Major Intel CPU Hardware Vulnerability Found, Could Cost 35% Performance

Sunshine-boy

Level 26
Verified
Joined
Apr 1, 2017
Messages
1,588
OS
Windows 10
Antivirus
ESET
#22
drivers are still active I can see the services in Process Hacker
Yesterday I wanted to install McAfee but canceled the installation! I could see the divers, services, and McAfee folders remained on my pc(wtf bastard xd)
But the Pchunter was there to help me hahaha.
Pchunter+Registrar Registry Manager and Farbar Recovery Scan Tool are very useful tools for removing everything:D
Safe Mode (Whitelisted)McAfee services:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
found the same story with avast! the avast folder and DLL files will remain even if you remove it from the control panel(although didn't try the Avast uninstaller tool)
Same for Vivaldi browser(Update notifier and some other files)
I liked MacAfee but not anymore :*
 
Last edited:
D

Deleted member 65228

Guest
#23
Yeah hahahahaha it is absolutely ridiculous... Glad someone else here knows it really does happen and that I am not some crazy McAfee hater LOL. PC Hunter should be able to tackle it ;)

The friends friend sorted it in Safe Mode but my opinion is that it shouldn't have to be this way... Average members shouldn't be feared into using the product due to a bad uninstallation. They won't necessarily know how to use Safe Mode or do it properly, and then they may even spend money on someone to do it for them. And then when browsing or looking into getting someone else to do it, who knows, they might encounter a tech support scam and enter it unknowingly.

The uninstaller should be done properly, that is a crucial part to all installations... I find it bizarre that a security product from a company like Intel/who works with Intel behaves like it does in that manner.
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#24
I really hope for once that Congress takes notice of what has been happening (and is getting worse) in the PC industry.

How is Intel going to compensate for this flaw? Well, personally, right out of the gates :rolleyes: I think Intel leadership are reaching out incorrectly if they are reaching out only to MS and the Linux community. I realize they have to patch, but I can only imagine the outrage from gamers when they find out that they have no choice but to wait for a patch that will slow their PC. Wait until this hits the internet far and wide today LOL. This is a disaster, and when it reaches the everyday PC owner at home via the gamers, they will take the side of the gamers 100%. Patching is not going to solve Intel's problem on these fronts if it involves loss of processing capacity.

Clearly, MS is not a willing collaborator in the security industry, or in the software industry in general. Intel should consider that MS is not going to come up with anything that doesn't make PC users more reliant on Microsoft, without regard for the impact on Intel. If there is a creative solution that might come from Bitdefender or Emsisoft or Kaspersky or some other innovative software company, Intel will miss out. Absolutely, if there is a creative solution, it's not going to come from MS or at least very likely not, especially considering that maybe there could be an answer in collaboration with security writers. MS is not collaborating with anyone.

At any rate, there isn't time for waiting for a better solution than the MS one to come down the pipes a year or two from now. Devs at these security companies are well acquainted with dealing with Microsoft's choices, including kernel o/c, from an independent, outside, and critical viewpoint. They probably know MS' programming better than MS devs in terms of how it could be improved. If there are options that don't lead to huge lawsuit judgements, these are the types of individuals who will be able to help. The innovative thinkers are certainly not at MS at this point, and MS is not going to step up in any vital ways to help Intel with this. They'll deliver a generic quick fix patch...the end.

How will Intel compensate for this? They have to do better than what's being mentioned, or they will be sending out hundreds of millions of replacement processors. Even if the loss of power is only 1%, the gamers will want either the money to buy AMD or a new unaffected processor and the cash required for a tech to replace the processor. As for businesses, of course, this is the most important angle on the issue. Business can't adjust to these losses if they are as reported. To me this looks like a catastrophe on all fronts barring a quick solution that doesn't cost users productive capacity.
 
Last edited:

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,676
OS
Other OS
#26
It is a catastrophe, there is no way to sugar coat this. It impacts the entire world from the ground up since we're dealing with a monopolistic firm (Intel) with 80%+ marketshare and vast power to manipulate governments, politicians and other industries. A company with a private army, their own industrial intelligence wing and more.

I hate intel, I've always hated intel. Everything they touch turns to crap.. They bought PasswordBox then killed off Lifetime members when they renamed it 'TrueKey'. They've suppressed competition on all fronts using aggressive tactics. McAfee is a pile and always will be a pile, most of us consider it malware itself. I've had powerful Intel boxes, Intel servers, but never liked them. For gaming I stuck with FX series, and lately, upgraded to Ryzen.

