Author Topic: Major flaw in millions of Intel chips -- (Spectre & Meltdown)  (Read 19453 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19604
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #60 on: January 16, 2018, 01:31:16 PM »
Correct, Pete, not being told to disable but provided that option -- an option that people may take merely because it is provided by the well-known Steve Gibson's tool!


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 609
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #61 on: January 16, 2018, 01:39:33 PM »
No problem with Firefox, saved to desktop and ran it from there.

The same here, no problems with  Firefox and defender.

I wouldn't use the disable function. My primary system is a AMD CPU, one less thing to worry about, but I have a few Intel systems to patch.

I guess the younger generation is going to have to learn how to use a pen and paper :o


Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 622
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #62 on: January 16, 2018, 08:44:26 PM »
InSpectre is giving me conflicting information:

This system's Intel processor does NOT provide high-performance protection from the Meltdown vulnerability...

This system's Intel processor provides high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties.


(Either way, there's agreement that performance is slower, but for contradictory reasons... so which is it???)

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 213
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #63 on: January 16, 2018, 09:02:35 PM »
InSpectre is giving me conflicting information:
...
(Either way, there's agreement that performance is slower, but for contradictory reasons... so which is it???)

Some minor modifications:
Quote
This system's Intel processor ISN'T providING high-performance protection from the Meltdown vulnerability...

This system's Intel processor could provide high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties.
and the statement makes a lot more sense (though whether either is accurate is anyone's guess... ).

I'm sure that benchmarks weren't done, so "potential/ly" needs adding to the performance statement.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 622
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #64 on: January 17, 2018, 12:17:51 PM »
InSpectre Release History

    Release #1 — Initial release:
    The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

    Release #2 — Second try:
    This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let's see how this second try fares.


===========================================

Reviews of InSpectre

Martin Brinkmann:   https://www.ghacks.net/2018/01/16/gibson-releases-inspectre-vulnerability-and-performance-checker/

Woody Leonhard:  https://www.computerworld.com/article/3248730/microsoft-windows/inspectre-see-whether-your-pcs-protected-from-meltdown-and-spectre.html

Offline MikeW

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 557
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #65 on: January 17, 2018, 01:40:39 PM »
I know that Intel and or Asus are unlikely to offer anything for my older processor. However, I was not convinced that this program was correct re performance. So I reran a performance check after applying MS update and compared with one before. No change. I have not perceived  any performance hits even with my high end photo editing software.
Win 7 Home Premium  IE11 MSE  Mbam Pro

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 213
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #66 on: January 17, 2018, 01:54:48 PM »
Any noticeable performance hit will be limited to a few relatively unusual (for most 'ordinary' users) workflow types, and then often only on those PCs utilising eg. high-end NVME drives; take claims like that with a pinch of salt and insert the word 'potential' in there.

Offline MikeW

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 557
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #67 on: January 17, 2018, 03:38:18 PM »
Any noticeable performance hit will be limited to a few relatively unusual (for most 'ordinary' users) workflow types, and then often only on those PCs utilising eg. high-end NVME drives; take claims like that with a pinch of salt and insert the word 'potential' in there.


Agreed, so, is this reporting tool misleading? I think so.
Win 7 Home Premium  IE11 MSE  Mbam Pro

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1398
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Major flaw in millions of Intel chips
« Reply #68 on: January 17, 2018, 09:18:26 PM »
Strange.  Windows Defender Smart Screen labeled it as unsafe on my desktop but not on my laptop.

Edit note:  Need more coffee.  I was using Microsoft Edge on the desktop.  No problem with Pale Moon.
Same thing, but Firefox rather than Pale Moon.

Not surprised about SmartScreen (in IE/Edge)... it's notorious for intercepting new/"unknown" programs.
And I had two different experiences - the first wouldn't let me override and download it (no option provided at all). Attempted download again and a different experience allowing me to override, followed by Windows Defender picking it off as unsafe during its check (Edge calling WD for a "security scan"). Suppose these are great experiences if the file is truly malware; crazy experiences if it's not.

Solving it through the purchase of a bunch of ESET licenses.

InSpectre Release History

    Release #1 — Initial release:
    The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

    Release #2 — Second try:
    This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let's see how this second try fares.

Wonder which AV programs those were. If they picked it up before, and don't pick it up now that the registry key use is "hid[den]", sounds like an AV fail. You'd think/hope the AV would see through the "hides" part.

Any noticeable performance hit will be limited to a few relatively unusual (for most 'ordinary' users) workflow types, and then often only on those PCs utilising eg. high-end NVME drives; take claims like that with a pinch of salt and insert the word 'potential' in there.
I mine cryptocurrency, but I don't have a fix yet for those systems to see if there's a major hit or not.

