Intel vs AMD Processor Security: Who Makes the Safest CPUs?

[joeblowsmynose]

Again there is more to it than cores. If you look at most benchmarks Intel is not as behind as you think even with a core disadvantage.

Well are we looking at Intel's benchmark's on their 56 core 400w socketless monster that came out recently. That CPU is basically two 28 cores strapped together, and Intel has been called out for being a bit disingenuous in its benchmark publishing's there.

When you consider overall performance Epyc comes out on top in many (maybe most?) comparing Epyc 1P to Xeon 2P systems. Add the value factor, and that squarely puts Intel way behind. Granted they still hold most of the market share and a more long lived "ecosystem", but is not static by any means and will keep quickly shifting until Intel can maybe patch that wound AMD has inflicted with some good ice lake server chips ... more 14nm is not going to cut it in the server space going forward. It just won't.

So I wouldn't say Microsoft is any more filthy or greedy than anyone else in the industry...

And they're a bad influence, apparently ... 😉

 

[jimmysmitty]

Well are we looking at Intel's benchmark's on their 56 core 400w socketless monster that came out recently. That CPU is basically two 28 cores strapped together, and Intel has been called out for being a bit disingenuous in its benchmark publishing's there.

When you consider overall performance Epyc comes out on top in many (maybe most?) comparing Epyc 1P to Xeon 2P systems. Add the value factor, and that squarely puts Intel way behind. Granted they still hold most of the market share and a more long lived "ecosystem", but is not static by any means and will keep quickly shifting until Intel can maybe patch that wound AMD has inflicted with some good ice lake server chips ... more 14nm is not going to cut it in the server space going forward. It just won't.



And they're a bad influence, apparently ... 😉

You cannot compare 1P to 2P. 2P Xeon would have vastly more memory, the 28 core supports 12 DIMMs vs 8 DIMMs so it would have 24 DIMMs over 8 DIMMs. Yes the Epyc would have more cores but again not everything is about tons of cores.

Also what answers does AMD have for Optane? Do they have a 100Gbps NIC? What support level can the provide partners and OEM channels? How much software development have they done?

And not sure why you are even caring about Intels 2 28 core CPU. You realize Epyc, TR and current Ryzen are the exact same thing right? Just multiple dies slapped together, minus the fast that Ryzen 3 has a distinct I/O die.

I am not saying its a static market but AMD has a very long way to go to really trouble Intel. They have a lot more to match than just throwing more cores at the problem. They tried it with Bulldozer and it didn't work.

 

[sykozis]

I'm not saying what you are saying isn't true ... I'm saying it doesn't add or take away from the vulnerabilities. Some of these also require physical access to Intel systems ... doesn't mean we shouldn't count them.

The article could have perhaps mentioned that some of Intel's older boards also had the ASMedia chipset - and thus the same vulnerability.

Except that it does in fact, take away from the vulnerabilities......

The sys admin would have to be a complete buffoon to setup a publicly accessible system without creating a UEFI password to prevent access. Some of your "vulnerabilities" are gone right there since CTS Labs stated that the firmware had to be flashed using the update mechanism built into the UEFI directly and not through Windows. There's also the matter of having to create the special firmware for the specific motherboard being used.... That in itself will be a PITA since you need access to the motherboard to test on before running off to implement the exploit on the target system.

The sys admin would have to be a complete buffoon to setup a publicly accessible system without creating user accounts separate from the admin account.....or setting up an admin account without a password. There goes the rest of your "vulnerabilities".

CTS Labs claimed that Intel is completely safe from the supposed ASMedia USB chipset "vulnerability", even when the same USB chipset is used on both platforms.

Real vulnerabilities aren't fixed by adding passwords.....and in the case of the "vulnerabilities" outlined by CTS Labs, that's exactly how you prevent exploitation. For home users there's also the "don't let people you don't know have direct, physical access to your computer" method, which is 100% effective.

If your company employs a sys admin that doesn't understand good security practices....the "vulnerabilities" are the least of your concern.

 

[joeblowsmynose]

You cannot compare 1P to 2P. 2P Xeon would have vastly more memory, the 28 core supports 12 DIMMs vs 8 DIMMs so it would have 24 DIMMs over 8 DIMMs. Yes the Epyc would have more cores but again not everything is about tons of cores.

