I've still got it on an old and somewhat battered laptop I haven't so much as booted up in years
I have the exact same laptop.
+2
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited May 2019
The hits keep coming! This time with a thread title update.
Yesterday, a fairly serious CPU vulnerability along the lines of Spectre and Meltdown was disclosed. It impacts Intel CPUs, and they're calling it ZombieLoad.
“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.
Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.
Intel's disclosure of the vulnerabilities is available here.
Rumblings abound that Intel has known, and been working with various vendors and OS developers, for about a year. Microsoft and Apple have supposedly rolled out patches already. Microcode updates for the vulnerability are in the pipe or available, depending on the hardware, and may impact system performance.
Aside: "ZombieLoad" is at the very least a unique name, I suppose.
The hits keep coming! This time with a thread title update.
Yesterday, a fairly serious CPU vulnerability along the lines of Spectre and Meltdown was disclosed. It impacts Intel CPUs, and they're calling it ZombieLoad.
“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.
Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.
Intel's disclosure of the vulnerabilities is available here.
Rumblings abound that Intel has known, and been working with various vendors and OS developers, for about a year. Microsoft and Apple have supposedly rolled out patches already. Microcode updates for the vulnerability are in the pipe or available, depending on the hardware, and may impact system performance.
Aside: "ZombieLoad" is at the very least a unique name, I suppose.
The hits keep coming! This time with a thread title update.
Yesterday, a fairly serious CPU vulnerability along the lines of Spectre and Meltdown was disclosed. It impacts Intel CPUs, and they're calling it ZombieLoad.
“ZombieLoad,” as it’s called, is a side-channel attack targeting Intel chips, allowing hackers to effectively exploit design flaws rather than injecting malicious code. Intel said ZombieLoad is made up of four bugs, which the researchers reported to the chip maker just a month ago.
Almost every computer with an Intel chips dating back to 2011 are affected by the vulnerabilities. AMD and ARM chips are not said to be vulnerable like earlier side-channel attacks.
Intel's disclosure of the vulnerabilities is available here.
Rumblings abound that Intel has known, and been working with various vendors and OS developers, for about a year. Microsoft and Apple have supposedly rolled out patches already. Microcode updates for the vulnerability are in the pipe or available, depending on the hardware, and may impact system performance.
Aside: "ZombieLoad" is at the very least a unique name, I suppose.
Do the fixes also impact CPU performance?
sure do, I think it's like a 10% performance loss or something to that effect
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
There are more and more factors pushing me toward Ryzen for my next build. This stuff certainly isn't helping Intel, to that end.
+3
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
Some reports say that the performance hit is massive, as much as 40%, depending upon the processor and the extent of the fix. Apparently in some cases the fix is to literally disable Hyperthreading.
+2
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited May 2019
The 40% performance hit is only incurred in the case of entirely disabling hyperthreading to mitigate any possibility of attack.
Other mitigation strategies have a much lower impact.
Edit: It looks like microcode updates for the Intel CPUs impacted have already started rolling out via Windows Update for Windows 10. I'm uncertain if it was in the bevy of updates I received this morning, but I haven't noticed a significant performance hit on an 8700K so far.
This is why I'm never buying Intel CPUs again short of another Bulldozer. These constant discoveries just keep happening, and no matter the on paper superiority of Intel in gaming, I can't help but wonder if an overpriced CPU is suddenly about to lose it because they turned their designs into insecure drag racers!
Jeep-Eep on
I would rather be accused of intransigence than tolerating genocide for the sake of everyone getting along. - @Metzger Meister
I would not be surprised if AMD CPUs have similar flaws re. speculative execution. Researchers are targeting Intel CPUs because of their much larger market share.
I would not be surprised if AMD CPUs have similar flaws re. speculative execution. Researchers are targeting Intel CPUs because of their much larger market share.
AMD has had a couple but not nearly on the same level.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I would not be surprised if AMD CPUs have similar flaws re. speculative execution. Researchers are targeting Intel CPUs because of their much larger market share.
AMD has had a couple but not nearly on the same level.
True. The fact that some of the baseline spectre flaws affected AMD CPUs gives me the impression that they have been caught with their pants down on this front just as much as Intel. There are probably more vulnerabilities to come for both vendors.
