# Meltdown and Spectre: ‘worst ever’ CPU bugs affect virtually all computers



## kg11sgbg (Jan 4, 2018)

*Meltdown* vulnerability is only affected by Intel CPU's.
*Spectre* vulnerability is affected by AMD,ARM and Intel chipsets/CPU's.

Both these vulnerabilities are widespread and global,no pace to hide,nowhere to run.
*All of us* are being the affected users.

Source : Meltdown and Spectre: ‘worst CPU bugs ever’ affect virtually all computers



> Serious security flaws that could let attackers steal sensitive data, including passwords and banking information, have been found in processors designed by Intel, AMD and ARM.
> 
> The flaws, named Meltdown and Spectre, were discovered by security researchers at Google’s Project Zero in conjunction with academic and industry researchers from several countries. Combined they affect virtually every modern computer, including smartphones, tablets and PCs from all vendors and running almost any operating system.
> 
> Meltdown is “probably one of the worst CPU bugs ever found”, said Daniel Gruss, one of the researchers at Graz University of Technology who discovered the flaw.


----------



## chimera201 (Jan 8, 2018)

The funny thing about this is that programs that are coded with best practices in mind are more prone to this exploit


----------



## Desmond (Jan 8, 2018)

What's weird is that this was only discovered recently when the bug has been around for more than a decade.


----------



## Hrishi (Jan 9, 2018)

Desmond David said:


> What's weird is that this was only discovered recently when the bug has been around for more than a decade.


You mean agencies were already aware and have been keeping it as a secret under NoBodyButThem type of policy ?
Hmmmm... Could be. In fact, very likely. 

Sent from my ONE E1003 using Tapatalk


----------



## ico (Jan 9, 2018)

Looks like Ryzen is the smarter choice.


----------



## Desmond (Jan 9, 2018)

Hrishi said:


> You mean agencies were already aware and have been keeping it as a secret under NoBodyButThem type of policy ?
> Hmmmm... Could be. In fact, very likely.
> 
> Sent from my ONE E1003 using Tapatalk


This is why we need more open source hardware so that the public can scrutinize the architecture more closely and find out about defects sooner.


----------



## Vyom (Jan 9, 2018)

Can anyone link the hotfixes. Wasn't Microsoft supposed to release a proper hotfix today, ie, 9th Jan 2018?


----------



## Flash (Jan 9, 2018)

Vyom said:


> Can anyone link the hotfixes. Wasn't Microsoft supposed to release a proper hotfix today, ie, 9th Jan 2018?


Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs


----------



## Vyom (Jan 9, 2018)

Flash said:


> Microsoft halts AMD Meltdown and Spectre patches after reports of unbootable PCs


Oh damn man. I can live with this spectre and meltdown.. but not with unbootable PC. ;-;


----------



## billubakra (Jan 9, 2018)

Vyom said:


> Can anyone link the hotfixes. Wasn't Microsoft supposed to release a proper hotfix today, ie, 9th Jan 2018?


How to protect yourself from Meltdown and Spectre CPU flaws


----------



## whitestar_999 (Jan 9, 2018)

@Vyom rest easy,AMD processors are not vulnerable to Meltdown so you can skip security patches for those.As for Spectre,again AMD processors are comparatively more secure than intel processors so focus on getting browsers updates as this vulnerability may be exploited through a java script in a browser.Also the worst case scenario of these vulnerabilities is that your secret information residing in PC memory(like cookies storing logins,any encryption program incl keystroke scramblers,any password entered into any browser window or tab)can be read & sent out as long as the malicious java script is running in any browser/software.


----------



## Vyom (Jan 9, 2018)

whitestar_999 said:


> @Vyom rest easy,AMD processors are not vulnerable to Meltdown so you can skip security patches for those.As for Spectre,again AMD processors are comparatively more secure than intel processors so focus on getting browsers updates as this vulnerability may be exploited through a java script in a browser.Also the worst case scenario of these vulnerabilities is that your secret information residing in PC memory(like cookies storing logins,any encryption program incl keystroke scramblers,any password entered into any browser window or tab)can be read & sent out as long as the malicious java script is running in any browser/software.


Damn. But I don't have Amd chip. I have i5 4570 and RX 480.

Sent from my LG-H870DS using Tapatalk


----------



## Hrishi (Jan 9, 2018)

Vyom said:


> Oh damn man. I can live with this spectre and meltdown.. but not with unbootable PC. ;-;


You have been living with it since ages, all of us xD.
The scary part is when you don't know what else is hiding under the hood.



