Jump to content
NotebookTalk

Amd and Intel's security flaws and security vulnerabilities. The chosen one ISN'T BETTER THAN THE OTHER.


Papusan
 Share

Recommended Posts

Do you remember a few years ago when everyone panicked over a couple of security flaws known as Meltdown and Spectre? These were a new type of security hole altogether, known as speculative execution flaws because they exploit the so-named capability of modern processors. That was back in 2018, and since then, every tech company under the sun has issued patches, firmware updates, and other guidance to mitigate the danger of these attacks.
 
So that's all over and dealt with, right? Well... not exactly. As it turns out, one of the major mitigations deployed against Spectre, known as "retpoline", isn't actually as helpful as we thought. A new flaw, known as "retbleed", has been discovered by researchers at ETH Zurich. Retbleed evades earlier protections against a specific form of the Spectre vulnerability, including machines using the retpoline mitigation..
 
Both AMD and Intel say that they're not aware of anyone making use of these vulnerabilities in the wild, but patches aren't available yet. When they do become available, they may come with a performance hit of as much as 28%. Hopefully some clever coders will come up with a way to mitigate that performance loss.
 
Microsoft try push you over on new hardware so you can enjoy their latest and most secure OS. Same do the HW manufacturers. They know they later have to patch flaws they have added to try optimize for better performance. Give with one hand and then take it back with the other hands. Or just hope you buy their newest and safer products that will suffer same mess after a couple of years. Why not just stop optimize for performance when you know you have to take it back later?

"The Killer"  ASUS ROG Z690 Apex | 13900K | 4090 HOF | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W) | Corsair Obsidian 1000D | Custom Loop | Asus ROG Strix XG27AQ 27" Monitors  

 

                                                 Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

  • Papusan changed the title to Amd and Intel's security flaws and security vulnerabilities. The chosen one ISN'T BETTER THAN THE OTHER.
  • 2 weeks later...

Meh... I rather agree with the sentiments expressed in this article:
https://www.extremetech.com/computing/337005-researchers-found-an-unpatchable-security-flaw-in-apples-m1-and-you-probably-dont-need-to-care

 

The amount of energy and drama expended seems out of proportion to the actual risks, and mainly only serves to keep IT professionals and tech writers employed as far as I can see. How many people do you know who have been impacted by any of these things? Over the entirety of the past decade, I know one person who got a minor virus, one person who was targeted by a social hack with no ill-results, and two people who have had their WhatsApp accounts hacked (and well, if you're still using WhatsApp, lol...). Social engineering is by far the most common form of attack these days, and renders most of the underlying technical issues completely moot.

  • Thumb Up 1
Link to comment
Share on other sites

2 hours ago, Ishatix said:

Meh... I rather agree with the sentiments expressed in this article:
https://www.extremetech.com/computing/337005-researchers-found-an-unpatchable-security-flaw-in-apples-m1-and-you-probably-dont-need-to-care

 

The amount of energy and drama expended seems out of proportion to the actual risks, and mainly only serves to keep IT professionals and tech writers employed as far as I can see. How many people do you know who have been impacted by any of these things? Over the entirety of the past decade, I know one person who got a minor virus, one person who was targeted by a social hack with no ill-results, and two people who have had their WhatsApp accounts hacked (and well, if you're still using WhatsApp, lol...). Social engineering is by far the most common form of attack these days, and renders most of the underlying technical issues completely moot.

true, drama sells clicks n views. but still, better to be aware than be caught off guard.

  • Thumb Up 2

Mine: Hyperion "Titan God of Heat, Heavenly Light, Power" (2022)
AMD Ryzen 9 7950X / Asus ROG Crosshair X670E Extreme / MSI Geforce RTX 4090 Suprim X / G.Skill Trident Z5 RGB DDR5-6600 2x16 GB / Seagate Firecuda 530 4 TB / 2x Samsung 860 Evo 4 TB / Arctic Liquid Freezer II 420 / Seasonic TX-1600 W Titanium / Phanteks Enthoo Pro 2 TG / Samsung Odyssey Neo G8 32" UHD 240 Hz / Ducky One 3 Daybreak Fullsize Cherry MX Brown / Corsair M65 Ultra RGB

 

My Lady's: Clevo NH55JNNQ "Alfred" (2022)
Sharp LQ156M1JW03 FHD matte 15.6" IGZO 8 bit @248 Hz / Intel 12600 @ 4.4 - 4.8 Ghz / Nvidia 3070 Ti 8 GB GDDR6 / G.Skill 16 GB DDR4-3800 / Samsung 970 Pro 1 TB / Intel AX201 ax+BT / Win 11 Pro Phoenix Lite OS / 230 W PSU powered by Prema Mod!

Link to comment
Share on other sites

  • 5 months later...

It seem AMD collect vulnerabilities and prefer push out patches after they have released new products. This time patched only 31 vulnerabilities 🙂

 

And yes, Intel follows the same path. But stop the talk about who is best in the class. They are both equal dishonest and both have to implement vulnerabilities to make their products to show better perfomance. Then they have to fix their own created mess with patches after they have been discovered with the panths down. This is classic. Give something with the left hand then backtack it later with the right hand. They should stop implement code to show their products in better lights. 

 

On 7/26/2022 at 10:45 PM, jaybee83 said:

true, drama sells clicks n views.

Not always😎 AMD try avoid drama. Drama can reduce sales😎 They usually hide what is patched in newer firmware. And they don't patch before they have to.

 

"AMD quietly divulged 31 new CPU vulnerabilities" in a January update, spanning its Ryzen chips for consumers and the EPYC data center processors. The vulnerability update also includes a list of AGESA versions, with mitigations for the impacted processors. 

 

Quetly fix the vulnerabilities then throw it out. The end results will sometimes end as this.. Angry owners of their modern HW.

image.png.95608d960cc4c85aceed45870b829b2f.png

"The Killer"  ASUS ROG Z690 Apex | 13900K | 4090 HOF | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W) | Corsair Obsidian 1000D | Custom Loop | Asus ROG Strix XG27AQ 27" Monitors  

 

                                                 Papusan @ HWBOTTeam PremaMod @ HWBOT | Papusan @ YouTube Channel

                             

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Terms of Use