Yeah these security holes have existed since I think the Pentium 2 or 3, the entirety of modern computing was built around the performance gained by those changes in the hardware. But thank goodness they've fixed them at the hardware level.
I still turned them all off because
A) I don't host virtual machines for customers so nbd the performance hit to anything older than a gen 8 i# chip was too much and my gen 3 i5 was basically equivalent in speed to more core2duo after the patches hit and
C) no one's getting exploited by this on websites since chrome/firefox/js were all patched like the day of that information dropping.
Turning it off basically resurrected my PC last night it was fucking glorious.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Yeah these security holes have existed since I think the Pentium 2 or 3, the entirety of modern computing was built around the performance gained by those changes in the hardware. But thank goodness they've fixed them at the hardware level.
I still turned them all off because
A) I don't host virtual machines for customers so nbd the performance hit to anything older than a gen 8 i# chip was too much and my gen 3 i5 was basically equivalent in speed to more core2duo after the patches hit and
C) no one's getting exploited by this on websites since chrome/firefox/js were all patched like the day of that information dropping.
Turning it off basically resurrected my PC last night it was fucking glorious.
Sorry--for those of us still playing catch up, turned what off? I've also had a burst of Windows 10 updates described as security fixes.
Thanks. I missed the opportunity to have a "before and after" comparison, but I'm still using an i5-4670k from around 5 years ago, I recently disabled virtual machine support (after I just gave up and bought an old Windows 7 mini-PC and gave up my dumb experiments), and I use Vivaldi which has a pretty good reputation for security and constantly patches.
If there's an appreciable effect, it's probably going to be in CPU reliant stuff like Skyrim...and I don't want to turn off hyperthreading obviously.
I got super frustrated last night at some system hangs and ran across that by accident while in the SE++ tech thread. Obviously undoing the patches still puts your computer at risk, but the performance loss is just far too great I think for what little benefit you might get for being protected by a spectre attack.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Yeah games that have heavy IO and CPU like skyrim or anything built ontop of unreal will speed up measurably.
Yeah, problem is I haven't played it with enough regularity. I've been busy on console (where...you're generally not worried about a patch kneecapping your CPU), and playing The Sims 4...which is actually fairly CPU dependent, but hasn't had an appreciable performance change. I may have no way to make a good comparison (didn't take benchmarks before the patches, but possibly I haven't downloaded the specific ones yet?), but still, you have to be preventative.
Hang on, I'm slightly lost here. So disabling protections for Spectre is okay now?
They never honestly really posed a threat to end users.
But Microsoft, Apple, and the commercial Linux distros need to reduce their liability if someone does get compromised from it. They also need to do their due diligence for systems that would be easy to compromise (gov't ones).
The most common vector, JavaScript that wasn't sandboxed by browsers, was taken care of the day of the news breaking by both Google and Firefox. If you disable the OS level patches you're probably wide open on Edge and IE though. The speculative execution exploits are "read-only" so at best it would get you information going on in another thread that you could kind of see into the memory of and at worst it got them nothing (big exploit for VMs).
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I'm not concerned for myself, more just as Family Tech Support (TM) for a machine with a non-tech-savvy owner, a Core 2 Duo P9400, & Win7 (Edit: and Firefox is the main browser, thankfully). InSpectre tells me it's Meltdown protected but not Spectre protected, and Intel discontinued updates for CPUs that old. Just want to make sure that it's likely to remain okay (at least as long as Win7 isn't yet at end of life).
are VPN applications mysteriously appearing on a computer a good sign it's been infected with, like, a botnet virus or something?
applications mysteriously appearing on a computer are IMO a sign you need to burn the thing down and start over.
Yes, I would be extremely concerned I'd been backdoored.
edit: unless it's a corporate PC, in which case take it up with IT. It might be expected. I have had IT swap out VPN applications behind my back before.
Not corporate, someone's personal home computer. Windows defender found a trojan signature today and then he noticed there were mysterious VPNs he doesn't remember installing. I don't think he's ever even considered using a VPN.
BahamutZERO on
0
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
edited May 2019
If Windows Defender found something, and there's new applications, that means Windows Defender missed something else so you need to format and reinstall.
