Major Intel CPU vulnerability

Danp

Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.

https://www.grc.com/inspectre.htm

Ambarishrh

@danp said in Major Intel CPU vulnerability:

Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.

https://www.grc.com/inspectre.htm

Anyone tried this?

travisdh1

@ambarishrh said in Major Intel CPU vulnerability:

@danp said in Major Intel CPU vulnerability:

Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.

https://www.grc.com/inspectre.htm

Anyone tried this?

Took a look at the laptop I was working on today with it. Found out it hadn't applied the latest updates, and it had the correct status and explanation both times I ran it.

Steve Gibson is a software guy, not a security specialist (obviously), he normally writes good programs/utilities.

NashBrydges

@ambarishrh said in Major Intel CPU vulnerability:

@danp said in Major Intel CPU vulnerability:

Easily examine and understand any Windows system's hardware and software capability to
prevent Meltdown and Spectre attacks.

https://www.grc.com/inspectre.htm

Anyone tried this?

Yep. I have on a Dell R230 and R620. It correctly identified that the R230 was fully updated and as patched as possible, and that the R620 was still waiting for the microcode and bios update from Dell. Nice and easy for validation once you've applied your patches and updates.

IRJ

Alot of really good content in this thread. I am thinking I should rename it to reflect updates on Spectre/Meltdown. Any ideas on renaming it?

Obsolesce

@irj said in Major Intel CPU vulnerability:

Alot of really good content in this thread. I am thinking I should rename it to reflect updates on Spectre/Meltdown. Any ideas on renaming it?

Spectre & Meltdown

momurda

Ami correct, Intel isnt even going to release patch for the vast majority of the cpus they sold in the last 10 years?  That is what i care about, the 'ancient' 2013 cpus i have in my server room that wont be getting patched.  Not to mention the 4930k i have at home that is still faster than most of what they sell today, but wont be patched either.

DustinB3403

@momurda said in Major Intel CPU vulnerability:

Ami correct, Intel isnt even going to release patch for the vast majority of the cpus they sold in the last 10 years?  That is what i care about, the 'ancient' 2013 cpus i have in my server room that wont be getting patched.  Not to mention the 4930k i have at home that is still faster than most of what they sell today, but wont be patched either.

I wouldn't hold my breath, this vulnerability has bolstered their future sales for any diehard Intel fans.

Obsolesce

@momurda said in Major Intel CPU vulnerability:

Not to mention the 4930k i have at home that is still faster than most of what they sell today, but wont be patched either.

Well yeah... a $1,000 CPU you bought years ago would of course be better than a <$200 CPU you buy today.

If you spend $1000 on a CPU today, it'll be WAY better than your 4930k.

It doesn't make sense to patch CPUs based on their performance level...

momurda

@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.

IRJ

@momurda said in Major Intel CPU vulnerability:

@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.

The car analogy sold me. With this type of vulnerability the safety is very similar to having a brake problem.

Dashrender

@momurda said in Major Intel CPU vulnerability:

@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.

There are federal mandates on how long automakers must make recalls.

I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great).

It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years.

LOL - like that will ever happen.

Obsolesce

@momurda said in Major Intel CPU vulnerability:

@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.

Yeah I get the point. I agree they should provide a fix for them all as far back as Operating System vendors (Microsoft, Apple, Linux Distros, etc) will provide OS patches for AT LEAST.

scottalanmiller

@dashrender said in Major Intel CPU vulnerability:

@momurda said in Major Intel CPU vulnerability:

@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.

There are federal mandates on how long automakers must make recalls.

I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great).

It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years.

LOL - like that will ever happen.

I don't think that it would be great. It would encourage all kinds of bad things, like intentionally fly by night organizations and a lot of small, cheap stuff not able to be made.

Dashrender

@scottalanmiller said in Major Intel CPU vulnerability:

@dashrender said in Major Intel CPU vulnerability:

@momurda said in Major Intel CPU vulnerability:

@tim_g It was 500 dollars. Bought in 2013. Still not getting a fix, that is the problem. Dont give a fuck how fast it is. Same with the Xeons in the server room.
This is the largest chipmaker in the world, they wont even make out a fix for over 2/3 of their customers. This would be like GM having antilock brake problems for 15 years on all cars, and only giving recalls out to cars sold in the last 3 years. total bullshit.

There are federal mandates on how long automakers must make recalls.

I don't think such a thing exists for things like this. Should their be? Oh hell yeah! But frankly I don't expect it to be more than 5 years (though 10 would be great).

It would be awesome to see federal law - if you make a computer based/software based widget, you must provide security related fixes for 10 years.

LOL - like that will ever happen.

I don't think that it would be great. It would encourage all kinds of bad things, like intentionally fly by night organizations and a lot of small, cheap stuff not able to be made.

The knife definitely cuts both ways in this.

momurda

Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product.

scottalanmiller

@momurda said in Major Intel CPU vulnerability:

Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product.

What's more shocking is how few of their customers care or will stop buying from them.

DustinB3403

@momurda said in Major Intel CPU vulnerability:

Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product.

I can agree with your stance, yet I have to disagree with you. The money earned has nothing to do with what it would take to fix every CPU ever made since this bug existed.

Old tech has a shelf life, just like everything else. Replace your old equipment and move on. Hopefully you replace it with something that isn't Intel if you don't want to support them.

Dashrender

@momurda said in Major Intel CPU vulnerability:

Just to expand my rant a bit here. How can their employees be ok with billions of devices all over the world not being patched? This fucking company has made over 2 trillion dollars! during the time that affected cpus were produced. 2 TRILLION dollars, and they wont take a tiny percentage of that money to fix their shit. Enshrinement of money over all else, just an incredibly stupid and short way of thinking, a sickness affecting most people apparently. Im sure next weekend during NFL playoffs theyll have a nice new commercial with more people in cleansuits dancing, but wont fix their broken product.

It's about what makes the money. Making money is likely the only goal the public company has. So spending some of it on making patches actually doesn't make them money, because customers won't leave them, it hurts them - because if patched, why buy more?

momurda

@dashrender They already made money. More than 2 trillion dollars. Even a 20B fix is less than 1% of the money they made selling these cpus