Troubleshoot Shoud I Invest on new Cpu or Laptop??

tim one

Level 21
Verified
Trusted
Malware Hunter
Jul 31, 2014
1,091
Just to give you an idea of how bad is this situation, the U.S. CERT had initially recommended to change all the processors ("Fully removing the vulnerability requires replacing vulnerable CPU hardware.") but then the situation is resized.
From my point of view, I will stay with my old hardware (of course by applying any available patches) because this is not the first and it will not be the last serious vulnerability that can affect us.
It is essential to keep updated on future developments and solutions of this story.
 
Upvote 0

SUPRA

Level 3
Nov 26, 2016
111
Thank you for all your reply actually I forgot to mention one thing I have a core 2 duo processor laptop and I am thinking to upgrade that because it is pretty old and have performance drop but after seeing this I step back so will I wait for a year ??
 
  • Like
Reactions: Vasudev
Upvote 0

Slyguy

Level 44
Jan 27, 2017
3,322
Didn't (I think) @Slyguy did that? Well it was going to happen anyway but still.

Yes I did.. In fact, I no longer have any Intel chips in my home. But I never really trusted Intel after Ring-2 and FDIV fiascos years ago.

However this all fell around my 3-4 year laptop/notebook refresh so it's all good. Did I replace hardware? Yes. Was this is primary reason? No. It was due to happen anyway, this accelerated it and also changed my options around. I generally refresh hardware on a 3-4 year cycle so it was on the way anyway. This time I cycled out of Windows OS into ChromeOS and cycled out of Intel into other chips. I believe this refresh cycle will be significantly more hardened from attack than previous.
 
Upvote 0

askmark

Level 12
Verified
Aug 31, 2016
579
Thank you for all your reply actually I forgot to mention one thing I have a core 2 duo processor laptop and I am thinking to upgrade that because it is pretty old and have performance drop but after seeing this I step back so will I wait for a year ??
I upgraded my Core 2 duo desktop with an SSD and it's running like a new PC. Maybe you could upgrade your laptop?
 
Upvote 0
D

Deleted member 65228

Get a Chromebook unless you really need to use Windows.

If you go for Windows, get a system with an AMD processor and not Intel. Intel is vulnerable to Meltdown whereas AMD processors aren't, and Meltdown is the vulnerability which can be performed from a malicious web-page via JavaScript.

For example if you run malware with standard rights, it can still open a remote connection for a backdoor, intercept keystrokes, use up your network resources for DDoS attackers (botnet functionality), etc. So Spectre isn't so much devastating than Meltdown in my opinion, but harder to exploit and mitigate at the same time.

Keep your software up-to-date and watch what you're doing. I don't trust Intel at all especially after their down-playing and trying to bring other companies into their mess with their public replies - the CEO also is sticking to the bare minimum shares which seems dodgy given the company was reportedly expected to rise to in-humane revenue growth within the next few years a few months ago.

But I never really trusted Intel after Ring-2 and FDIV fiascos years ago.
Yeah that was irritating, I was using Intel at the time. I am pretty sure you needed to be executing code under the context of ring 0 to deploy the ring -2 exploit though (so you'd already be in kernel-mode = game over). But it was still ridiculous
 
Upvote 0

Digerati

Level 7
Verified
Mar 2, 2017
318
Way too much of FUD and paranoia in my opinion...
I totally agree!

BUT that does not mean the issue should be ignored. The problem is real, it just does not affect near as many people as many "wannabe" journalists and bloggers, and many in forums who automatically believe and repeat everything they read, made it out to be.

Personally, if you "need" a computer now, buy one. But if you can wait, I say wait a few months.

Just to give you an idea of how bad is this situation, the U.S. CERT had initially recommended to change all the processors ("Fully removing the vulnerability requires replacing vulnerable CPU hardware.") but then the situation is resized.
I feel this is a bit misleading. First, as you correctly noted, the situation "resized" and US CERT's advice was quickly taken down (like in less than 24 hours!). So I think the comment should be "to give you an idea how the situation was initially blown way out of proportion and exaggerated...". This is because, as it turns out, is it not near as bad as initially reported.

BTW, I recommend everyone interested in security sign up for US-CERT Advisories.

