BitDefender Researchers Discover "Terrifying" Security Vulnerability in Intel CPUs

Discussion in 'HardForum Tech News' started by Zarathustra[H], May 14, 2019.

  1. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    Intel 64, Family 6, Model 158, Stepping 12.... Is more Software mitigation than hardware (which is the group of 9 Series processors I use). Furthermore the Coffee Lake Processors that have the mitigations in them are only Intel64 Family 6 Model 142 Stepping 12 & Intel64 Family 6 Model 142 Stepping 11 (which aren't even the desktop processors we use) That data is from May 14th, 2019 from Intel directly. You can look it up yourself. Relying on OS patching and BIOS patching than actually correcting the flaws in the actual silicon. If this currently reported security vulnerability is any indication, Intel knew about today's issue over a year ago and said nothing about it, nor did they bother to roll out the patches in Microcode & Software in advance... Why is that? Because it all slows their processors down. Most of these issues are so serious they would require Intel to completely redesign their processors and they're not going to do that. The way they work they might as well flush Hyperthreading down the toilet. They're not going to do that either.

    What corporation doesn't outright lie to their customers? Honestly, what world are you living in? Everyone does this. I use whatever processor suits my needs the best. I'm not just pointing the finger solely at Intel here. I am simply stating that the impact of hardware level mitigation would suck the life out of Intel's lineup when compared to AMD's upcoming product stack. That being said, both AMD and Intel have lied to their customers before on numerous occasions. Nvidia does it, Walmart does it, every car company does it, our legislators do it, most of the women I have dated do it, most the men and women I know do it, etc.

    Now getting to rebuilding that image... If Intel actually delivers a product that doesn't bend it's clientele over a table without asking permission or kissing them first... We will have to wait and see about that. Intel's image enhancement hasn't been impacted by much of shit as of lately. People like Kyle are probably working their asses off fighting their way through years of corporate bullshit and attempting to dilute it enough to actually effect that kind of change. Just because a company says they're going to do something doesn't instantaneously make them the shining paragon of the entire industry. Change takes time. People take years to change and at a corporate level Intel will not be so different than that.
     
    Last edited: May 15, 2019
    N4CR likes this.
  2. dvsman

    dvsman 2[H]4U

    Messages:
    2,531
    Joined:
    Dec 2, 2009
    With the release of this news, all the head-hunting from other competitor companies makes much more sense as well, both within their graphics division and not (like Jim Keller).
     
    Darth Kyrie and N4CR like this.
  3. Hatriot

    Hatriot Limp Gawd

    Messages:
    144
    Joined:
    Jan 18, 2018
    The correct response is, my apologies for making a knee jerk, combative response to a factually correct post that I misread.
     
    gtrguy and ccityinstaller like this.
  4. ChadD

    ChadD 2[H]4U

    Messages:
    3,690
    Joined:
    Feb 8, 2016
    I know this is a bit different then spectre and meltdown... but it sounds like the cause is the same.

    Intel engineers haven't respected ring 0 kernel mode security for ages. Its why their hyper threading has major issues... I mean their unpatched chips basically don't bother to check if bits have permission to be there until after they execute. (just saying it out loud even complete laypersons know that is bad... lets unlock the door and then check and see if that shady looking dude had a key)

    I didn't go and read all the deep dives on MDS but it sure sounds like the same flawed design thinking is the main issue.

    Also just have to note... all these companies like MS and google saying "we will work with effected hardware manufacturers" I love how no one wants to name Intel. Makes me hope AMD can 100% confirm this has nothing to do with them and add it to their repertoire of sales material. Intel is 10% faster if you run it as set by the factory... but expect to be owned, and/or loose 10% of your performance annually as Intel is forced to patch their hardware cheats. lol
     
    Darth Kyrie, Zuul, N4CR and 4 others like this.
  5. Auer

    Auer Limp Gawd

    Messages:
    448
    Joined:
    Nov 2, 2018
    Nice to see some people enjoying this all.
     