However now I am officially done with intel. I've put all of my notebooks on Ebay. I'm replacing them with 2 in 1, mid to higher range Chromebooks with 64-bit ARM Cortex-A72/A53 heterogenous processors. Intel can go screw itself.
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#27
"We aren't to blame, the users are"

Would be pretty funny
For once, I hope to hear this and from a hardware manufacturer of all things. I have dreaded MS' dodgeball antics through the years. Can't wait for Intel to say that the hardware simply won't support your former benchmark like MS has always done with Windows, saying the OS is "limited" (AHEM) because the hardware doesn't support better. Imagining Intel will actually today be mulling over a way to get paid for the sneak preview of processing capability to come in the future. :rolleyes: I see coming a rush to the CEO "eyes only" report from the juniors on how MS always has manhandled PC users during epic fails LOL...

Seriously, MS has been the worst with this over the years, backhandedly passing issues off to the manufacturers and/or blaming the user, while pushing out partial fix patches. :p:D
 
D

Deleted member 65228

Guest
#28
passing issues off to the manufacturers and/or blaming the user
I know what you mean but in this situation with this recent Intel vulnerability, there isn't much Microsoft can do. It looks like it has to be down to Intel for a proper patch, but the vulnerability resides in a feature within the chip itself. Microsoft can make a partial patch with the performance reduction, I don't see what else Microsoft themselves can do this time round. :/

Intel need to make their processors more secure, release new models which are fixed, and then the performance reduction patch won't need to be present. Either way the world is screwed because upgrading to the latest model will be expensive... And not updating for the patch is dangerous.

All the major criminal organisations will be trying to discover the vulnerability and exploit it now before even the partial patches are properly applied. If a criminal is capable of discovering the vulnerability and exploiting it, and can spread their malicious software efficiently and quickly, then it would probably allow them to escape Virtual Machine environments and gain a lot of control via privilege escalation exploitation and apply a lot of damage to many organisations/home users - imagine ransomware spreading at a fast pace and exploiting whatever vulnerability is down to this fiasco. Whatever the vulnerability in the CPU hardware is, you can bet it is going to be a gold-mine for an attacker and provide great power, otherwise an urgent fix wouldn't be necessary... Especially not in exchange for 30% of the system performance LOL.

The 30% performance reduction is likely down to the patch needing to be applied within the Windows Kernel itself, enforcing additional security mechanisms like isolation of components or alike, and thus the kernel operations will slow down. This means all running software slows down as it communicates to the Windows Kernel via system calls, and thus the code execution at the real routines in the kernel after the system call -> slowed down.

Programs make hundreds, thousands, or millions of system calls. The performance issue will be real.
 
Last edited by a moderator:

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,676
OS
Other OS
#29
I know what you mean but in this situation with this recent Intel vulnerability, there isn't much Microsoft can do. It looks like it has to be down to Intel for a proper patch, but the vulnerability resides in a feature within the chip itself. Microsoft can make a partial patch with the performance reduction, I don't see what else Microsoft themselves can do this time round. :/

Intel need to make their processors more secure, release new models which are fixed, and then the performance reduction patch won't need to be present. Either way the world is screwed because upgrading to the latest model will be expensive... And not updating for the patch is dangerous.

All the major criminal organisations will be trying to discover the vulnerability and exploit it now before even the partial patches are properly applied. If a criminal is capable of discovering the vulnerability and exploiting it, and can spread their malicious software efficiently and quickly, then it would probably allow them to escape Virtual Machine environments and gain a lot of control via privilege escalation exploitation and apply a lot of damage to many organisations/home users - imagine ransomware spreading at a fast pace and exploiting whatever vulnerability is down to this fiasco. Whatever the vulnerability in the CPU hardware is, you can bet it is going to be a gold-mine for an attacker and provide great power, otherwise an urgent fix wouldn't be necessary... Especially not in exchange for 30% of the system performance LOL.

The 30% performance reduction is likely down to the patch needing to be applied within the Windows Kernel itself, enforcing additional security mechanisms like isolation of components or alike, and thus the kernel operations will slow down. This means all running software slows down as it communicates to the Windows Kernel via system calls, and thus the code execution at the real routines in the kernel after the system call -> slowed down.

