venustus

Level 48
Verified
Trusted
Content Creator
The multi-decade long fight between Intel and AMD has recently taken a new dimension, as more users begin to wonder which processors can protect their computers, data, and online activities best.
Up until the last few years, both regular users and cyber security researchers were mostly worried about the plethora of software vulnerabilities for which there never seems to be an end in sight.
However, at the beginning of January 2018, many users and security researchers realized that the hardware powering our devices is not nearly as secure and free from serious security issues as we once thought.
That leaves us with the question: Which company is more secure? The question might seem pedantic when we consider that Intel currently has 242 publicly disclosed vulnerabilities, while AMD has only 16 (a 15:1 difference in AMD’s favor), but both companies also have a full roster of special security-minded features.


Read
 

Digerati

Level 6
Verified
Intentional or not, this is just a click-bait thread. :( Because it is click-bait, it is likely to get uninformed and worse, biased responses. Or it will just solicit irrelevant replies like the one above about NVIDIA - since the article is about AMD and Intel CPUs and not GPUs.

There is a huge difference between "publicly disclosed" vulnerabilities and known vulnerabilities. And just because a vulnerability has been disclosed, that does not mean it is "exposed" or that it even can be exploited.

And there even a greater difference between known vulnerabilities and vulnerabilities that have been exploited.

For example, Spectre and Meltdown are undeniably, serious and caused HUGE uproars. But to date, I cannot find where there has been one reported case of any computer (outside of a testing laboratory setting) that has been successfully compromised through those "publicly disclosed" vulnerabilities.

It is also important to note that many vulnerabilities, regardless the brand of the processor, require root access - that is, in many cases, the bad guy needs physical access to the computer - as noted in that Tom's article. How likely is that outside of a testing lab?

With a large number of other vulnerabilities, the bad guy has to sneak by our routers, our firewalls, our anti-malware solutions, past the security of the operating systems and browsers, execute the malicious code, and perhaps, sneak the compromised data back out past the firewall, security software and router - totally undetected. Piece of cake, right? :rolleyes:

Even with very sophisticated socially engineered techniques designed to trick users into being "click-happy" on unsolicited links, downloads, attachments and popups - in effect, opening the door and letting a bad guy in, that still does not suggest he or she can compromise the computer, or compromise it while remaining undetected.

Yes, Intel has more "disclosed" vulnerabilities. Does that mean the 100s of millions of Intel users out there are exposed? Not even. If you read through that Tom's article, you will see there are some serious AMD vulnerabilities too. Does it really matter which brand has more disclosed vulnerabilities if the bad guy decides to exploit one of AMDs and you own an AMD?

If you wear a tin foil hat, fail to keep your OS or security software current, and if you are click happy on every link, download, attachment and popup you see, then absolutely, get AMD and keep your computer behind locked doors. Me? I will continue to keep using my Intel based computers and will certainly consider Intel for my future builds, just as I will consider AMD. Both makers produce excellent and reliable processors that promise to provide excellent service for years.
 

plat1098

Level 11
Verified
Yeah, but for once in recent memory, Intel gets a kick in the pants and a smack upside the head from some "honest" competition. It's been on its laurels for decades in a near-monopoly and mind you, I have a bias in favor of Intel. Not to be tinfoil hat-tish but current freedom from exploitation doesn't guarantee future freedom from it, even though it remains highly, highly unlikely in this specific scenario. The main issue was disclosure--not keeping the vulns a secret from the consumer. Anyone can make a snap error in judgement. I do, all the time. 😬

So on that premise alone, this makes for some decent reading. 🎃 (y)
 

Digerati

Level 6
Verified
Sorry but your information is inaccurate.

For years Intel was way ahead, but then, many years ago, AMD leapfrogged over them because they were sitting on their laurels. That spanking really embarrassed Intel. It took Intel nearly 10 years to catch up and leapfrog back over with the Intel Core 2 Duo. At that time Intel vowed to never let AMD leapfrog back. And they haven't.

BUT AMD is nipping right at their heels, forcing Intel to keep looking over their shoulders. And that's a good thing as it ensures both companies keep innovating. And that's good for us consumers.

These security vulnerabilities are not due to any body sitting on their laurels. Don't forget, AMD has had some serious security issues too. I see AMD like we see Macs and Linux based machines compared to Windows. Mac and Linux users like to pretend they are safe because they don't use Windows. That's hogwash. Windows is just a much bigger target.
Not to be tinfoil hat-tish but current freedom from exploitation doesn't guarantee future freedom from it
Of course not. And anybody or company who thinks it does is foolish, at best. The bad guys are no dummies.