Offline satrow

  • LzD Friends
  • Full Member
  • *****
  • Posts: 213
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #69 on: January 17, 2018, 10:32:13 PM »
Agreed, so, is this reporting tool misleading? I think so.

I don't think the info is fully fleshed out yet, priority looks like it's being given to research and tweak the tool.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 622
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #70 on: January 18, 2018, 04:05:59 PM »
Two more releases of InSpectre:

Release #3 — Raw Technical Data Display:
InSpectre's more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpector could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine's CPU support. As shown [see attached image], InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpector's analysis of its operating environment.

Release #4 — Silent System Probe Option:
When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed. The application will assess its hosting system's status, then immediately terminate itself returning a decimal exitcode which encodes eight “trouble bits” itemizing trouble. Therefore, an exitcode of zero (0) is returned only by a fully secure system.

Decimal
Value   Trouble Itemization
1         OS is not aware of the Meltdown vulnerability
2         OS is not aware of the Spectre vulnerability
4         The system is vulnerable to Meltdown
8         The system is vulnerable to Spectre
16        CPU does not support Spectre (microcode not updated)
32        CPU does not support low-overhead Meltdown protection
64        Meltdown protection disabled by registry setting
128      Spectre protection disabled by registry setting
The table above can be used to decompose InSpectre's probe-mode exitcode to itemize the system's trouble.

Offline ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 622
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #71 on: January 21, 2018, 10:43:21 AM »
 

https://blog.qualys.com/news/2018/01/18/meltdown-and-spectre-arent-business-as-usual

I'm going to highlight a few passages from the above article:

Meltdown:

Since hackers need to gain a foothold in systems before they can exploit Meltdown, it’s likely it will be part of “chained attacks,” which involve exploiting two or more vulnerabilities in sequence...

Meltdown can be extensively mitigated using KPTI (Kernel Page Table Isolation) via the OS patches provided by Microsoft, Apple and Linux OS vendors.


---------------------------------------------------

Spectre:

successfully exploiting Spectre is “very difficult” because attackers must have detailed knowledge of the victim process, meaning they’d have to know specifically which process they’re going to target...

The most likely exploit scenario in the short term for Spectre is a JavaScript type of attack, where JavaScript escapes its sandbox, and accesses forbidden memory from the browser process, allowing attackers to access to cookies and session keys...

For Spectre, patches are available via software updates for OSes and apps, and via processor microcode. Right now, the priority should be closing the JavaScript attack vector by patching browsers.

Even if you don’t have the microcode updates to more completely mitigate Spectre, the browser vendors have made some changes that make it more difficult to exploit Spectre by removing things that a JavaScript attack would need, such as very precise timers ” .

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19604
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #72 on: January 22, 2018, 08:55:24 PM »
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners:

Quote
As we start the week, I want to provide an update on the reboot issues we reported Jan. 11. We  have now identified the root cause for Broadwell and Haswell platforms,  and made good progress in developing a solution to address it. Over the  weekend, we began rolling out an early version of the updated solution  to industry partners for testing, and we will make a final release  available once that testing has been completed.

Based on this, we are updating our guidance for customers and partners:
  • We recommend that OEMs, cloud service providers, system  manufacturers, software vendors and end users stop deployment of current  versions, as they may introduce higher than expected reboots and other  unpredictable system behavior. For the full list of platforms, see the Intel.com Security Center site.
  • We ask that our industry partners focus efforts on testing early  versions of the updated solution so we can accelerate its release. We  expect to share more details on timing later this week.
  • We continue to urge all customers to vigilantly maintain security best practice and for consumers to keep systems up-to-date.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19604
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Major flaw in millions of Intel chips
« Reply #73 on: January 23, 2018, 08:53:52 PM »


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 609
    • View Profile
Re: Major flaw in millions of Intel chips
« Reply #74 on: January 23, 2018, 09:37:13 PM »
We are constantly talking about computer systems, but the most used devices older cellphones are going to be hung out to dry.

Anything older than, a iPhone 5S. That means the the 5 and 5C users and anything before isn't secure.

I love the android most useless fragmented software ever released and usually not supported. They put it on manufactures and providers to fix most problems, which usually never happens.

"As for Android, Google claims that the latest version of its software is safe from Spectre, but if your device is too old to get the update you’re basically on your own."

https://lifehacker.com/whats-going-on-with-the-spectre-and-meltdown-patches-1822128503

Google will definitely hang you out to dry. Only the latest version!!!