Sure. But I was referring to compute performance.

Also what answers does AMD have for Optane? Do they have a 100Gbps NIC? What support level can the provide partners and OEM channels? How much software development have they done?

What answers does Intel have for GPU acceleration? Yes they have a different product stack.

And not sure why you are even caring about Intels 2 28 core CPU. You realize Epyc, TR and current Ryzen are the exact same thing right? Just multiple dies slapped together, minus the fast that Ryzen 3 has a distinct I/O die.

You may not have seen it, but Intel has a marketing slide that mocked AMD for "glueing together dies" because it creates "inconsistent performance" ... Its a bit funny funny that they are now trying to position their "glued together dies" as their very best product. That's why I have to say it. Its hilarious ....

I am not saying its a static market but AMD has a very long way to go to really trouble Intel. They have a lot more to match than just throwing more cores at the problem. They tried it with Bulldozer and it didn't work.

I'm pretty certain Epyc isn't like Bulldozer in any way ... and I don't think you meant to suggest otherwise.

 

[joeblowsmynose]

Except that it does in fact, take away from the vulnerabilities......

The sys admin would have to be a complete buffoon to setup a publicly accessible system without creating a UEFI password to prevent access. Some of your "vulnerabilities" are gone right there since CTS Labs stated that the firmware had to be flashed using the update mechanism built into the UEFI directly and not through Windows. There's also the matter of having to create the special firmware for the specific motherboard being used.... That in itself will be a PITA since you need access to the motherboard to test on before running off to implement the exploit on the target system.

The sys admin would have to be a complete buffoon to setup a publicly accessible system without creating user accounts separate from the admin account.....or setting up an admin account without a password. There goes the rest of your "vulnerabilities".

CTS Labs claimed that Intel is completely safe from the supposed ASMedia USB chipset "vulnerability", even when the same USB chipset is used on both platforms.

Real vulnerabilities aren't fixed by adding passwords.....and in the case of the "vulnerabilities" outlined by CTS Labs, that's exactly how you prevent exploitation. For home users there's also the "don't let people you don't know have direct, physical access to your computer" method, which is 100% effective.

If your company employs a sys admin that doesn't understand good security practices....the "vulnerabilities" are the least of your concern.

Some of the Spectre vulnerabilities are pretty much just as hard to exploit, but they were still counted.

CTS Labs claimed that Intel is completely safe from the supposed ASMedia USB chipset "vulnerability", even when the same USB chipset is used on both platforms.

That's what I said, but Jimmy refuted my claim and said that Intel has never used ASMedia - I didn't have the time to go looking but I'm pretty sure I had seen evidence that this was indeed did use the vulnerable chipset in question.

Do you have a source for this handy, by any chance?

 

[jimmysmitty]

Sure. But I was referring to compute performance.

What answers does Intel have for GPU acceleration? Yes they have a different product stack.


You may not have seen it, but Intel has a marketing slide that mocked AMD for "glueing together dies" because it creates "inconsistent performance" ... Its a bit funny funny that they are now trying to position their "glued together dies" as their very best product. That's why I have to say it. Its hilarious ....


I'm pretty certain Epyc isn't like Bulldozer in any way ... and I don't think you meant to suggest otherwise.

Intel had an answer to GPU acceleration, Knights Landing, and currently has FPGAs, which are faster much like ASICs. They also will be launching a discrete GPU, and while we have heard that before, this seems to be much more serious. They will have a workstation variant and a HPC variant.

Yes Intel did mock AMD but to be fair, AMD mocked Intel first when Intel launched Core 2 Quad. AMD bragged about how a monolithic die would be faster and better in every way. Except they launched Phenom with clock speed issues, a TLB bug that with the fix applied dropped performance of a CPU that already couldn't keep up with a glued product.

I think both are dumb for mocking the other but thats what companies do. They try to poke at something.

And I am not saying Epyc or anything AMD has is like Bulldozer, no AMD hopefully will never beat the embarrassment that was Bulldozer. I am saying its a similar strategy, throwing more cores for less. Bulldozer was more "cores" for less.

