[SOLVED] Intel Loses 5X More Average Performance Than AMD From Mitigations: Report

USAFRet

Titan
Moderator
The "panic" here is:

A low level vulnerability is found.
The only way to mitigate it is to disable some built in functionality, the HyperThreading.
Doing this would result in some theoretical performance loss.
Loss of performance is greater in Intel vs AMD, and brings the Intel performance almost down to the level of the AMD. Therefore, Intel sux

Panic panic panic...

To date, no actual exploit has been seen. Either in the wild or in theory.
 

InvalidError

Titan
Moderator
OK, I have drempt up a few uses for Intel issues with hypothetical exploits. How would we stop such exploits before they did real damage?
Simple: until someone finds a way to actually leverage those exploits in a real-world environment where the exploit has only one shot at compromising any given transaction and has no means to know when said transaction will occur, you don't need to do anything as a successful real-world exploit is somewhere between highly unlikely and impossible. Someone who really wants your data will find much easier ways to get it.

Companies are patching remotely plausible exploits to dodge potential liabilities from doing absolutely nothing about them should a practical attack using those flaws ever get found.
 
Reactions: jankerson

AllanGH

Commendable
Mar 10, 2019
2,089
415
1,740
61
...unlike AMD who attempt to further hide that they got 13 flaws...
CTS-Labs played that one as unethically as they could have, and behave like a party with an axe to grind.....24 hours notice, instead of 90 days, and they set-up their own website?

All of this on little to no supporting evidence....just claims, and no independent verification....with white papers containing the first line in their disclaimer: "The report and all statements contained herein are opinions of CTS and are not statements of fact."

I'll wait for a credible party to actually weigh-in on this one.
 

digitalgriffin

Distinguished
Jan 29, 2008
490
84
18,870
3
So, standard virus like activity.
Nothing specific to Meldown, etc.
Yes, but spectre vulnerabilities have been shown to work with JavaScript. So theoretically, visiting a website could get you hacked. Once you are hacked at ring 0, anything is possible.

How many hundreds of thousands of machines are on some sort of bot net? Spectre and it's variants are not easily fixed on a large scale as they affect multiple generations from multiple brands that use speculative execution. That includes ARM.

I'm quite frankly shocked Intel didn't learn from the DDR3 Rowhammer exploit. Frequently hitting the same adjacent line row on memory corrupting it through emf surge should be a no brainer to protect for after that.
 

digitalgriffin

Distinguished
Jan 29, 2008
490
84
18,870
3
It all goes back to the obvious.

The biggest problem with a PC is always between the chair and the keyboard.
You mean it's not the nut loose behind the keyboard or the ID-10-T error?

The way it usually works is someone will reverse analyze the patches and then discover the exploit. We all know the attack vector.

Then it will show up in the deepest parts of the dark web, where someone will sell it or a variant of it for $20K, $30K, $50K whatever they think it's worth.

Then the person who buys it will sell it for a little less. Pretty soon the script kiddies have it. Then you have things like WannaCry infecting your PC Office Printer because they never get updates, and it haunts your network for years.
 
Reactions: jankerson

USAFRet

Titan
Moderator
All of my Windows systems are run with a standard user acct. Like right now.
The admin account is accessed rarely, and only when something demands it.

For instance, creating a new Win 10 install USB must be run from an admin account. Dunmb, but that's what it requires.
OK, do that, and then log out of that account. Back to the standard guy.

The admin acct exists, but rarely used.
 
Reactions: remixislandmusic
I just had a flashback to the principaled technologies benchmarks.

To recap: Intel paid for a company called Principaled technologies (PT) to compare Intel CPUs to AMDs. Intel's point was to prove that Intel was loads better than AMD. The benchmarks that PT yielded were one sided and unfair. AMD was crippled by slow memory, stock coolers, and, in some cases, disabled cores. Intel CPUs obiously had all cores enables and aftermarket tower coolers.

Never, ever, trust in house studies or sponsored studies by any company. It doesnt matter if it is AMD, Intel, NVIDIA or anyone else in any industry. The benchmarks may be accurate, however they usually are at minimum somewhat misleading or dont tell the other side to the story.

I trust info from places like Gamers Nexus, toms hardware, or hardware unboxed.
 

AllanGH

Commendable
Mar 10, 2019
2,089
415
1,740
61
Yeeeeeeep.

Pretty-much the same strategies ms was using in the 90's and early-mid-00's......buy loads of advertising space in the tech press, and hold it over the heads of publications when it came time to review and compare ms offerings with other products. Then came the "genius stroke" of in-house testing.

Those who actually knew the facts weren't fooled, but had nowhere near the platform exposure to ever get past the signal to noise ratio.
 

USAFRet

Titan
Moderator
"Loses 5X More Average Performance "

Actually reading the text:
3% vs 16%
"From a performance perspective, the overhead of the mitigations narrow the gap between Intel and AMD's processors. "
"While there are minor differences between the systems to consider, the mitigation impact is enough to draw the Core i7 8700K much closer to the Ryzen 7 2700X and the Core i9 7980XE to the Threadripper 2990WX. "

So the Intel still bests the AMD, just 'not as much as before'.

In addition, this report doesn't specify performance in what. Games, database access, file manipulation, IPS...
 
I would like to see more benchmarks in windows at least.
I think if you look at 2 competing mid range cpus, the 9400f and 2600x, currently the I5 is maybe 1-2% better overall in gaming. This is even after a couple of the patches.
If the latest patches decrease performance even a bit, i think intel would have lost both the low end and mid range to Ryzen.
 

USAFRet

Titan
Moderator
I'm curious:

As we all know, some people are loath to apply patches of any sort, be it hardware, firmware, OS, whatever.
Some go to major lengths to prevent Microsoft from patching their OS.

Given that...have any actual user facing exploits been seen in the wild? Either among the patched systems, or unpatched.
Spectre, MeltDown, ZombieLoad....any of these hardware and microcode vulnerabilities...anything beyond a proof of concept?
 

USAFRet

Titan
Moderator
I havent seen any reports of anyone effected by this yet.
It was intel that found it after all.
I guess now that intel found a way someone could exploit their cpus design, some people might take notice and try such a thing.
And the previous Meltdown and Spectre was long ago...given that there are still some systems out there that are vulnerable to those, surely we would have seen reports of hacks or breakins....:)

Additionally, what verifiable user facing performance hits have we seen, post patch?
Anything at all?
 

nicholas70

Reputable
May 15, 2016
141
17
4,615
12
It is my understanding that these 'fixes' can be disabled, and honestly if you're just using a computer for gaming why not? I mean what are the odds of a flaw in your cpu resulting in your system getting hacked? If indeed you got hacked and you mainly just used the system for gaming I doubt it'd be a big deal anyway. I will say I do think Intel should up their standards and QA game though as it seems it has been slipping for sometime now.
 
So there's a, at worst, 16-ish % penalty that is significant. I don't believe it will affect a wide array of applications people commonly uses (I hope), but the talks from Apple about telling customers to just turn off HT is brutal. For better or for worse, Apple has a cult-like following and if Apple says "HT bad; turn it off", Intel is going to have a real PR headache to deal with, haha.

Anyway, most of these security vulnerabilities are cancer for data centers first (or critical services connected to the web) than end users like us. Most can live with bogus/dangerous HT enabled to justify Intel asking for a premium for the feature. Which reminds me... Will there be any lawsuits for this? :eek:

Cheers!
 
Reactions: TJ Hooker

ASK THE COMMUNITY

TRENDING THREADS