BitDefender Researchers Discover "Terrifying" Security Vulnerability in Intel CPUs

Discussion in 'HardForum Tech News' started by Zarathustra[H], May 14, 2019.

  1. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    9,836
    Joined:
    May 7, 2007
    Try early 1950s tech - I mean, I would love to go back to the IBM PC, Apple IIe, mainframe & mini, and Atari 2600 & NES days, but rose-tinted nostalgia and all that. :D
    Computers were very much around and a keystone of businesses, governments, and banks from the late 1950s onward.

    Like this!

     
  2. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,420
    Joined:
    Oct 31, 2004
    Any reason an app couldn't be heuristically scanned for attempting these kinds of exploits. These exploits need code to be fast so disguising the code by mixing it with benign code wouldn't work.

    A lot of people bag on AV's these days. There's no reason though not to have a 2nd AV that sits passively and scans code on demand.
     
  3. ChadD

    ChadD 2[H]4U

    Messages:
    3,693
    Joined:
    Feb 8, 2016
    As like S&M the real issue isn't you or me at home. Its all the small medium and large companies using cloud server solutions. You can run all the scanners you like and have a super secure setup... but if amazon or MS is selling server time on the same CPU to someone specifically running software designed to hunt for shared code... and bits of info the Intel server hardware isn't performing ring 0 kernel mode checks on at all (that was S&M) its not going to matter.

    S&M and this exploit are not disastrous for Intel because joe schmo at home might get infected going to the wrong S&M site. Its that the move the last 5+ years in the server world has been to cloud based options. Most of them running Intel. A company using a small Amazon or MS server option even if they are doing everything possible to be ultra secure can still be compromised IF the cloud provider has things like HT turned on. Frankly the safest option for companies like Amazon MS and the like is to either disable HT complete on their server chips... or simply run AMD or even Arm solutions. Intel has made their job of selling themselves to all the smaller cloud companies much harder. Amazon was already looking past Intel... and I imagine so was/is MS. Frankly in that market x86 probably isn't the future anyway. I know we have been saying for a long time the ARM servers are coming... but they really are at some point. or RiscV long term who knows. Intel is making that future seem more and more realistic to the x86 boosters in the world. lol
     
  4. Absalom

    Absalom Gawd

    Messages:
    575
    Joined:
    Oct 3, 2007
    That's more of a sledgehammer approach to these specific exploits. Any heuristics gathered today are obsolete tomorrow, because of the whole cat and mouse game.

    AVs exist because software developers are lazy. Again, it's a cat and mouse game. If software was developed with security in mind, then AVs would be out of business. But then there are stupid users and admins of said software, so the lines gets a bit blurred. But, I digress.

    If the exploit is simply to mine data from residual memory caches, the solution is to simply to make it very difficult, if not impossible, for the offending application to achieve this. However means necessary.

    Instead of depending on hardware (future or present) to deliver full confidence in security, software developers should take an active role in literally 'securing their shit.' A lot of these exploits wouldn't even be an issue if the software itself was locked down in key areas (namely areas where security matters). Businesses should be shitting bricks whenever these exploits show up, because it's a wake up call to shitty practices they've been getting away with up until now. That may sound a bit soap-boxy, but I do software development for a living and witness companies cutting corners all the time - often without regard to security being a big deal at all. It's a lousy practice.

    Some of these knee-jerk reactions, such as disabling HT as some 'global fix' are hilarious. It's like a bunch of suits in a board room panicking while asking each other 'Is our shit secure?'

    Specifically, as in right now, software developers can take advantage of memory fencing instructions (mfence on x86) to protect security critical code and data. This has proven to be very effective vs. Speculation and side-channel attacks. While this sounds awfully low level, it's not. Even .NET offers this as an abstraction through Interlocked.SpeculationBarrier. Software folks that are not sitting on their ass, should be educating themselves about this stuff and maybe even consider taking a security class.

    Instead of waiting for the sky to fall, the software itself can be properly developed with security in mind like it should have been from the ground up. As a software developer who preaches security during all phases of development, I'm not sitting on my ass, waiting for some magical hardware fix. Most security sensitive code is not performance sensitive. It's a rare thing if it is. For those rare case, I guess your life is going to be a bit interesting for a while.
     