    Darth Kyrie and ChadD like this.
  6. ChadD

    ChadD 2[H]4U

    Messages:
    3,690
    Joined:
    Feb 8, 2016
    Well I wouldn't wanna be a told ya so of course. ;) lol

    Honestly anyone that was still buying Intel after S&M last year is a moron.

    They pointed out the biggest issue with going Intel... a complete shit sales first culture.

    It was obvious why S&M happened. Some engineer (or far worse some team of engineers) hit a performance bottle neck and instead of taking the proper amount of time to find a better way... or say this is the wall for this design marketing be damned. Someone actually said... hmm what if the chip simply moves the code into Ring 0 first runs the code... and IF that code ends up needed lets check the key at that point. Saves us 20-30% key lookups and boom we hit our performance target. Bonuses for everyone !!!

    With that type of culture it should be obvious the next major issue is just down the road. Now that MDS is out and will likely erode another 5-15% performance (best case) anyone wanna bet how long it will be until the next OH Crap flaw is discovered ? My money is on 6 months... as its clear Intels engineering teams, have been giving tight timelines, and hefty performance goals. Too hit them the have been willing to cut some serious corners and their bosses are either laypeople that have no idea, or worse they know and are all about the $.

    Like it or not.... these corners are not being cut at the competition, and if a lazy or incapable engineer over there tried to cut a corner by saying lets just skip this and move everything to kernel mode. They would have to slide it past a boss that didn't come up through the sales channel and knows more about CPU design then they do.
     
    Darth Kyrie, Zuul, N4CR and 4 others like this.
  7. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    I will take that bet and ante up, I am guessing that another flaw has already been detected and the people that reported it have to wait another year before releasing it. As far as the performance hits are concerned, I have to agree. There's something else I didn't say before. All the mitigation's to these security flaws come after the CPUs have already been benchmarked. Kind of like how AAA developers will wait to introduce micro-transactions until a game has already been reviewed and releases to massive fanfare. It's all staged to show their processors in the best possible light. The average lay person wouldn't know that you're looking at a processor that is going to be dog slow if the hardware manufacturer actually implements all the fixes for their architecture. I wonder what the final, actual, performance of these chips will be like fully patched vs what they were before.
     
    Darth Kyrie, N4CR and ChadD like this.
  8. bigsnyder

    bigsnyder Gawd

    Messages:
    671
    Joined:
    Jul 1, 2006
    Maybe we should port everything back to Motorola 68k lol
     
    Flexion likes this.
  9. Mohonri

    Mohonri [H]ardness Supreme

    Messages:
    5,735
    Joined:
    Jul 29, 2005
    Do we have any benchmarks showing the cumulative performance impact of all the mitigations?
     
  10. trparky

    trparky Gawd

    Messages:
    975
    Joined:
    Jul 23, 2009
    Oh this is good... as much as I hate referencing The Verge, Intel is currently facing 32 lawsuits regarding Spectre and Meltdown and that was back at the beginning of 2018. (Source) How much do you want to bet that the number of lawsuits is much larger now? Yeah...
     
  11. SvenBent

    SvenBent 2[H]4U

    Messages:
    2,790
    Joined:
    Sep 13, 2008
    Fitting acronym since ppl into S&M likes to play with pain...
     
    Darth Kyrie and ChadD like this.
  12. notarat

    notarat [H]ard|Gawd

    Messages:
    1,645
    Joined:
    Mar 28, 2010

    Intel tried Netburst and ultimately failed. Athlon 64 ate its breakfast. Intel could not take back the performance lead without abandoning Netburst and going back to re-engineer their PPro to use a more efficient but smaller pipeline. They also made a concious decision to sacrifice security for the sake of performance. It worked. For a time.

    Now they're reaping what they sowed.
     