It is bad for those servers affected, but it is not nearly as widespread as first reported. To exploit this bug, the server needs to be running VM (virtual machines) and certain programs within those VM environments. Then the badguy must (somehow) get past all the security coming in and gain root access to the system. That is not necessarily hard for an experienced hacker, but it is not a like you see on TV either.

From there he/she has to run a program where he can then see data from another VM session running on that computer. But understand seeing data does mean you can read and understand it. Data in memory looks like a bunch of hexadecimal jumbled up gobbledygook from everything running in that memory environment. Seeing it and turning into readable, understandable, and usable/exploitable data are totally different things.

So can it be done? Yes. But there are a whole lot of big IFs in the way before a bad guy could actually get any usable data. Plus it is important to point out there is no evidence anywhere this flaw has ever been exploited.

So yeah, there's been way too much FUD and paranoia spread on this.

And not only FUD just on the vulnerabilities, but on the patches too with many reports claiming performance hits up to 30% once you apply the patches. I've update all my 6 systems here and have seen no performance degradation at all. Many others report the same. In fact, I have not seen anyone saying their system is running slower now.

Get a Chromebook unless you really need to use Windows.

If you go for Windows, get a system with an AMD processor and not Intel. Intel is vulnerable to Meltdown whereas AMD processors aren't,
That is incorrect and therefore not sound advice. The problem is NOT with Windows. It is with the hardware and Chromebooks still contain Intel devices. But, AMD processors are affected too! See The Inquirer: Intel, ARM and AMD all affected by security-bypassing, kernel-bothering CPU bugs and The Hacker News: Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors. While the initial strain of Meltdown only affected certain Intel processors other variants of the same problem affect AMD as well.
 
Upvote 0
D

Deleted member 65228

That is incorrect and therefore not sound advice. The problem is NOT with Windows. It is with the hardware and Chromebooks still contain Intel devices. But, AMD processors are affected too! See The Inquirer: Intel, ARM and AMD all affected by security-bypassing, kernel-bothering CPU bugs and The Hacker News: Meltdown and Spectre CPU Flaws Affect Intel, ARM, AMD Processors. While the initial strain of Meltdown only affected certain Intel processors other variants of the same problem affect AMD as well.
Meltdown doesn't affect AMD as far as I am aware, but a variant of Spectre definitely does (not all the different variants of it).

I've not said that the vulnerability is due to Windows, you're putting words into my mouth; the vulnerability is present in the hardware. I merely said that the original poster should use a Chromebook with ChromeOS unless they really need to use Windows, because Windows is a lot less safer in terms of available attack vectors.

AMD processors are confirmed to be affected by a variant of the Spectre vulnerability, which is to do with speculative referencing with memory. It's an issue with the branch prediction implementations - access checks not being enforced properly for trust levels of the requester.

Whether a Chromebook uses an Intel processor or not (I believe there are also other CPUs available for a Chromebook but I am not sure), it doesn't change the fact that a Chromebook will provide less attack vectors generally speaking. Firstly, while Linux is still targeted by attackers with malicious software (of course), it is less common compared to Windows because malware authors are likely to have an increased success ratio targeting Windows, or even OS X - and such native Linux applications won't even run on a ChromeOS due to its design and you don't have to install the supported applications. And secondly, ChromeOS is very restricted in what can actually be done and you can disable things to improve the protection even further - while maintaining usability to do what it is designed for, such as browsing the web in a secure manner. A Chromebook is perfect for an average Joe.

All the facts of the recent scenario aren't laid out on the table yet so all of us here could be wrong, or some of us, or none of us - we'll all be waiting many more months from now for incorrect information to be corrected and new information to have a light shone upon it. We'll have to wait and see. If it turns out Meltdown can be adapted to attack a system using AMD (or already has been without me becoming aware) then fair play, if I am wrong then I am wrong. But I certainly did not say the vulnerability was down to Windows, so please don't imply that I have done. As well as this, it is factually proven already that more recent vulnerabilities affect Intel over AMD - whether this will change will be uncovered in due time, anything can happen around the corner and none of us should ever count our chickens, but to date, that is factual.
 
Last edited by a moderator:
Upvote 0
Top