New
#260
Many thanks for that. Probably one for tomorrow, and if it does all work I know it will be grim reading because its an 11yr+ old laptop.
You've been really helpful, I appreciate it, a pity there are no rep do-dahs on TUT's
Windows Client Guidance against speculative execution vulnerabilities
-
-
New #261
Here is the thing.
The combustion engine was developed in the late 1800s as an alternative to steam engines. We used (and continue to use) them for quite a long time, only to find out (much later) that combustion of hydrocarbons is dangerous in many ways, both to human health as well as the environment. Part of the reason why this wasn't discovered sooner is that we didn't have the equipment to test for the problems, part was that we didn't think it would cause such a problem, and part was the we had no previous empirical data to look at to show any sort of cause and effect relation for the combustion.
This is an analogous situation to these CPU vulnerabilities. The CPUs were developed with certain capabilities in mind, and the capabilities worked as advertised. 23 years is a short time to Discover the very novel ways that these capabilities were taken advantage of, and there was no empirical data from any previous release of CPUs that these vulnerabilities could exist. We certainly didn't have the equipment 23 years ago to test for these vulnerabilities, and no one had bothered considering that these vulnerabilities may even exist.
Remember, they were first *theorized* in 2016....
-
-
-
-
New #265
Very understandable analogy, but contrary to what @larc919 has mentioned in his post # 246 (I'm not convinced it's a good idea to announce existence of a major widespread PC problem before there's a workable fix for it.), there is no fix yet for Spectre on my PC and I am still vulnerable.
HP has not yet released a BIOS/UEFI firmware update, as far as I know, to make me feel secure. It's a fact that fixing a problem at the architectural level of a processor is not easy. I am not tech-savvy enough to know or understand what goes under the hood, but sometimes I get really suspicious when ,in some articles, they are talking about the prospect of buying a new PC with the upcoming flawless CPU in order to be totally safe from these vulnerabilities (Speculative Execution Sidetrack Attacks). So my point is two-fold:
1) The word is out there already and I am not yet protected and as we all know the fix is going to be a palliative, for it will have some performance hit on some processors, more so on the older ones.
2) I am not willing and ready yet to buy a new PC in the foreseeable future.
Thanks for chiming in and no hard feeling. Really appreciate your post :)
-
New #266
If it makes you feel better:Very understandable analogy, but contrary to what @larc919 has mentioned in his post # 246 (I'm not convinced it's a good idea to announce existence of a major widespread PC problem before there's a workable fix for it.), there is no fix yet for Spectre on my PC and I am still vulnerable.
HP has not yet released a BIOS/UEFI firmware update, as far as I know, to make me feel secure. It's a fact that fixing a problem at the architectural level of a processor is not easy. I am not tech-savvy enough to know or understand what goes under the hood, but sometimes I get really suspicious when ,in some articles, they are talking about the prospect of buying a new PC with the upcoming flawless CPU in order to be totally safe from these vulnerabilities (Speculative Execution Sidetrack Attacks). So my point is two-fold:
1) The word is out there already and I am not yet protected and as we all know the fix is going to be a palliative, for it will have some performance hit on some processors, more so on the older ones.
2) I am not willing and ready yet to buy a new PC in the foreseeable future.
Thanks for chiming in and no hard feeling. Really appreciate your post :)
My CPU is officially 10 years old (original generation Core i7 965 EE).
My motherboard is officially 8 (eVGA X58 Classified 3)
The last BIOS released for my motherboard was in 2011.
eVGA tech LeeM has stated on the eVGA forums that the status for a BIOS upgrade for my family of machines, among other 'legacy' boards, is as follows: these boards will only get a BIOS upgrade if Intel releases source code for the BIOS to them. Not the CPU microcode patch, but the entire BIOS.
Which means that they cannot just take an old BIOS and replaced the microcode with the new one and release it.
As for not releasing the vulnerability to the public when they found out about it, I have already stated and will continue to state that it is ADMIRABLE of Intel to get to work on finding fixes for the vulnerabilities, as much as possible, as soon as possible, working with the OS vendors to get this taken care of before it became public knowledge.
It would be stupid for them to release the vulnerability that NO ONE KNEW ABOUT to the public with no fix.
Unfortunately, there is still no fix for one variant of Spectre, for ANYONE. And that is the real danger here now.
-
New #267
I've a few old laptops that are virtually susceptible to Spectre. As for a two year old HP laptop not showing for a UEFI/bios upgrade in their list is disappointing to say the least. Always bought HP for myself so this wasn't expected. Posted a query on their forums yesterday and the silence is deafening. When I queried for the Intel firmware update had a reply almost instantly.
-
New #268
-
-
New #269
Isn't there? What if you run as a standard user? Would that help or not?
Doesn't the malware required need authority to run or does any user (including limited ones) have access to see what the butler is doing in the wine cellar (to use the feeble analogy apparently used by every single newspaper on the planet).
Quote
very nice analogy :)
Related Discussions