 

[joeblowsmynose]

...
Yes Intel did mock AMD but to be fair, AMD mocked Intel first when Intel launched Core 2 Quad.

Yes I remember that as well .. but it was before that ... it was regarding dual core processors, where AMD had a "true dual core" design (their words) while Intel was using a "duct tape" solution just so they can say that had a dual core - again AMD's words.

AMD was upset because they had started designing their monolithic dual core way earlier and Intel just slapped two die together, and made it work and beat them to the punch, hence their "duct tape" attack ...

Funny how the tables turn in this industry ...

 

[sykozis]

Also what answers does AMD have for Optane? Do they have a 100Gbps NIC? What support level can the provide partners and OEM channels? How much software development have they done?

Do you have any market data to prove that AMD has any reason to respond to Optane? No storage company has seen a need to themselves. AMD, not being a storage company, would have no reason to respond to Optane.

AMD isn't a networking company, so they have no reason to produce a 100Gbps NIC.

Prior to Intel's illegal behavior, AMD had no issues supporting OEM channels nor their partners. I'd expect they can still provide the previous level of support. Most companies don't go to the extent of putting a partner company out of business to prevent competition like Intel did.

From the public's perspective, yes, Intel appears to be serious about releasing a dedicated graphics card. Of course, they gave the same impression with Larrabee. In fact, Intel was doing public demonstrations with Larrabee just months before cancelling the project. Knights Landing (Xeon Phi) was never a graphics accelerator card, nor even remotely an answer to graphics accelerators. It was an HPC co-processor card. It lacked the ability to process graphics data and render an image.

That's what I said, but Jimmy refuted my claim and said that Intel has never used ASMedia - I didn't have the time to go looking but I'm pretty sure I had seen evidence that this was indeed did use the vulnerable chipset in question.

Do you have a source for this handy, by any chance?

Jimmy would be wrong claiming that Intel based motherboards have never used ASMedia chipsets. The MSI Z170A Gaming Pro used the ASMedia ASM1142 chipset. The MSI Z170A KRAIT Gaming R6 SIEGE also used the ASMedia ASM1142. The MSI Z270 Gaming Pro uses the ASMedia ASM2142 chipset..... Fact is, ASMedia USB chipsets have been used on a LOT of Intel based motherboards.

If my memory serves me, it was the ASMedia USB Controller that CTS Labs initially claimed to find a "vulnerability" in, not the 300 series chipset, though that seems to vary depending on where you read. Reading over an article over at AnandTech, CTS Labs claimed to find a vulnerability in the ASMedia ASM1142 USB chipset that was used on a lot of Z170 boards. Of course, CTS Labs claimed that the "vulnerability" in the ASM1142 chipset only existed in systems with AMD processors, even though they claim it's a flaw in the ASM1142 chipset itself, which would make the "vulnerability" platform agnostic.

I actually tried to load the amdflaws website that CTS Labs setup to announce the "vulnerabilities" and received a notice that it's a malicious site. So, either the amdflaws site was hacked....which would be extremely embarrassing for a "security firm" that was incorporated only weeks before announcing major security vulnerabilities for products from a company they had a financial stake in trying to destroy.....or the "security firm" itself exists purely for malicious purposes..... Considering CTS Labs partnered with Viceroy to perform a stock hit on AMD, I'd go with the second option.....

 

[jimmysmitty]

Do you have any market data to prove that AMD has any reason to respond to Optane? No storage company has seen a need to themselves. AMD, not being a storage company, would have no reason to respond to Optane.

AMD isn't a networking company, so they have no reason to produce a 100Gbps NIC.

Prior to Intel's illegal behavior, AMD had no issues supporting OEM channels nor their partners. I'd expect they can still provide the previous level of support. Most companies don't go to the extent of putting a partner company out of business to prevent competition like Intel did.

From the public's perspective, yes, Intel appears to be serious about releasing a dedicated graphics card. Of course, they gave the same impression with Larrabee. In fact, Intel was doing public demonstrations with Larrabee just months before cancelling the project. Knights Landing (Xeon Phi) was never a graphics accelerator card, nor even remotely an answer to graphics accelerators. It was an HPC co-processor card. It lacked the ability to process graphics data and render an image.