Ironic you mention monopoly since AMD got their big break when IBM insisted there be a 2nd source for processors for the IBM PC. So AMD was contracted and licensed to make x86 processors. And that was how they were able to reverse engineer the processor and come up with their own that ended up better than the Intels, facilitating their leap frog.

I am not saying "all" Intels are better than "all" AMDs. For they clearly are not. What I am saying is, just because company A makes the best processor, that does not mean they are tops in every category across the entire industry.

As far as "honest" competition - nothing honest anywhere in this competition. They both lie, steal and cheap every chance they get to get or stay ahead. But neither wants to be caught with their pants down when it comes to security.
The main issue was disclosure--not keeping the vulns a secret from the consumer.
But there are valid reasons not to disclose vulnerabilities. You can't release them to the honest public without releasing them to the bad guys too. If a vulnerability cannot be exploited today, I don't need to know about it.
 

plat1098

Level 11
Verified
Bill_Bright: in RECENT memory. "Many years ago" is ancient history, Who cares? The "honest" part--you said it:

As far as "honest" competition - nothing honest anywhere in this competition. They both lie, steal and cheap every chance they get to get or stay ahead. But neither wants to be caught with their pants down when it comes to security.
Excellent. Money, money, money. However, when it comes to expensive hardware, I as a consumer do indeed wish to know, even if I can't do anything about it directly at the moment. Unfortunately, that's asking too much in this context, bad guys notwithstanding. :mad: At 600-1000 USD a pop for an upcoming 10nm CPU, we deserve better than what we've gotten from Intel.
 

upnorth

Level 36
Verified
Trusted
Content Creator
Click-bait!? Really, from @venustus !???

Of course this thread from him is a non click-bait. I can personal vouch for him and just considering the amount of previous moderated news threads he been around created and I never caught him posted any fake or false information, that kind of direct accusing is pretty far-fetched.

Just because people, no matter who perhaps lacks knowledge, should never ever be a reason for stifle or block people from discussion. I could too easy if I wanted, argue that this discussion already is way too biased towards one side, but I won't as I normally always allow anyone try make their point and also have their own opinion.

This whole community works because people is allowed express their opinions but, it exist rules and if anyone is worried or scared, just click the report button and let the staff get a chance to help and decide.
 

Digerati

Level 6
Verified
'''that kind of direct accusing is pretty far-fetched.
I did not "accuse" him of posting click-bait. I did start my post with "Intentional or not" just because I did not want to sound accusatory. Sorry to all if that was not clear. And for sure, apologies specifically to venustus if offense was taken.
and if anyone is worried or scared, just click the report button and let the staff get a chance to help and decide.
Agreed. And that suggestion fits, regardless if the OP, or if another poster takes offense. I am sure venustus was fully capable of defending himself, if he felt the need to do so.

I was trying to point out that security is MUCH more involved than any one component. And knowing how brand loyal some are, it was easy to see how feathers could be ruffled.

Excellent. Money, money, money.
Yes, in business (especially when shareholders are involved) it always boils down to money. But any good manager will look at these things strategically too. Does it make sense to cut corners (or ignore problems) today if it will cost more a few years down the road? Perhaps sometimes, but not typically.

As far as anyone knows, Intel did not and does not try to sweep these under the rug and hope nobody would notice. It is physically impossible for them to repair the processors already in the field. They can not recall 100s of millions of processors - especially when no replacement is available. Plus, that would financially destroy Intel and then where would that leave us consumers - or their many 1000s of employees. So they immediately started to work with Microsoft and motherboard/BIOS vendors to patch those processors.

Was it a perfect solution? NO! Of course not. But is there one? Again, have any of those vulnerabilities actually been exploited out in the real world?

Full disclosure: I own shares of Intel and AMD. So clearly, I want them both to succeed. And I build computers based on both AMD and Intel platforms. As I also said in that opening post, both makers produce excellent and reliable processors. So brand loyalty is not my thing - except my Ford F150 is better than your Chevy Silverado. ;)
 

venustus

Level 48
Verified
Trusted
Content Creator
Sorry to all if that was not clear. And for sure, apologies specifically to venustus if offense was taken.
No need to apologize...no offence taken!:)
Cheers!

I can personal vouch for him and just considering the amount of previous moderated news threads he been around created and I never caught him posted any fake or false information, that kind of direct accusing is pretty far-fetched.
Thank you @upnorth:)