Posts
I have the exact same laptop.
Yesterday, a fairly serious CPU vulnerability along the lines of Spectre and Meltdown was disclosed. It impacts Intel CPUs, and they're calling it ZombieLoad.
Intel's disclosure of the vulnerabilities is available here.
Rumblings abound that Intel has known, and been working with various vendors and OS developers, for about a year. Microsoft and Apple have supposedly rolled out patches already. Microcode updates for the vulnerability are in the pipe or available, depending on the hardware, and may impact system performance.
Aside: "ZombieLoad" is at the very least a unique name, I suppose.
Do the fixes also impact CPU performance?
PSN:Furlion
sure do, I think it's like a 10% performance loss or something to that effect
PSN:Furlion
Yup!
Maybe this is the reason my CPU got shittily slow about 2 months ago.
Other mitigation strategies have a much lower impact.
Edit: It looks like microcode updates for the Intel CPUs impacted have already started rolling out via Windows Update for Windows 10. I'm uncertain if it was in the bevy of updates I received this morning, but I haven't noticed a significant performance hit on an 8700K so far.
if you use the OS updates it's much smaller I think
Steam | XBL
Steam | XBL
Ha!
Yeah, installed this one this morning. My score on Unigine Superposition went from ~14,000 to ~7,000.
Welp.
Edit: Though, strangely my Cinebench score hasn't changed much at all. That's peculiar.
AMD has had a couple but not nearly on the same level.
True. The fact that some of the baseline spectre flaws affected AMD CPUs gives me the impression that they have been caught with their pants down on this front just as much as Intel. There are probably more vulnerabilities to come for both vendors.
I still turned them all off because
A) I don't host virtual machines for customers so nbd
the performance hit to anything older than a gen 8 i# chip was too much and my gen 3 i5 was basically equivalent in speed to more core2duo after the patches hit and
C) no one's getting exploited by this on websites since chrome/firefox/js were all patched like the day of that information dropping.
Turning it off basically resurrected my PC last night it was fucking glorious.
Sorry--for those of us still playing catch up, turned what off? I've also had a burst of Windows 10 updates described as security fixes.
Edit: Here is the MS page with instructions for disabling the various mitigations - https://support.microsoft.com/en-us/help/4072698/windows-server-speculative-execution-side-channel-vulnerabilities-prot
use this to simplify it
disable both, reboot (make sure the buttons say "enable")
If there's an appreciable effect, it's probably going to be in CPU reliant stuff like Skyrim...and I don't want to turn off hyperthreading obviously.
http://steamcommunity.com/id/pablocampy
I got super frustrated last night at some system hangs and ran across that by accident while in the SE++ tech thread. Obviously undoing the patches still puts your computer at risk, but the performance loss is just far too great I think for what little benefit you might get for being protected by a spectre attack.
Yeah, problem is I haven't played it with enough regularity. I've been busy on console (where...you're generally not worried about a patch kneecapping your CPU), and playing The Sims 4...which is actually fairly CPU dependent, but hasn't had an appreciable performance change. I may have no way to make a good comparison (didn't take benchmarks before the patches, but possibly I haven't downloaded the specific ones yet?), but still, you have to be preventative.
Make sure to use benchmarks that test I/O too, that's usually where the hit is largest.
Steam | XBL
They never honestly really posed a threat to end users.
But Microsoft, Apple, and the commercial Linux distros need to reduce their liability if someone does get compromised from it. They also need to do their due diligence for systems that would be easy to compromise (gov't ones).
The most common vector, JavaScript that wasn't sandboxed by browsers, was taken care of the day of the news breaking by both Google and Firefox. If you disable the OS level patches you're probably wide open on Edge and IE though. The speculative execution exploits are "read-only" so at best it would get you information going on in another thread that you could kind of see into the memory of and at worst it got them nothing (big exploit for VMs).
Steam | XBL
Steam | XBL
applications mysteriously appearing on a computer are IMO a sign you need to burn the thing down and start over.
Yes, I would be extremely concerned I'd been backdoored.
edit: unless it's a corporate PC, in which case take it up with IT. It might be expected. I have had IT swap out VPN applications behind my back before.