Sent from my ONE E1003 using Tapatalk


----------



## Hrishi (Jan 9, 2018)

Desmond David said:


> This is why we need more open source hardware so that the public can scrutinize the architecture more closely and find out about defects sooner.


True that. Raspberry wasn't impacted by this, was it? 

Sent from my ONE E1003 using Tapatalk


----------



## whitestar_999 (Jan 9, 2018)

Vyom said:


> Damn. But I don't have Amd chip. I have i5 4570 and RX 480.
> 
> Sent from my LG-H870DS using Tapatalk


My mistake,I confused your gpu with cpu!In any case just open banking sites in a single browser window with no other browser/tab running(just like olden times) in incognito mode & after session is done,close browser then clean history/cache(it seems even in private/incognito mode some data remains in memory/cache for a few minutes).Of course delete all banking sites related cookies/data in your browsers before this.Always use latest browser versions & keep your AV updated.


----------



## Vyom (Jan 9, 2018)

whitestar_999 said:


> My mistake,I confused your gpu with cpu!In any case just open banking sites in a single browser window with no other browser/tab running(just like olden times) in incognito mode & after session is done,close browser then clean history/cache(it seems even in private/incognito mode some data remains in memory/cache for a few minutes).Of course delete all banking sites related cookies/data in your browsers before this.Always use latest browser versions & keep your AV updated.


Thanks man. I do always browse banking site only in a new incognito mode. And don't save banking passwords in browser. I think I am safe on the banking site side of things. 

For all other important sites which I access from non incognito mode like Gmail, crypto currency sites, dual authentication will take care of that.


Sent from my LG-H870DS using Tapatalk


----------



## whitestar_999 (Jan 9, 2018)

Vyom said:


> Thanks man. I do always browse banking site only in a new incognito mode. And don't save banking passwords in browser. I think I am safe on the banking site side of things.
> 
> For all other important sites which I access from non incognito mode like Gmail, crypto currency sites, dual authentication will take care of that.
> 
> ...


Just "new incognito mode" is not enough unless it is the "only open browser" in whole PC.e.g.opening a bank site in incognito mode in chrome while another site/sites are opened in firefox/IE/opera etc are vulnerable.Still my next system will most likely be AMD as Ryzen 3 1200 is now at ~6600 compared to G4560's price of ~5400 & Ryzen 2200G with integrated vega graphics is announced yesterday at a price of $99 with release date in 2nd week of Feb.


----------



## chimera201 (Jan 9, 2018)

NSA says it didn't know about the exploit



> Rob Joyce, White House cybersecurity coordinator, said, “NSA did not know about the flaw, has not exploited it and certainly the U.S. government would never put a major company like Intel in a position of risk like this to try to hold open a vulnerability.”



Huge security flaws revealed — and tech companies can barely keep up


----------



## Hrishi (Jan 10, 2018)

chimera201 said:


> NSA says it didn't know about the exploit
> 
> 
> 
> Huge security flaws revealed — and tech companies can barely keep up


hahahahahah


----------



## Flash (Jan 10, 2018)

chimera201 said:


> NSA says it didn't know about the exploit
> 
> 
> 
> Huge security flaws revealed — and tech companies can barely keep up


Are they trying to underplay this time? 
maybe they didn't know how to exploit this exploit.


----------



## maheshn (Jan 13, 2018)

In depth details about the bugs, patching used and how it affects perfomance.....


Here’s how, and why, the Spectre and Meltdown patches will hurt performance


----------



## quicky008 (Jan 15, 2018)

There's been a lot of ruckus and conflicting reports about meltdown and specter in the tech communities of late-from what i've read so far,it seems protection against the meltdown bug can be implemented at OS level in the form of hotfixes and patches.Unfortunately however this doesn't seem to be the case with Specter for which one the only known fix(atleast partially)is to install some kind of microcode update that is being issued by the cpu manufacturer(Intel in this case i believe).

However microcode updates have to be incorporated into the bios and then one must update their motherboard's bios itself to enable the safeguards to take effect-but so far majority of motherboard manufacturers have only issued bios updates for newer generation of intel cpus,leaving users of older systems(especially those still using hardware that dates back to 2012 or older)out in the cold;it seems for such users,there's very little chance that they will ever receive any bios updates to resolve this major flaw with their cpus.