    Darth Kyrie and ChadD like this.
  13. Lmah2x

    Lmah2x Gawd

    Messages:
    842
    Joined:
    Apr 3, 2014
    After the software patch, do you still need HT disabled? haven't had much time to read this week
     
  14. Luke M

    Luke M Limp Gawd

    Messages:
    350
    Joined:
    Apr 20, 2016
    Don't run untrusted code, seems like the best advice regardless of where the vulnerability is. Browser people need to wake up and stop running Javascript willy nilly.
     
    N4CR likes this.
  15. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    I don't honestly know. However after reading other companies mitigations of the issues there are instances where they say you still have to disable it. The big one I looked at today was Google and their mitigations required disabling HT on certain server implementations.

    It also depends on how fast our respective motherboard manufacturers get the microcode patch out. That could be a really long time... Especially if Intel says they patched it and then tells vendors to wait to roll it out. Even if thats not the case, most MB manufacturers will roll the BIOS out in QA and Beta prior to actually releasing the full update.
     
  16. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,225
    Joined:
    Apr 9, 2012
    hopefully people start getting fired for buying intel, this is beyond stupid.
     
  17. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,382
    Joined:
    Feb 3, 2014
    I'm just happy that this is forcing the major vendors to start putting out and pushing AMD systems. Hoping Dell starts shipping Optiplex systems with a Ryzen in the near future.
     
  18. ryan_975

    ryan_975 [H]ardForum Junkie

    Messages:
    13,953
    Joined:
    Feb 6, 2006
  19. Krenum

    Krenum [H]ardForum Junkie

    Messages:
    15,307
    Joined:
    Apr 29, 2005
    AMD 3000's cant come quick enough.
     
  20. Dan_D

    Dan_D [H]ardOCP Motherboard Editor

    Messages:
    53,189
    Joined:
    Feb 9, 2002
    The problem is, that even if vendors start switching to AMD en mass, AMD will not be able to supply the volume that's required to handle anywhere close to the volume Intel can.
     
    Auer likes this.
  21. Hagrid

    Hagrid [H]ardness Supreme

    Messages:
    7,952
    Joined:
    Nov 23, 2006
    Because they have not had to. Maybe it's time. :)
     
    Darth Kyrie, N4CR and techdude01 like this.
  22. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,382
    Joined:
    Feb 3, 2014
    Sadly that doesn't load for Dell Canada and it doesn't appear that they offer that model here either, they only give me Intel solutions.

    I dug more through Dell Canada's AMD offerings and my only options are in Alienware or Inspiron systems, nice to see they offer a Threadripper Alienware though.
     
  23. Auer

    Auer Limp Gawd

    Messages:
    448
    Joined:
    Nov 2, 2018
    I suspect a lot of large scale Intel customers will simply ride it out rather than switching completely over.
     
  24. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,225
    Joined:
    Apr 9, 2012
    that's true intel really does have 14nm(+++++++++++) in the bag.
     
    Auer likes this.
  25. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,968
    Joined:
    Mar 18, 2010
    As you suggested, I looked it up. Family 6 Model 158 Stepping 13 has full hardware mitigation for MDS, and is basically the current desktop 9th gen chip. Stepping 12 has partial hardware mitigation. Model 142 Stepping 12 appears to be wholly mobile chips, and there is some overlap on SKUs for both Model 158 and Model 142. What can be reasonably inferred is that Intel incorporated these changes over the product cycle of these chips, and new ones being made now should have full hardware mitigation.

    Yes, it is misleading for them to say 8th and 9th gen chips have hardware mitigation and then mean that only current revisions have them. However, that is completely different from an outright lie, which would get them into legal trouble not only with consumers, but big dogs like Google and Microsoft. There is a huge difference between lying and misleading. All companies do the latter, companies that do the former eventually get caught and face big lawsuits. "We can neither confirm nor deny" and "No comment" are not lying statements.

