[SOLVED] Intel Loses 5X More Average Performance Than AMD From Mitigations: Report

Page 2 - Seeking answers? Join the Tom's Hardware community: where nearly two million members share solutions and discuss the latest tech.
Solution
The "panic" here is:

A low level vulnerability is found.
The only way to mitigate it is to disable some built in functionality, the HyperThreading.
Doing this would result in some theoretical performance loss.
Loss of performance is greater in Intel vs AMD, and brings the Intel performance almost down to the level of the AMD. Therefore, Intel sux

Panic panic panic...

To date, no actual exploit has been seen. Either in the wild or in theory.

Karadjgne

Titan
Ambassador
Best way to look good when IT is about to hit the fan, own up. I'd bet money that Intel didn't release all this out of the goodness of its heart, or in the best interest of potential customers. It released it because it was a known issue, and somebody else found it. No more Spectre or Meltdown viral news leaks! No, they just headed off the bad news at the pass. 'Hey! We found an issue, and we have the cure! You are perfectly safe in the cloud, see how much we are on top of your safety concerns!'.

Yeah. Right....
 
...unlike AMD who attempt to further hide that they got 13 flaws...

CTS-Labs played that one as unethically as they could have, and behave like a party with an axe to grind.....24 hours notice, instead of 90 days, and they set-up their own website?

All of this on little to no supporting evidence....just claims, and no independent verification....with white papers containing the first line in their disclaimer: "The report and all statements contained herein are opinions of CTS and are not statements of fact."

I'll wait for a credible party to actually weigh-in on this one.
 
And the previous Meltdown and Spectre was long ago...given that there are still some systems out there that are vulnerable to those, surely we would have seen reports of hacks or breakins....:)

Additionally, what verifiable user facing performance hits have we seen, post patch?
Anything at all?

A good hacker will hide his presence in your system. He will use it to somewhat passively mine monero, set up file storage, monitor keystrokes to banks or set it up as a bot or hop node (pseudo vpn) for more sinister work
 
So, standard virus like activity.
Nothing specific to Meldown, etc.

Yes, but spectre vulnerabilities have been shown to work with JavaScript. So theoretically, visiting a website could get you hacked. Once you are hacked at ring 0, anything is possible.

How many hundreds of thousands of machines are on some sort of bot net? Spectre and it's variants are not easily fixed on a large scale as they affect multiple generations from multiple brands that use speculative execution. That includes ARM.

I'm quite frankly shocked Intel didn't learn from the DDR3 Rowhammer exploit. Frequently hitting the same adjacent line row on memory corrupting it through emf surge should be a no brainer to protect for after that.
 
If these exploits work as intended the code would go unnoticed, think of it as the ultimate back door with low risk of detection. I know at least two people on i7-4000 series and 6000 series i3 CPU's that have refused to do the microcode updates for meltdown and spectra. I seriously doubt they patch for the newest issues as well.
 

USAFRet

Titan
Moderator
If these exploits work as intended the code would go unnoticed, think of it as the ultimate back door with low risk of detection. I know at least two people on i7-4000 series and 6000 series i3 CPU's that have refused to do the microcode updates for meltdown and spectra. I seriously doubt they patch for the newest issues as well.
The "code" might go undetected.
The network traffic wouldn't.

I'm just asking if there have been any reports of infections in the wild resulting from these exploits. Home PC's, data centers, wherever.
 
You'd think that people wouldn't bother calling Joe or Jane Blow, telling them that they underpaid on their taxes, and the cops are headed their way to arrest them, either. Such a low level of return on investment of time, you know.

But they do, sooooo.....it cannot be said that there is NO motivation to target Joe and/or Jane Blow.
 
Look at the ransomware type infections they went after ordinary people and smaller businesses, but now I can lurk and collect information and there are ways to disguise network traffic once you have elevated privileges and complete control of a system.

Perhaps you infect everyone you can, silently - and then wait for the best time to upload a more traditional attack to everyones system and set them all off at once?

I think the reason we have not seen any attacks, or at least any noticeable attacks yet is because no one has dreamed up a great way to use this set of vulnerabilities. I'll spend tomorrow researching and will post back if I find any information about known attacks.
 
You'd think that people wouldn't bother calling Joe or Jane Blow, telling them that they underpaid on their taxes, and the cops are headed their way to arrest them, either. Such a low level of return on investment of time, you know.

But they do, sooooo.....it cannot be said that there is NO motivation to target Joe and/or Jane Blow.


Hacking into someone personal PC takes skill and a lot of skill to find out who to target.

Those scammers that call are just computer generated calls from a call list that is programed into a computer etc. They get the lists from companies that sell the contact numbers, info etc.

There is a HUGE difference.
 
Reminds me of Wanna Cry, and Windows XP emergency patches, good times.
I think if most consumers run an up to date antivirus and avoid the fishy sites, they won't fall victim to this.
Again, I think the most vulnerable by this attack are in the enterprise, not gamers.
 
The motivation, however exists; and the recent methodology has been to cast a very wide net.

Aside from that, despite the skillset being non-pedestrian, it exists in sufficient numbers to pose a concern, generally speaking.



Nothing to worry about for the ave person, just needs to keep their PC updated and Virus protection up to date.

They have a bigger chance of getting their CC info copied by some scanner. ;)

I use cash these days for most stuff when out and about. ;)
 
Nothing to worry about for the ave person, just needs to keep their PC updated and Virus protection up to date.

They have a bigger chance of getting their CC info copied by some scanner. ;)

So I bet you're running the newest microcode available for your motherboard and you've got a decent antivirus going and for all those people that say gamers are not a target. I say why not they apparently have disposable income to afford a decent gaming machine, they can afford games and they have time and the will to play them... Thats better then targeting everyone and most people buy their games online using credit cards or debit I imagine.
 
So I bet you're running the newest microcode available for your motherboard and you've got a decent antivirus going and for all those people that say gamers are not a target. I say why not they apparently have disposable income to afford a decent gaming machine, they can afford games and they have time and the will to play them... Thats better then targeting everyone and most people buy their games online using credit cards or debit I imagine.


There is no such thing as disposable income. ;)

Yes, I maintain my PC's.