As the owner of 2-3 such systems (that use older intel cpus),this makes me really concerned as to how long can i continue using them without being affected by the specter bug(or any of its variants)in the foreseeable future.I don't think any bios updates will ever be released for such older platforms-so what is someone supposed to do in that case?Even if bios updates are released eventually,it will not be possible for everyone to install them seamlessly either as updating the bios is risky and it might brick an older device that's out of warranty.

Also its just as difficult for everyone to retire such older hardware and opt for newer,more secure products immediately as that entails a significant expenditure of time and money.So are there any workarounds or alternative fixes of the specter bug.It seems operating systems like Windows and linux are capable of loading cpu microcodes during boot-so can the microcode updates be implemented in the OS itself instead of the bios so that updating the bios is no longer required?

What problems are someone likely to face if he is still using an unsecured system when exploits that take advantage of these vulnerabilities start becoming more common in the near future?I'd appreciate if someone could throw some light on this matter as its confounding(and scary)to say the least.

(ps- apologies for the lengthy post)


----------



## whitestar_999 (Jan 16, 2018)

Here is the summary I gathered from reading some quite detailed reddit & wilders thread:
6th gen & newer intel processors+win 10=least impact
4th gen & older intel processors+win 10=more impact
4th gen & older intel processors+win 7/8=most impact

Win 10 works differently from win 7/8 which increases the performance impact on these older windows versions.Similarly 7th & 8th gen intel processors have more efficient architecture which results in lesser impact on performance compared to older gen intel processors.

SSD performance(especially random/4k read write) is most likely affected(on some systems even by 20-30% in random/4k read write) in all scenarios.

These vulnerabilities basically allow a malicious script running in a browser to access all data in memory & cache meaning any password entered in any browser/program window or saved login info in any browser cookies & any password in ram(e.g.password managers,keystroke scramblers,encryption software etc) can be accessed.Security experts believe that as of now there are no such scripts that are being used in real world exploiting these vulnerabilities but potential is there.

Meltdown bug affects only intel processors while Spectre bug affects almost all processors though exploiting Spectre bug on AMD processors is much more difficult compared to Intel processors.

Best solution to above is:Only open one browser window(in entire system aka no other browser/tab) to surf important financial transaction related sites(like bank sites) in incognito/private mode & after completing your task,close the browser & wait for a few minutes so nothing remains in ram or hdd related to that browsing session.Of course delete all saved passwords/login info related to important sites from all browsers too.Always use latest version of any browser & keep your windows & AV updated.


----------



## quicky008 (Jan 16, 2018)

does it still make sense to get an used Xeon or a Core i series cpu for a cheap gaming or workstation build now,given that the recently unveiled meltdown and specter bugs are known to make them highly susceptible to various security exploits? Can using one of the chips that are known to be affected by these bugs(esp. Specter which is targeted at intel cpus)seriously compromise the security of a system?


----------



## whitestar_999 (Jan 16, 2018)

See my above reply.


----------



## quicky008 (Jan 16, 2018)

Thanks for the comprehensive explanation,whitestar_999-will keeping the OS up-to-date with the latest patches provide any level of protection at all against meltdown and specter(even on older systems that dont have the latest bios installed)?Also is it true that even if a system has been compromised by any of the aforesaid exploits,it wont be detected by any av or security program as they can bypass them all by exploiting a flaw in the cpu's architecture?


----------



## whitestar_999 (Jan 16, 2018)

Forgot to add one thing,not all software patches are available for 32bit windows.

Yes,software patches in combination with BIOS updates only will provide all levels of protection against "currently known" methods of exploiting these vulnerabilities(currently known methods are not all the possible methods to exploit these vulnerabilities as per many security researchers). Linux doesn't require BIOS updates like windows as one can patch cpu microcodes on reboot with a linux kernel unlike windows which must need cpu microcodes in updated BIOS to run them in windows.

These vulnerabilities can allow javascript running in a browser to access all information in memory.This is not installation of something because nothing actually came to your system & that is why it can not be detected by any current AV/similar software.The malicious javascript is running on a remote server & your browser is merely translating this javascript to machine instructions & simply reading data in memory(no modification/deletion/corruption of files etc). Once you close the browser window it is gone leaving no trace behind.


----------



## Flash (Jan 17, 2018)

How to Check if Your PC or Phone Is Protected Against Meltdown and Spectre


----------



## whitestar_999 (Jan 17, 2018)

The tools mentioned in above link are not exactly meant for typical home users & probably why microsoft actually added InSpectre tool to dangerous program in its WD database as well as smart screen filter.In any case as long as bios update is not released for your desktop mobo bios/laptop bios,there isn't even any need to check as that automatically means a system is vulnerable.


