VOGONS


MELTDOWN and SPECTRE vulnerabilities and older hardware?

Topic actions

Reply 120 of 151, by lazibayer

User metadata
Rank Oldbie
Rank
Oldbie
Horizons wrote:

Just comparing SPEC results, it actually looks like there's a pretty big drop on some subtests, especially branchier ones.

http://spec.org/cpu2017/results/res2017q4/cpu … 1003-00102.html (pre-mitigation)
http://spec.org/cpu2017/results/res2018q2/cpu … 0403-04894.html (post-mitigation)

Welcome to vogons, Colgate!

Reply 121 of 151, by Horizons

User metadata
Rank Newbie
Rank
Newbie
lazibayer wrote:
Horizons wrote:

Just comparing SPEC results, it actually looks like there's a pretty big drop on some subtests, especially branchier ones.

http://spec.org/cpu2017/results/res2017q4/cpu … 1003-00102.html (pre-mitigation)
http://spec.org/cpu2017/results/res2018q2/cpu … 0403-04894.html (post-mitigation)

Welcome to vogons, Colgate!

Thanks, lazibayer! Surprised anyone recognized my avatar.

It looks like the Spectre fun continues - there are more details here and here, but it looks like as many as eight new Spectre-type vulnerabilities are about to be announced. Bad news, if it's accurate.

Reply 122 of 151, by PCBONEZ

User metadata
Rank Oldbie
Rank
Oldbie

Just my opinion.

I don't think this is a major concern for home computers. Little fish.

What you should be worried about are schools of fish with your information.
Companies that keep your CC number on file, your bank, anything in any cloud, PayPal, POS (cash register) systems,,,,,,,.
Those are big targets.

Why would a hacker to all the work for one little fish for one acct number when the same net will catch a whole school of fish and get thousands?
.

GRUMPY OLD FART - On Hiatus, sort'a
Mann-Made Global Warming. - We should be more concerned about the Intellectual Climate.
You can teach a man to fish and feed him for life, but if he can't handle sushi you must also teach him to cook.

Reply 123 of 151, by awgamer

User metadata
Rank Oldbie
Rank
Oldbie

More flaws found. https://www.heise.de/ct/artikel/Exclusive-Spe … us-4040648.html

A thought, since dosbox is pure emulation I would think it's immune or has the potential to be in the short term, where as they keep finding more vulnerabilities in hardware virtualization. Performance ranges from a pentium 233 to ghz+ and useable in some current day use cases, like a firewall.

Reply 124 of 151, by Scali

User metadata
Rank l33t
Rank
l33t
awgamer wrote:

A thought, since dosbox is pure emulation I would think it's immune or has the potential to be in the short term

I don't think that makes a difference. The exploit is basically based on being able to measure a difference in performance of executing path A vs executing path B.
This could occur in software just as well as in hardware.
I suppose the main difference is that DOSBox is open source, so anyone can modify it, whereas with hardware, only the CPU vendor can create microcode fixes.

http://scalibq.wordpress.com/just-keeping-it- … ro-programming/

Reply 125 of 151, by awgamer

User metadata
Rank Oldbie
Rank
Oldbie

I must have skipped over the exploit by measured performance delta, what I've read the problems have been described as something else entirely. yes, software too, but being open and software can be rectified quickly.

Reply 126 of 151, by awgamer

User metadata
Rank Oldbie
Rank
Oldbie

This is what I'm talking about, this presentation goes over finding undocumented instructions in x86, but also found bugs and exploits, and while qemu runs his test in the documented fashion from qemu not written to handle the bug, running on bare metal it does its bugged behavior so the exploit works. skip to just under 32 minutes. https://www.youtube.com/watch?v=KrksBdWcZgQ&i … G4jQyd#t=31m56s

I can see using this as a validation tool for dosbox.

Reply 127 of 151, by Scali

User metadata
Rank l33t
Rank
l33t
awgamer wrote:

This is what I'm talking about, this presentation goes over finding undocumented instructions in x86, but also found bugs and exploits, and while qemu runs his test in the documented fashion from qemu not written to handle the bug, running on bare metal it does its bugged behavior so the exploit works.

My point is rather that you can probably write similar exploits for qemu, DOSBox etc, if you were to specifically target their implementations.
In other words: they are not immune to the underlying problem. They are just not vulnerable in the exact same way as real hardware, so exploits targeting real hardware will likely not be effective.

http://scalibq.wordpress.com/just-keeping-it- … ro-programming/

Reply 128 of 151, by elod

User metadata
Rank Member
Rank
Member
awgamer wrote:

A thought, since dosbox is pure emulation I would think it's immune or has the potential to be in the short term

Hardly a pure emulator on x86. Nothing is immune to these attacks but some of them are more practical than others. I would not worry too much on a home PC.

Reply 130 of 151, by bjwil1991

User metadata
Rank l33t
Rank
l33t

Checked my ASUS X54C running Windows 10 Pro x64.

CPU: Intel Celeron B820.

Results:

Meltdown protected: YES
Spectre protected: YES
Microcode update available: YES
Performance: SLOWER

Screenshot:

The attachment InSpectre-71518.png is no longer available

Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser

Reply 131 of 151, by swaaye

User metadata
Rank l33t++
Rank
l33t++

I think everything older than Haswell (ie Core 4xxx) will report "slower". There is a PCID feature on the newer CPUs that mostly alleviates the performance hit of the security workaround.

But really I haven't noticed my older stuff being slower. I hear storage I/O is by far the worst hit area. Might need benchmarks to notice for the most part.

Reply 132 of 151, by bjwil1991

User metadata
Rank l33t
Rank
l33t

My laptop has a 480GB SSD installed and runs beautifully. Even RuneScape NXT client runs amazingly on it. Will install Linux on the SSD as well.

Discord: https://discord.gg/U5dJw7x
Systems from the Compaq Portable 1 to Ryzen 9 5950X
Twitch: https://twitch.tv/retropcuser

Reply 134 of 151, by appiah4

User metadata
Rank l33t++
Rank
l33t++

Crap Inside

Reply 135 of 151, by Jasin Natael

User metadata
Rank Oldbie
Rank
Oldbie

Ryzen is the savior 🤣

Reply 136 of 151, by SPBHM

User metadata
Rank Oldbie
Rank
Oldbie

isn't SMT from Ryzen also affected?

Reply 137 of 151, by appiah4

User metadata
Rank l33t++
Rank
l33t++
SPBHM wrote:

isn't SMT from Ryzen also affected?

Nope.

Reply 138 of 151, by Jasin Natael

User metadata
Rank Oldbie
Rank
Oldbie

Ryzen is unaffected for sure.

Reply 139 of 151, by 386SX

User metadata
Rank l33t
Rank
l33t

But have latest Ryzen problems with the older bugs of the thread subject beside the software patches and the latest cpu "hardware mitigations"? (even if the hardware "patch" feels someway unsecure itself anyway).
With the hyperthreading problem too I'd call this the revenge of the older Atom cpu up the D2500 version that many people criticized for their speed. Take that faster cpus! 😁