Programs make hundreds, thousands, or millions of system calls. The performance issue will be real.
Speaking from an enterprise perspective - that hardware hit can't be swallowed. Anyone that works with servers (again, VM or otherwise, it's a server) knows that overhead is pushed to the limit. This 'issue' will blow away SQL servers because of the kernal activity of SQL and a 35% increased overhead will kill SQL servers worldwide. Most firms can't simply buy another stack of 10K servers, cals and licensing just because Intel was foolish.

If there is a 'good' to all of this it's that it came before SBS2011 and 2008R2 become EOL, we have a couple years to fix this before a WHOLE LOT of people start buying servers. If they fix it at all other than band aid it because their architecture is flawed at the design level.

There is talk this was intentional because it allowed some incredible levels of spying/intrusion. Think about it, it fits the NSA/CIA modus that to compromise best you work from the design/hardware/firmware level. That intel was on board with it in the design/engineering phase and the CEO probably sold out once he realized they couldn't contain this any longer. The boys over at Linux really let the cat out of the bag. Either way, Intel isn't being honest about any of this and should we expect them to be? Nope.
 

Prorootect

Level 53
Verified
Joined
Nov 5, 2011
Messages
4,225
#30
"When Will the Patch Affect My PC?
The Register expects Microsoft to publicly release this patch on the next Patch Tuesday, which is January 9, 2018. The changes will appear in an upcoming version of the Linux kernel, and we’d also expect Apple to patch macOS with similar changes fairly soon."
- so soon this Intel Apocalypse, very soon!
 

AtlBo

Level 26
Verified
Joined
Dec 29, 2014
Messages
1,530
Antivirus
Qihoo 360
#31
Intel need to make their processors more secure, release new models which are fixed, and then the performance reduction patch won't need to be present. Either way the world is screwed because upgrading to the latest model will be expensive... And not updating for the patch is dangerous.
I don't think this is going to work. Intel will go under if they try this. Noone is going to pay them for anything, and any reduction in processor capability is not going to be acceptable to anyone. Just switching isn't an option for most people, either. It is a catastrophe.

I know what you mean but in this situation with this recent Intel vulnerability, there isn't much Microsoft can do. It looks like it has to be down to Intel for a proper patch, but the vulnerability resides in a feature within the chip itself. Microsoft can make a partial patch with the performance reduction, I don't see what else Microsoft themselves can do this time round. :/
I understand the point, but is the issue that Intel did not dedicate proper CPU resources or count for proper resources for avoiding this vulnerability issue themselves? How is the physical chip itself flawed? Or was the capability of the chip simply misstated in the first place, once this issue is taken into account? That is the ultimate catastrophe. If Intel can't come up with a fix that doesn't cost users processing capacity...they will be shipping processors or paying PC owners big money to replace them. The worst part will be if AMD chips actually do not need the patches. That will be the melt down.

I have 3 older i5 2400/2500 PCs that are very capable. What kind of hit does Intel expect me to ignore on the capacity of these processors from a benchmark standpoint? That an Intel processor was in a machine in a store that anyone at all could preview before buying or in a PC out of the box that could be reviewed for others, these are enough for a huge lawsuit over misstating/misrepresenting the capabilities of the processor. That is if Intel cannot come up with a solution. And Intel as a merchant has no right to discriminate over how old a part is when it comes to compensation. PC owners are going to expect their processor to be replaced with something that lives up to what they paid for originally, regardless of how they acquired the PC.

I don't think for a second this is a run of the mill brush off the PC owners issue. It's not going to be that simple with this one by any means.
 

Prorootect

Level 53
Verified
Joined
Nov 5, 2011
Messages
4,225
#34
Slyguy wrote:
"There is talk this was intentional because it allowed some incredible levels of spying/intrusion. Think about it, it fits the NSA/CIA modus that to compromise best you work from the design/hardware/firmware level. That intel was on board with it in the design/engineering phase and the CEO probably sold out once he realized they couldn't contain this any longer. The boys over at Linux really let the cat out of the bag. Either way, Intel isn't being honest about any of this and should we expect them to be? Nope."

- The spy tendencies of Intel are going to have consequences in the whole world, now it should bite itself in its own tongue, but this is still too late - it's the end of this enterprise.