----------



## topgear (Jan 18, 2018)

I'm not scared but not ignorant either. My guess like other this flaw is there for a long time and for a reason for security agencies to steal data and at-least wannacry type thing did not spread through such cpu bug.
This bug only discovered now and what else is there on the processor to steal data god only knows.

I'm still on win7 so using a browser incognito mode is all I can think off. But this new bug sure will increse the sell of 'new' hardware by a big margin especially corporate client base where there are many old computers still in use as they don't need any extra processing power or a new OS but for safe guarding data they may incline more towards cluoud solutions or newer hardware and the same goes for many of us ie getting newer hardware - so I can see this as a security breach and at the same time a business plan.


----------



## whitestar_999 (Jan 18, 2018)

topgear said:


> I'm not scared but not ignorant either. My guess like other this flaw is there for a long time and for a reason for security agencies to steal data and at-least wannacry type thing did not spread through such cpu bug.
> This bug only discovered now and what else is there on the processor to steal data god only knows.
> 
> I'm still on win7 so using a browser incognito mode is all I can think off. But this new bug sure will increse the sell of 'new' hardware by a big margin especially corporate client base where there are many old computers still in use as they don't need any extra processing power or a new OS but for safe guarding data they may incline more towards cluoud solutions or newer hardware and the same goes for many of us ie getting newer hardware - so I can see this as a security breach and at the same time a business plan.


It is nothing but trading speed for security especially by Intel.The reason why Intel processors,especially since core2duo era,are on an average always faster than AMD processors is because of the sacrifices Intel made on security front to keep their processors ahead of AMD.Because of this reason Intel processors are affected by Meltdown bug but not AMD processors & also the reason why Intel processors are much more susceptible to Spectre bug than AMD processors.

No new hardware(aka processor) immune against Spectre is going to be launched in the market for at least 2-3 years because it requires a complete rewriting of cpu architecture which neither Intel nor AMD can do even in a year.Also "Cloud hardware" is much more affected by these bugs because unlike consumer desktop/laptop,cloud hardware runs shared servers & now anybody can rent a cheap server to run on some of the biggest cloud service hardware providers & potentially exploit these bugs to access crucial information from other servers of companies/organizations running on same cloud hardware.That is also the reason why some cloud service become slow after application of these patches because unlike consumer systems they don't have the luxury of not installing patches & waiting for things to clear.

Right now AMD hardware is the better option to buy even after taking into account its vulnerability to Spectre.


----------



## Hrishi (Jan 19, 2018)

whitestar_999 said:


> It is nothing but trading speed for security especially by Intel.The reason why Intel processors,especially since core2duo era,are on an average always faster than AMD processors is because of the sacrifices Intel made on security front to keep their processors ahead of AMD.Because of this reason Intel processors are affected by Meltdown bug but not AMD processors & also the reason why Intel processors are much more susceptible to Spectre bug than AMD processors.
> 
> No new hardware(aka processor) immune against Spectre is going to be launched in the market for at least 2-3 years because it requires a complete rewriting of cpu architecture which neither Intel nor AMD can do even in a year.Also "Cloud hardware" is much more affected by these bugs because unlike consumer desktop/laptop,cloud hardware runs shared servers & now anybody can rent a cheap server to run on some of the biggest cloud service hardware providers & potentially exploit these bugs to access crucial information from other servers of companies/organizations running on same cloud hardware.That is also the reason why some cloud service become slow after application of these patches because unlike consumer systems they don't have the luxury of not installing patches & waiting for things to clear.
> 
> Right now AMD hardware is the better option to buy even after taking into account its vulnerability to Spectre.


The day we see a malware exploiting this flaw and becomes publicly available... It will be devastating.

Sent from my ONE E1003 using Tapatalk


----------



## whitestar_999 (Jan 19, 2018)

Meltdown can be patched at the cost of performance & patching Spectre to some extent is possible provided your intel system mobo is fairly recent(aka at least 6th gen). As for spectre,exploiting it is far more difficult compared to meltdown so its target will most likely be big organizations/lucrative businesses & not home users.