  5. ChadD

    ChadD 2[H]4U

    Messages:
    3,693
    Joined:
    Feb 8, 2016
    No amount of "good" secure software will stop people from using this exploit or S&M. They are HARDWARE flaws, plain and simple. Its not that software that exploits these is actually doing anything wrong... that is the problem. You can't say any software that tries to read its cache is doing something wrong. The problem is Intel in order to gain performance is skipping checks or trying to do them after software has executed... as predictive algorithms tend to toss a quarter of more of the work they do when software ends up not needing that math. So the software isn't doing anything sneaky like trying to copy itself or brute force anything. So if you have software from 10 VMs all sharing the same hardware cache... allowing them all to read cache space without checking to see if they have permission first is a massive massive issue.

    The issue with MDS and S&M are that no amount of secure software can protect you from the software running on a different server which is sharing hardware. That is the main issue here. The VAST majority of all the software people rely on is cloud based which means its running on server farms, mostly using these flawed Intel chips. Any company on the cloud is sharing the same CPUs with potentially 100s of companies they don't know. Anyone of them could be the Troll farm specifically running software aiming to exploit the holes in Intels design. (Of course the majors like Amazon and MS are mitigating these exploits... but they come at a cost period.) It also looks like MDS can not be 100% mitigated without complete turning SMT off.

    I will agree that S&M and MDS are hard to exploit if your not running on the same hardware... not impossible just harder. But anyway bottom line is the cloud market is where the big money is right now.. and Intels product is a liability. Unless they come up with some further Microcode updates that manage to allow cloud service providers to offer secure solutions while not having to disable SMT.
     
    Last edited: May 16, 2019
  6. N4CR

    N4CR 2[H]4U

    Messages:
    3,518
    Joined:
    Oct 17, 2011
    Bingo. Firefox loves stopping you seeing stuff if a cert isn't up to date or a webpage is insecure ( fuck you thinking you can add an exception these days), meanwhile who cares about js running, as long as muh cert is there. Completely absurd.
    If your average person could see how many servers are contacted on your average mainstream news page, they would freak out. Some have 30 or 40+, latency on them is horrendous and with these exploits it just takes one bad apple..
     
    clockdogg likes this.
  7. trparky

    trparky Gawd

    Messages:
    975
    Joined:
    Jul 23, 2009
    That's exactly why an adblocker should be standard for every web browser. I wouldn't browse the Internet without an adblocker these days.
     
    $trapped and N4CR like this.
  8. Mohonri

    Mohonri [H]ardness Supreme

    Messages:
    5,735
    Joined:
    Jul 29, 2005
    I dunno about you, but there are a lot of very nice laptops in the consumer space. Dell, HP, and Lenovo have some rather pretty (and well-made) laptops if you're willing to spend more than $600.

    Where do you live where people are giving away 2-year-old desktops? Because I could use one--I'm on a 3rd-generation i5 here, with non-functional front USB ports....
     
  9. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    I use more than just adblock. I run Umatrix (and there are others like Ublock) which you can use to selectively let elements run. It's a bit of a learning curve, but you get fairly good at recognizing domains.
     
  10. ChadD

    ChadD 2[H]4U

    Messages:
    3,693
    Joined:
    Feb 8, 2016
    Phoronix has just posted some performance tests on the impact of Zombieload, combined with the S&M fixes.

    The Performance Impact Of MDS / Zombieload Plus The Overall Cost Now Of Spectre/Meltdown/L1TF/MDS
    https://www.phoronix.com/scan.php?page=article&item=mds-zombieload-mit&num=1

    The conclusion for those not wanting to skip to it;
    "If looking at the geometric mean for the tests run today, the Intel systems all saw about 16% lower performance out-of-the-box now with these default mitigations and obviously even lower if disabling Hyper Threading for maximum security. The two AMD systems tested saw a 3% performance hit with the default mitigations."

    Interesting to see that in some cases where Intel used to wipe the floor with AMD hardware... like context switching. The reverse is now very much the case... even if you leave HT on. The mitigations basically make intel hardware 5-6x slower in those cases. Some crazy stuff... I almost feel for all the Intel customers out there with big servers with tons of multi tasking going on, these zombiload fixes are going to HURT.

    The interesting part to me is that a lot of tests are not going to show a major impact cause most tests are of course not doing any context switching... they are running one test be it compression or X or Y bit of math over and over. Where this mitigation seems to really crush performance is when multi tasking is involved. As a follow up I would love to see numbers which involve multitasking.... perhaps tests of 2 different tests running concurrently. (you know like real world use) My guess is Intel is going to look extremely bad in those situations on chips without this fixed in hardware.
     
