous and with these exploits it just takes one bad apple..
Click to expand...
That's exactly why an adblocker should be standard for every web browser. I wouldn't browse the Internet without an adblocker these days.
 
Zarathustra[H] said:
The consumer world is mostly a sea of crappy $250 laptop specials and chromebooks.

I just assumed that outside of the enthusiast and "gamer" communities where people tend to build their own, the desktop was essentially dead. You can't even give away a couple of year old prebuilt desktop on Craigslist for free...
Click to expand...
I dunno about you, but there are a lot of very nice laptops in the consumer space. Dell, HP, and Lenovo have some rather pretty (and well-made) laptops if you're willing to spend more than $600.

Where do you live where people are giving away 2-year-old desktops? Because I could use one--I'm on a 3rd-generation i5 here, with non-functional front USB ports....
 
trparky said:
That's exactly why an adblocker should be standard for every web browser. I wouldn't browse the Internet without an adblocker these days.
Click to expand...

I use more than just adblock. I run Umatrix (and there are others like Ublock) which you can use to selectively let elements run. It's a bit of a learning curve, but you get fairly good at recognizing domains.
 
Phoronix has just posted some performance tests on the impact of Zombieload, combined with the S&M fixes.

The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS
https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=1

The conclusion for those not wanting to skip to it;
"If looking at the geometric mean for the tests run today, the Intel systems all saw about 16% lower performance out-of-the-box now with these default mitigations and obviously even lower if disabling Hyper Threading for maximum security. The two AMD systems tested saw a 3% performance hit with the default mitigations."

Interesting to see that in some cases where Intel used to wipe the floor with AMD hardware... like context switching. The reverse is now very much the case... even if you leave HT on. The mitigations basically make intel hardware 5-6x slower in those cases. Some crazy stuff... I almost feel for all the Intel customers out there with big servers with tons of multi tasking going on, these zombiload fixes are going to HURT.

The interesting part to me is that a lot of tests are not going to show a major impact cause most tests are of course not doing any context switching... they are running one test be it compression or X or Y bit of math over and over. Where this mitigation seems to really crush performance is when multi tasking is involved. As a follow up I would love to see numbers which involve multitasking.... perhaps tests of 2 different tests running concurrently. (you know like real world use) My guess is Intel is going to look extremely bad in those situations on chips without this fixed in hardware.
 
Last edited:
ChadD said:
Phoronix has just posted some performance tests on the impact of Zombieload, combined with the S&M fixes.

The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS
https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=1

Interesting to see that in some cases where Intel used to wipe the floor with AMD hardware... like context switching. The reverse is now very much the case... even if you leave HT on. The mitigations basically make intel hardware 5-6x slower in those cases. Some crazy stuff... I almost feel for all the Intel customers out there with big servers with tons of multi tasking going on, these zombiload fixes are going to HURT.

The interesting part to me is that a lot of tests are not going to show a major impact cause most tests are of course not doing any context switching... they are running one test be it compression or X or Y bit of math over and over. Where this mitigation seems to really crush performance is when multi tasking is involved. As a follow up I would love to see numbers which involve multitasking.... perhaps tests of 2 different tests running concurrently. (you know like real world use) My guess is Intel is going to look extremely bad in those situations on chips without this fixed in hardware.
Click to expand...

Thanks for the article.
 
Interesting. I wonder if any testing will be done with the chips that have hardware mitigation in them, and if there is any performance penalty with the hardware mitigation.
 
Nope. This is an issue primarily targeting cloud computing. I keep my A/V up to date, plus I disable web browser scripts so I'm not really concerned about any of these recent attack methods.
 
Tsumi said:
Nope. This is an issue primarily targeting cloud computing. I keep my A/V up to date, plus I disable web browser scripts so I'm not really concerned about any of these recent attack methods.
Click to expand...

And yet you will still pay in terms of performance.

I guess unless your a Linux user and your willing to disable the mitigations.
 
ChadD said:
And yet you will still pay in terms of performance.

I guess unless your a Linux user and your willing to disable the mitigations.
Click to expand...

Doesn't matter as I rarely ever max out my system. The most stressful thing it does at the moment is Starcraft 2 at the moment, and that doesn't take advantage of hyperthreading at all. My laptop on the other hand, utilizing an i7-2640m might get dinged a bit, but I plan to replace it with a Ryzen 7 laptop anyways.
 
  • Like
Reactions: ChadD
like this
For Anyone wondering what the actual performance metrics are like after the Specter / Meltdown issues (this probably doesn't even impact the latest issues):
https://www.extremetech.com/computi...tches?utm_source=edit&utm_medium=notification

Here's an Excerpt I found quite Interesting:

The collective impact of enabling all patches is not a positive for Intel. While the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).

The AMD CPUs are not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled. The impact of these changes is enough to change the relative performance weighting between the tested solutions. With no fixes applied, across its entire test suite, the CPU performance ranking is:

  1. 7980XE (288)
  2. 8700K (271)
  3. 2990WX (245)
  4. 2700X (219)
  5. 6800K. (200)
With the full suite of mitigations enabled, the CPU performance ranking is:

  1. 2990WX (238)
  2. 7980XE (231)
  3. 2700X (213)
  4. 8700K (204)
  5. 6800K (159)
AMD, in other words, now leads the aggregate performance metrics, moving from 3rd and 4th to 1st and 3rd. This isn’t the same as winning every test, and since the degree to which each test responds to these changes varies, you can’t claim that the 2990WX is now across-the-board faster than the 7980XE in the Phoronix benchmark suite. It isn’t. But the cumulative impact of these patches could result in more tests where Intel and AMD switch rankings as a result of performance impacts that only hit one vendor.
 
Last edited:
Legendary Gamer said:
For Anyone wondering what the actual performance metrics are like after the Specter / Meltdown issues (this probably doesn't even impact the latest issues):
https://www.extremetech.com/computi...tches?utm_source=edit&utm_medium=notification

Here's an Excerpt I found quite Interesting:

The collective impact of enabling all patches is not a positive for Intel. While the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).

The AMD CPUs are not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled. The impact of these changes is enough to change the relative performance weighting between the tested solutions. With no fixes applied, across its entire test suite, the CPU performance ranking is:

  1. 7980XE (288)
  2. 8700K (271)
  3. 2990WX (245)
  4. 2700X (219)
  5. 6800K. (200)
With the full suite of mitigations enabled, the CPU performance ranking is:

  1. 2990WX (238)
  2. 7980XE (231)
  3. 2700X (213)
  4. 8700K (204)
  5. 6800K (159)
AMD, in other words, now leads the aggregate performance metrics, moving from 3rd and 4th to 1st and 3rd. This isn’t the same as winning every test, and since the degree to which each test responds to these changes varies, you can’t claim that the 2990WX is now across-the-board faster than the 7980XE in the Phoronix benchmark suite. It isn’t. But the cumulative impact of these patches could result in more tests where Intel and AMD switch rankings as a result of performance impacts that only hit one vendor.
Click to expand...

Interesting shakeup indeed. Of course most 'reviewers' and board shills will only post the old, pre-patch results now. And I'd guess many of the the 'muh windows updates save baby jesus' types won't want the updates all of a sudden..
 
N4CR said:
Interesting shakeup indeed. Of course most 'reviewers' and board shills will only post the old, pre-patch results now. And I'd guess many of the the 'muh windows updates save baby jesus' types won't want the updates all of a sudden..
Click to expand...
Agreed, thank you for the laughter. (y)
 
You must log in or register to reply here.
Back
Top