Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers

W

whitestar_999

Super Moderator
Staff member
Doesn't seem so as latest bios is dated 08/12/2017 but AMD processors are much harder to exploit using Spectre v2 so it is not a priority & Spectre v1 patch is provided by MS windows update.
PRIME B350-PLUS BIOS & FIRMWARE | Motherboards | ASUS India
 
Vyom

Vyom

The Power of x480
Staff member
Admin
So I found out from that GUI utility that my PC is not vulnerable to Meltdown (maybe having upto date Win 10 fixed it). But it IS vulnerable to Spectre.

So is BIOS update the only way to patch against Spectre?

Edit: I think so it IS. So let's start searching BIOS update for my MSI mobo.

Edit 2: MSI website don't have an update for my mobo. Last update was released in 2015 :(
Support For H87M-G43 | Motherboard - The world leader in motherboard design | MSI Global
 
W

whitestar_999

Super Moderator
Staff member
Meltdown bug only affects Intel processors & it can be patched via software update provided by MS at the cost of performance(6th gen or newer processors+win 10 is the least affected combo).There are two versions of Spectre bug(v1 & v2),Spectre v1 can be patched using software update(again by MS) but Spectre v2 can only be patched using bios update(again Intel processors are much more easier to exploit with Spectre v2 compared to AMD processors).Also these Spectre patches(software & bios) only protects against one specific Spectre based exploit.As long as new architecture processors don't come into market(at least 2-3 years) there will always be some known or unknown Spectre vulnerability present in all processors.

@Vyom don't hold your breath for 4th gen mobo bios updates,anything older than 6th gen mobo most likely won't get bios update except maybe for some high end mobos.
 
Vyom

Vyom

The Power of x480
Staff member
Admin
whitestar_999 said:
@Vyom don't hold your breath for 4th gen mobo bios updates,anything older than 6th gen mobo most likely won't get bios update except maybe for some high end mobos.
Click to expand...
WTH. So should I stop using PC altogether! Most of the PCs then, will just be in the limbo? Open to be attacked!?!
 
B

billubakra

Conversation Architect
Vyom said:
I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.
Click to expand...
I used to think the same brother. But we have no control over the OEM's regarding the patch. So, why worry about something on which we have no control? I too ride a bike, what's the guarantee that I will come back home and won't be run down by a truck? So, don't stress about it. Remember, "Jab kismat ho gandu to kya karega pandu"
 
W

whitestar_999

Super Moderator
Staff member
Vyom said:
WTH. So should I stop using PC altogether! Most of the PCs then, will just be in the limbo? Open to be attacked!?!
Click to expand...
Don't get too worried,Meltdown bug can be patched by MS window updates & exploiting Spectre bug is quite tricky so chances of using it to steal credentials from individuals' PC is very little(if already using precautions like safe browsing,single browser window for sensitive transactions then even less).Keep using your PC & for your next system 2-3 years later get AMD processor free from Spectre bug(Intel's handling of this issue is quite poor & they deserve significant market share loss).
 
quicky008

quicky008

Technomancer
Vyom said:
I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.
Click to expand...
Your statements echo my thoughts as well-i have 2 3rd gen intel systems which are still functional but its highly unlikely that their mobo manufacturers will ever release any updated bios for them,thereby making them vulnerable to this much dreaded specter bug.

What concerns me is that while these machines are working just fine,there may come a day in the not so distant future when i may be compelled to retire them if exploits based on specter start surfacing at an alarming rate-and to think all this could have been mitigated with a simple bios update which these accursed mobo manufacturers have refused to provide simply because these motherboards are a bit older.If only MS could include the updated cpu microcodes with any of their upcoming OS patches,then updating the bios wouldn't have been necessary anymore.
 
B

billubakra

Conversation Architect
quicky008 said:
Your statements echo my thoughts as well-i have 2 3rd gen intel systems which are still functional but its highly unlikely that their mobo manufacturers will ever release any updated bios for them,thereby making them vulnerable to this much dreaded specter bug.