    Last edited: May 18, 2019
    Darth Kyrie and N4CR like this.
  11. Uvaman2

    Uvaman2 2[H]4U

    Messages:
    2,962
    Joined:
    Jan 4, 2016
    Thanks for the article.
     
  12. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Interesting. I wonder if any testing will be done with the chips that have hardware mitigation in them, and if there is any performance penalty with the hardware mitigation.
     
  13. Flexion

    Flexion [H]ard|Gawd

    Messages:
    1,569
    Joined:
    Jul 20, 2004
    You guys terrfied yet? XD
     
  14. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Nope. This is an issue primarily targeting cloud computing. I keep my A/V up to date, plus I disable web browser scripts so I'm not really concerned about any of these recent attack methods.
     
  15. Jim Kim

    Jim Kim 2[H]4U

    Messages:
    3,307
    Joined:
    May 24, 2012
    Nope, I'm buying AMD. ;)
     
    Darth Kyrie, Flexion and N4CR like this.
  16. Auer

    Auer Limp Gawd

    Messages:
    454
    Joined:
    Nov 2, 2018
    Terrifying
     
  17. ChadD

    ChadD 2[H]4U

    Messages:
    3,693
    Joined:
    Feb 8, 2016
    And yet you will still pay in terms of performance.

    I guess unless your a Linux user and your willing to disable the mitigations.
     
  18. Tsumi

    Tsumi [H]ardForum Junkie

    Messages:
    12,969
    Joined:
    Mar 18, 2010
    Doesn't matter as I rarely ever max out my system. The most stressful thing it does at the moment is Starcraft 2 at the moment, and that doesn't take advantage of hyperthreading at all. My laptop on the other hand, utilizing an i7-2640m might get dinged a bit, but I plan to replace it with a Ryzen 7 laptop anyways.
     
    ChadD likes this.
  19. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    For Anyone wondering what the actual performance metrics are like after the Specter / Meltdown issues (this probably doesn't even impact the latest issues):
    https://www.extremetech.com/computi...tches?utm_source=edit&utm_medium=notification

    Here's an Excerpt I found quite Interesting:

    The collective impact of enabling all patches is not a positive for Intel. While the impacts vary tremendously from virtually nothing too significant on an application-by-application level, the collective whack is ~15-16 percent on all Intel CPUs without Hyper-Threading disabled. Disabling increases the overall performance impact to 20 percent (for the 7980XE), 24.8 percent (8700K) and 20.5 percent (6800K).

    The AMD CPUs are not tested with HT disabled, because disabling SMT isn’t a required fix for the situation on AMD chips, but the cumulative impact of the decline is much smaller. AMD loses ~3 percent with all fixes enabled. The impact of these changes is enough to change the relative performance weighting between the tested solutions. With no fixes applied, across its entire test suite, the CPU performance ranking is:

    1. 7980XE (288)
    2. 8700K (271)
    3. 2990WX (245)
    4. 2700X (219)
    5. 6800K. (200)
    With the full suite of mitigations enabled, the CPU performance ranking is:

    1. 2990WX (238)
    2. 7980XE (231)
    3. 2700X (213)
    4. 8700K (204)
    5. 6800K (159)
    AMD, in other words, now leads the aggregate performance metrics, moving from 3rd and 4th to 1st and 3rd. This isn’t the same as winning every test, and since the degree to which each test responds to these changes varies, you can’t claim that the 2990WX is now across-the-board faster than the 7980XE in the Phoronix benchmark suite. It isn’t. But the cumulative impact of these patches could result in more tests where Intel and AMD switch rankings as a result of performance impacts that only hit one vendor.
     
    Last edited: May 21, 2019 at 2:47 PM
    Darth Kyrie, Red Falcon and N4CR like this.
  20. N4CR

    N4CR 2[H]4U

    Messages:
    3,518
    Joined:
    Oct 17, 2011
    Interesting shakeup indeed. Of course most 'reviewers' and board shills will only post the old, pre-patch results now. And I'd guess many of the the 'muh windows updates save baby jesus' types won't want the updates all of a sudden..
     
    Darth Kyrie and Legendary Gamer like this.
  21. Legendary Gamer

    Legendary Gamer Limp Gawd

    Messages:
    498
    Joined:
    Jan 14, 2012
    Agreed, thank you for the laughter. (y)