    It seems like you don't have a good understanding of how software security works. Working out a software solution to a vulnerability takes time. You have to make sure that the vulnerability is eliminated with the patch while also minimizing performance impacts. If there is no indication that the exploit is actively being used, it will always be kept quiet until everyone is ready to roll out the updates. You can see this was a coordinated one with patches from Redhat, Ubuntu, Google, Apple, and Microsoft ready to go the moment Intel made the announcement. A company never says "Here's an exploit, hang on to your beer while we work out a fix" unless they found the exploit already being utilized.
     
    Auer and Lakados like this.
  26. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    There was an article I read today about how the upcoming. I think it was "Whiskey Lake" will have no hardware mitigations in it. None of us can take it on faith for Intel to do the right thing for future releases.

    Microcode + Software is not a hardware fix. I don't expect we will see hardware resolutions to all of these if they destroy the performance of the processors. Also, the latest estimates of the patches that were just released say that on the server side of the spectrum these mitigations slow server workloads down by up to 9% in certain work loads. I would be interested in seeing a "to date" speed penalty these are applying in real world tasks to desktop enthusiasts.

    I understand that the security takes time to implement. Thus Intel reached out to it's big partners and informed them of the security issue. So, they've had over a year to patch for this. The article in question doesn't read all that "warm and fuzzy" for the wonderfully transparent company that Intel is supposed to be. Seeing as at least one claim says Intel tried bribing the people that discovered the security flaw into silence and downplaying the severity of the issue. Most of the people that explore the vulnerabilities afford the processor manufacturer about a year. Why not circumvent the article all together and release the information themselves? After the stuff is patched. Why allow the bad PR to even hit them if they were ready and waiting in the wings with a microcode mitigation they would then have to send to motherboard manufacturers after the story aired? Their current approach to transparency is bullshit. So, Kyle and the other guys going over there to work on that image are going to have one helluva time changing that environment.
     
    Darth Kyrie likes this.
  27. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,647
    Joined:
    Oct 29, 2000
    Who still buys prebuilt desktops these days?

    In the enrerprise world, every job I've been in in the last 10 years pretty much everyone has been issued laptops. Production floor type people have been using various types of thin clients.

    The consumer world is mostly a sea of crappy $250 laptop specials and chromebooks.

    I just assumed that outside of the enthusiast and "gamer" communities where people tend to build their own, the desktop was essentially dead. You can't even give away a couple of year old prebuilt desktop on Craigslist for free...
     
    Last edited: May 15, 2019
    Lakados likes this.
  28. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,382
    Joined:
    Feb 3, 2014
    I have a healthy mix, most of my desktops are now all in ones, I have a decreasing number of Windows and OSX laptops because they are mostly being replaced with Chromebooks/Chromebox and Citrix, so I can't disagree with that at all but their sales are still pretty large especially in the mini tower formats. I am still trying to figure out a way to sell accounting on the idea that I need a new Threadripper desktop for my office to work as an emergency server in the case of a massive failure though ....
     
  29. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,382
    Joined:
    Feb 3, 2014
    We will see a hardware fix when Intel releases a new architecture, in the mean time there is no way to fix the issue at a hardware level for these chips as it seems to be inherently flawed. Software & microcode is about the only way to go about this for the time being.
     
    Darth Kyrie and Legendary Gamer like this.
  30. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,647
    Joined:
    Oct 29, 2000
    Yeah, since my first professional job after college in 2003, I've gone from one Dell Latitude with a dock, to another Dell Latitude with a dock.

    I've never been in a non Dell shop, and never not had a Latitude with a dock. :p
     
    Lakados likes this.
  31. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,382
    Joined:
    Feb 3, 2014
    I am not a fan of their new USB-C based docks for the latitudes, it just kind of floats around the desk and doesn't really give the laptop a proper home like the old ones with the slot on the bottom, but the new Latitudes are pretty.

    Would be prettier running a Ryzen though ...
     