What concerns me is that while these machines are working just fine,there may come a day in the not so distant future when i may be compelled to retire them if exploits based on specter start surfacing at an alarming rate-and to think all this could have been mitigated with a simple bios update which these accursed mobo manufacturers have refused to provide simply because these motherboards are a bit older.If only MS could include the updated cpu microcodes with any of their upcoming OS patches,then updating the bios wouldn't have been necessary anymore.
Click to expand...
Brother read my above post. You shouldn't let these petty things worry you. If you are so concerned follow the steps @whitestar_999 has mentioned above like using incognito mode etc.
 
W

whitestar_999

Super Moderator
Staff member
quicky008 said:
Your statements echo my thoughts as well-i have 2 3rd gen intel systems which are still functional but its highly unlikely that their mobo manufacturers will ever release any updated bios for them,thereby making them vulnerable to this much dreaded specter bug.

What concerns me is that while these machines are working just fine,there may come a day in the not so distant future when i may be compelled to retire them if exploits based on specter start surfacing at an alarming rate-and to think all this could have been mitigated with a simple bios update which these accursed mobo manufacturers have refused to provide simply because these motherboards are a bit older.If only MS could include the updated cpu microcodes with any of their upcoming OS patches,then updating the bios wouldn't have been necessary anymore.
Click to expand...
See my earlier reply,Spectre exploits are not your usual exploits & require quite sophisticated programming skills.Nobody is going to use Spectre exploits for stealing credentials from individuals' PCs unless they are targeted by 3/similar letter agencies of various countries.BIOS updates only prevents against "one known form of Spectre v2 bug" nothing more(Spectre v1 bug has no hardware patch,only software patch by windows & again only for one known form of Spectre v1).
 
quicky008

quicky008

Technomancer
Thanks whitestar and billubakra-yes its being suggested that one requires a high degree of proficiency in programming and thorough knowledge of the intricacies of the way cpus work to be able to exploit the specter related loophole properly.But even would be hackers and the so-called script kiddies are getting increasingly precocious these days,so one never knows.

Btw are AMD's ryzen cpus impregnable to specter?Since eliminating these flaws requires a complete overhaul of the way cpus are designed right now,when can we expect newer processors to emerge that are immune to such threats or vulnerabilities?
 
Vyom

Vyom

The Power of x480
Staff member
Admin
My "we are doomed" comment might have been an exaggeration of the fact that I am binge watching Rick and Morty this week. I just had a tad too much of Rick and Morty. Damn.

Also, how can it be that OS can't fix this bug. I hope we can try to make our peace with it. And hope we can work on our PCs knowing it has cancer. Together we can do it. Fight it. Live with it. In the end, torch it on fire and buy Ryzens.
 
karthik99387

karthik99387

Broken In
I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.
Click to expand...
Dont all the tech gaints work with NSA so they can access these backdoors and eavesdrop on anyone on any part of the world?
When were we safe...?
 
Last edited:
Darth Vader

Darth Vader

In the zone
Intel Announces 'In-Silicon' Fixes For Meltdown And Spectre Coming This Year
Intel Announces 'In-Silicon' Fixes For Meltdown And Spectre Coming This Year, 10nm Update
 
W

whitestar_999

Super Moderator
Staff member
Vyom said:
My "we are doomed" comment might have been an exaggeration of the fact that I am binge watching Rick and Morty this week. I just had a tad too much of Rick and Morty. Damn.

Also, how can it be that OS can't fix this bug. I hope we can try to make our peace with it. And hope we can work on our PCs knowing it has cancer. Together we can do it. Fight it. Live with it. In the end, torch it on fire and buy Ryzens.
Click to expand...
OS can't fix Spectre bug because the bug is in the fundamental design of all processors(incl Ryzen).Meltdown bug was fixable by a software patch because it was caused by Intel's weak security handling of cpu instructions(that is why only Intel & not amd processors are affected by meltdown bug) which the patch takes care of by checking/rechecking instructions leading to performance loss.

A good read for getting the basics about these bugs in an interesting non technical way:
An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience
 
You must log in or register to reply here.
Top Bottom