Jimmy would be wrong claiming that Intel based motherboards have never used ASMedia chipsets. The MSI Z170A Gaming Pro used the ASMedia ASM1142 chipset. The MSI Z170A KRAIT Gaming R6 SIEGE also used the ASMedia ASM1142. The MSI Z270 Gaming Pro uses the ASMedia ASM2142 chipset..... Fact is, ASMedia USB chipsets have been used on a LOT of Intel based motherboards.

If my memory serves me, it was the ASMedia USB Controller that CTS Labs initially claimed to find a "vulnerability" in, not the 300 series chipset, though that seems to vary depending on where you read. Reading over an article over at AnandTech, CTS Labs claimed to find a vulnerability in the ASMedia ASM1142 USB chipset that was used on a lot of Z170 boards. Of course, CTS Labs claimed that the "vulnerability" in the ASM1142 chipset only existed in systems with AMD processors, even though they claim it's a flaw in the ASM1142 chipset itself, which would make the "vulnerability" platform agnostic.

I actually tried to load the amdflaws website that CTS Labs setup to announce the "vulnerabilities" and received a notice that it's a malicious site. So, either the amdflaws site was hacked....which would be extremely embarrassing for a "security firm" that was incorporated only weeks before announcing major security vulnerabilities for products from a company they had a financial stake in trying to destroy.....or the "security firm" itself exists purely for malicious purposes..... Considering CTS Labs partnered with Viceroy to perform a stock hit on AMD, I'd go with the second option.....

Its not about being or not being, and for the record AMD has produced their own branded memory before, its about having features that are useful and providing the same level of support. Would you argue that AMD could provide the same level of support when it is known that Intels software division rivals major software developers in size?

While AMD does not need an answer to anything Intel has if they want to compete in a lot of spaces they need something to offer to match them. Most HPC situations want high number of IOPS for storage and NVDIMMs offer vastly more than even PCIe SSDs could. Even Intels Optane PCIe SSDs are better than most in that respect as they are more consistent with very little drop off and higher queue depths.

The only point I am trying to make is that people tend to confuse the desktop and server market together and think that the basic things we think are important are also what matters in the HPC market. There is just more to it than throwing more cores for less.

Oh and the statement was not that Intel based motherboards did not use ASMedia it was that Intel doesn't used ASMedia to design chipsets. AMD used ASMedia to help design their newer chipsets. Intel does not.

https://www.extremetech.com/computing/284887-asmedia-still-likely-building-amd-chipsets

Big difference.

Of course Intel based boards have used ASMedia chips have been on Intel based boards. I have an even better example than yours, Asus. Considering ASMedia is owned by them.

I am aware ASMedia chips have been used just that Intel has never had ASMedia design chipsets for them.

I cannot speak to CTS Labs or their validity although after reading the presentation it was an interesting read. "Security" companies will pop up all the time especially in these days. Want to know what I would guess though? I would guess they went for AMD and found something and were trying to make a name for themselves as a new company. Intel already has EVERYONE trying to find flaws. AMD will absolutely have flaws, some similar to Intel others not, that will be found. The more popular they become, the more we will see.

 

[sykozis]

I cannot speak to CTS Labs or their validity although after reading the presentation it was an interesting read. "Security" companies will pop up all the time especially in these days. Want to know what I would guess though? I would guess they went for AMD and found something and were trying to make a name for themselves as a new company. Intel already has EVERYONE trying to find flaws. AMD will absolutely have flaws, some similar to Intel others not, that will be found. The more popular they become, the more we will see.

Every product has flaws. However, generally, those flaws are found by people with training and experience in those areas. Not by people who lack both training and experience. On the other hand, those "security experts" at CTS Labs, have both extensive training and experience in stock manipulation and "financial warfare"..... They were also partnered with Viceroy, a media company that specializes in stock manipulation. That's not how a legitimate security company operates.....