AtlBo wrote:
"That an Intel processor was in a machine in a store that anyone at all could preview before buying or in a PC out of the box that could be reviewed for others, these are enough for a huge lawsuit over misstating/misrepresenting the capabilities of the processor. That is if Intel cannot come up with a solution. And Intel as a merchant has no right to discriminate over how old a part is when it comes to compensation. PC owners are going to expect their processor to be replaced with something that lives up to what they paid for originally, regardless of how they acquired the PC."'

- I think, that Intel has to exchange for free to everyone these CPU processors for a new version without this problem.
 
Last edited:

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,676
OS
Other OS
#35
Is there any company that creat CPU but not Intel and AMD? I want smth outside the USA:D
A few of CPU manufacturers are starting to scale the ladder, despite oppression from Intel. (which may be ending as Intel has their own issues now)

I'm switching all of my notebooks to Cortex heterogenous Mediatek processors running ChromeOS. There are many benefits aside from security, one of the major ones is these cool running processors run at full speed all of the time with reduced power consumption. Remember, a lot of gear like Fortinet runs on ARM or ASIC type chips. My DNS server runs on a Pi.

Analog Devices, Apple, AppliedMicro, Atmel, Broadcom, Cypress Semiconductor, Freescale Semiconductor (now NXP Semiconductors), Nvidia, NXP, Qualcomm, Renesas, Samsung Electronics, ST Microelectronics and Texas Instruments, MediaTek to name a few.. These include well known names like Exynos and Snapdragon. Intel isn't the only player, and if this fleshes out how I think it will they may not be the biggest player in the future.
 
Joined
May 25, 2015
Messages
306
#36
Come on guys, Intel are the good guys.

Without Intel tools such as the ME, how is the NSA/CIA going to keep us, the world of course :) safe from terrorists and to protect the children, yadda yadda yadda.

I am going back to flying the drone. Bombs away....Damn it, I think I hit a wedding. BRB.
 
Joined
Jul 6, 2017
Messages
233
OS
Linux
#37
Wow, this is major. :/ I don't think they can easily get away with this, but then again, I wouldn't be too surprised even if they do. And if that info on Intel's CEO selling a huge amount of his stocks, as some you previously mentioned, is correct - well it's one really interesting coincidence.
Now I wish I had gone with some notebook with Ryzen instead of buying the one with i5 7300hq two months ago.
 
D

Deleted member 65228

Guest
#38
Without Intel tools such as the ME, how is the NSA/CIA going to keep us
Anything implemented to assist a government remotely or such can be abused by a malicious attacker without legal consent as well. This is why a master key to encryption for major services is a bad idea, and why backdoors in firmware of hardware is a bad idea. It affects everyone who is also good in very bad ways. Not to mention that Intel provide for many other countries, not just US. If the US government and Intel were working together, Intel are not legally permitted to do such for other countries by their laws. So all it would do is cause even more fiasco if they got caught.

I believe the government should be able to do their job and monitor people of interest for valid reason, but at the same time I don't think that systems should be left vulnerable for some creepy nerd to remotely access it because a hardware manufacturer felt like cutting corners or for whatever reason. They can come to the Caile mountains and have a 1v1 against the Artificial Intelligence super-human-strength cave cats instead.

I don't believe it's a coincidence that there was the Intel ME exploitation and now this, but that's just me. Quite frankly, I am not alarmed since I use AMD... Until AMD is exploited like this and I find out, I'll be happy.
 

rockstarrocks

Level 15
Verified
Joined
Apr 16, 2017
Messages
746
OS
Windows 10
Antivirus
Kaspersky
#40
Is there any company that creat CPU but not Intel and AMD? I want smth outside the USA:D
You would have to go the ARM route then cause AFAIK Intel & AMD are the only makers of x86 CPUs. Companies that have designed chips with ARM cores include Amazon.com's Annapurna Labs subsidiary,[37] Analog Devices, Apple, AppliedMicro (now: MACOM Technology Solutions[38]), Atmel, Broadcom, Cypress Semiconductor, Freescale Semiconductor (now NXP Semiconductors), Nvidia, NXP, Qualcomm, Renesas, Samsung Electronics, ST Microelectronics and Texas Instruments.
To me only three seems as a viable options for Windows on ARM namely Qualcomm and Samsung.

Well that would suck even more if AMD would have to pay the price for this mess created by Intel.
 

Latest Posts

Latest Threads