    Last edited: May 15, 2019
  32. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    27,647
    Joined:
    Oct 29, 2000
    I saw one of those new docks, but I don't have one myself.


    I thought to myself: "Gee I hope this is just another option, and they haven't gotten rid of their traditional docks". I meant to look it up but never did.

    I gather they are gone then? That is a shame.

    As far as them being pretty though? I guess. Doesn't really matter to me.

    I currently have a i7-6600u based Latitude E7470 with 8GB of RAM . I kind of hate the Ultrabook style of laptops. I consider it too thin, and the 1440p screen is way too high resolution for it's 14". For some bizarre reason it also has a touch screen which I have never intentionally used, and only causes problems when I accidentally come in contact with it.

    I'm actually MUCH happier with my old school thick Latitude E6430s I use at home. everything just works. The 1366x768 screen is perfect for it's size, it fits a HUGE battery, and everything can be worked on, drives easily removed and replaced, RAM upgraded, etc. etc.

    I just don't like the obsession with devices being thin and light, having stupidly high resolutions and touch screens.

    No one ever asks me what hardware I want at work. It just shows up. While I have been very happy with my Latitudes of the past dating back to my first one, a D620, I would likely have chosen something different this time around if given a choice...
     
  33. Algrim

    Algrim [H]ard|Gawd

    Messages:
    1,379
    Joined:
    Jun 1, 2016
    I personally have access to three corporate desktops: 2 12-core Mac Pros (different years) and a 16 core HP workstation. One of the two Mac Pros is supposedly retired (well beyond IS&T's support bubble) but I'm not about to throw away a good 12-core machine when I can still do video rendering on it...

    I was slated to get one of the new iMac Pros but they decided that a laptop was good enough until we get our entire workflow into the cloud which obviates the need for hefty bare iron.

    The huge irony of all this multi-core goodness coming out is less of a need to get it when companies are pushing workflows outside of desktops workstations.
     
  34. pillagenburn

    pillagenburn Gawd

    Messages:
    900
    Joined:
    Oct 3, 2006
    My decision to dump my ivy bridge based server and "downgrade" to an Opteron isn't looking so stupid now.
     
  35. THRESHIN

    THRESHIN 2[H]4U

    Messages:
    2,929
    Joined:
    Sep 29, 2002
    I have a skylake i5. This security shit sucks. I also don't need anything faster right now. I'm really torn.

    I'll probably ride it out and take the risk. Next system will not be Intel.
     
  36. Auer

    Auer Limp Gawd

    Messages:
    448
    Joined:
    Nov 2, 2018
    If I switch to AMD now something terrible will happen to them too next year so I'm gonna save ya all and stay with Intel.
     
  37. eclypse

    eclypse 2[H]4U

    Messages:
    3,013
    Joined:
    Dec 7, 2003
    Maybe we just turn the PC's off for good? Toss the phones as well since there watching and listening everything we do.. toss the smart TV's since there spying on us as well.. Nest thermostat.. did I leave anything out? Oh yeah.. OnStar since the patriot act allows them to listen to our every words as well.

    Go back to 1980 tech and find something better to do?
     
  38. MMitch

    MMitch Gawd

    Messages:
    594
    Joined:
    Nov 29, 2016
    Go to bed.
     
  39. Nolan7689

    Nolan7689 [H]ard|Gawd

    Messages:
    1,211
    Joined:
    Jun 5, 2015
    Well to answer your anecdote with my own anecdote, my friend went from a job in insurance (serving Canada wide, and backed out of London ie not small) where employees had desktops. Then recently switched to a new office job, also with actual desktops.

    Places still do the desktop thing.

    Different anecdote my mom works the vets office. About 14 years ago they replaced their desktops (Pentium 2) with Windows XP desktops. I think they may have done that once more and got up to Windows 10. Small business of course but they update infrequently and have stuck with desktops.

    But, anecdotes.