When a security company wants to make a name for themselves, they play by the rules. They have other, well established "experts" verify their work. In other words, they do everything the right way. They don't approach a media outlet with a history of running stories specifically intended to manipulate stock, then create a website to sensationalize the supposed "vulnerabilities", then notify everyone that could possibly patch said vulnerabilities 24hrs before announcing the claimed "vulnerabilities" to the world while hiding ALL of the information from anyone capable of actually verifying and assisting with patch creation. Then when asked why the information wasn't released so other "experts" could verify the vulnerabilities, they stated that it was illegal for them to release the information to anyone not directly involved in patching the vulnerabilities.....though, it was released to TrailofBits, who wouldn't be directly involved in patch development....

I have no problem believing that security flaws exist. I'd have a hard time believing to the contrary. However, CTS Labs did everything wrong. No company, that has a real interest in security, handles discovered vulnerabilities in the manor they did. That was nothing but a stock manipulation scheme, plain and simple. At the time of their announcement, they weren't even aware that the vulnerability that Google had found in AMD's PSP had been patched a few months prior, and even announced publicly that AMD was still months away from patching it. Any real security researcher would have made sure that they knew the status of previously known security flaws before commenting on them.

So, we have a "security firm" who's only connection to security in any way, shape or form, was a history of stock manipulation and "financial warfare"....partnered with a media group who's specialty is stock manipulation......both of which had a financial stake in the "vulnerabilities" being announced in as public a way as possible.....and a security "expert" with questionable motives that assisted them in the scheme.

 

[jimmysmitty]

Every product has flaws. However, generally, those flaws are found by people with training and experience in those areas. Not by people who lack both training and experience. On the other hand, those "security experts" at CTS Labs, have both extensive training and experience in stock manipulation and "financial warfare"..... They were also partnered with Viceroy, a media company that specializes in stock manipulation. That's not how a legitimate security company operates.....

When a security company wants to make a name for themselves, they play by the rules. They have other, well established "experts" verify their work. In other words, they do everything the right way. They don't approach a media outlet with a history of running stories specifically intended to manipulate stock, then create a website to sensationalize the supposed "vulnerabilities", then notify everyone that could possibly patch said vulnerabilities 24hrs before announcing the claimed "vulnerabilities" to the world while hiding ALL of the information from anyone capable of actually verifying and assisting with patch creation. Then when asked why the information wasn't released so other "experts" could verify the vulnerabilities, they stated that it was illegal for them to release the information to anyone not directly involved in patching the vulnerabilities.....though, it was released to TrailofBits, who wouldn't be directly involved in patch development....

I have no problem believing that security flaws exist. I'd have a hard time believing to the contrary. However, CTS Labs did everything wrong. No company, that has a real interest in security, handles discovered vulnerabilities in the manor they did. That was nothing but a stock manipulation scheme, plain and simple. At the time of their announcement, they weren't even aware that the vulnerability that Google had found in AMD's PSP had been patched a few months prior, and even announced publicly that AMD was still months away from patching it. Any real security researcher would have made sure that they knew the status of previously known security flaws before commenting on them.

So, we have a "security firm" who's only connection to security in any way, shape or form, was a history of stock manipulation and "financial warfare"....partnered with a media group who's specialty is stock manipulation......both of which had a financial stake in the "vulnerabilities" being announced in as public a way as possible.....and a security "expert" with questionable motives that assisted them in the scheme.

I went to a Cybercon this year. Want to know what I found interesting? The people that were the best at getting around security were younger people who just had a natural knack for it and developed a career out of it. A lot of the older "experienced" people were just the salesmen, they knew some things but were better at selling and speaking than actually finding exploits or the security end of it.

As I said, I can't say how valid they are but that the presentation they had was interesting. They probably did go about it the wrong way however that doesn't mean they are not knowledgeable.

Still in the end what I stated was true. The more popular AMD becomes the more flaws will be found. Who even knows how many exploits and flaws are in existence that are known to the hackers and "bad guys" but not to us yet.

 

[pudubat]

This is the exact same reason why Mac had less vulerability for years than Windows. Market Share. As Apple began to hit the business market, they now have a bigger rate of malware per computer. I'm pretty sure that as AMD market share grow, they'll find vulnerabilities. Even more if they get to reach the business with their CPU. Meanwhile, hackers have little to no interest in finding security flaws. It's only a matter of time.