----------



## quicky008 (Jan 20, 2018)

so if an older system doesn't receive a bios update,does it mean its practically worthless (from a security standpoint)and deserves to be chucked out of the nearest window?This will render a huge number of otherwise high-performance intel cpus obsolete overnight as they belong to older generations/platforms for which no mobo manufacturer will ever release any updated bios files-this very thought itself is disturbing as well as saddening!


----------



## whitestar_999 (Jan 21, 2018)

Bios update is mainly for Spectre bug,MS windows patches are for Meltdown bug.I have edited my earlier post for clarification.Exploiting Spectre bug is difficult so most likely its target will be big organizations.Spectre bug can be theoretically executed via a mere javascript running in a browser so for safety remove all saved login info related to banking/sensitive sites from all browsers/programs & open only one browser window(no other tab/browser open in system) in incognito/private mode when doing banking/sensitive transactions & close it after logging out & wait for 1-2 minutes before launching same/another browser for usual surfing.Also keep all browsers updated at all time.


----------



## billubakra (Jan 23, 2018)

whitestar_999 said:


> The tools mentioned in above link are not exactly meant for typical home users & probably why microsoft actually added InSpectre tool to dangerous program in its WD database as well as smart screen filter.In any case as long as bios update is not released for your desktop mobo bios/laptop bios,there isn't even any need to check as that automatically means a system is vulnerable.





whitestar_999 said:


> Bios update is mainly for Spectre bug,MS windows patches are for Meltdown bug.I have edited my earlier post for clarification.Exploiting Spectre bug is difficult so most likely its target will be big organizations.Spectre bug can be theoretically executed via a mere javascript running in a browser so for safety remove all saved login info related to banking/sensitive sites from all browsers/programs & open only one browser window(no other tab/browser open in system) in incognito/private mode when doing banking/sensitive transactions & close it after logging out & wait for 1-2 minutes before launching same/another browser for usual surfing.Also keep all browsers updated at all time.



As per the link shared by @Flash How to Check if Your PC or Phone Is Protected Against Meltdown and Spectre my laptop is vulnerable to spectre, will check the pc when I am at home. Few things, how to update bios? I have an Intel processor i5 generation 5th or 6th I guess, how to be sure about it and an Ryzen 1600 in the pc. Is there any need to update the processor's drivers from device manager?
About browser update, I have not saved any of the bank related passwords in the browser and I am not updating the browser as all versions of FF above v56 don't support the older extensions. Well that's the risk I am willing to take.


----------



## bssunilreddy (Jan 23, 2018)

*i.imgur.com/q8HmfAF.png


----------



## chimera201 (Jan 23, 2018)

Intel's Patch for Meltdown, Spectre "Complete and Utter Garbage:" Linus Torvalds


----------



## whitestar_999 (Jan 24, 2018)

bssunilreddy said:


> *i.imgur.com/q8HmfAF.png


Every Intel processor is affected by Meltdown as well as Spectre bug,windows patch is for meltdown bug(it is this patch that reduces performance of intel processors) & 1st variant of Spectre bug that comes through windows update.Bios update of mobo manufacturer only address 2nd variant of Spectre.*There is practically no pc processor currently in the world that is not vulnerable against Spectre.That tool only shows "yes" for reason that spectre os patch & spectre bios patch is applied,removing spectre vulnerability requires a new design processor completely different from current processor designs.
*
@billubakra for intel laptops BIOS update from laptop manufacturer is required for Spectre v2 mitigation but don't be in a hurry because in last few days many laptop manufacturers(incl Dell & HP) had to recall bios updates after many complaints about system reboots & system instability issues.For AMD systems only Spectre patches are required & Spectre v1 patch will be provided by MS through update while Spectre v2 patch require bios update from your system mobo manufacturer.


----------



## billubakra (Jan 24, 2018)

whitestar_999 said:


> Every Intel processor is affected by Meltdown as well as Spectre bug,windows patch is for meltdown bug(it is this patch that reduces performance of intel processors) & 1st variant of Spectre bug that comes through windows update.Bios update of mobo manufacturer only address 2nd variant of Spectre.*There is practically no pc processor currently in the world that is not vulnerable against Spectre.That tool only shows "yes" for reason that spectre os patch & spectre bios patch is applied,removing spectre vulnerability requires a new design processor completely different from current processor designs.
> *
> @billubakra for intel laptops BIOS update from laptop manufacturer is required for Spectre v2 mitigation but don't be in a hurry because in last few days many laptop manufacturers(incl Dell & HP) had to recall bios updates after many complaints about system reboots & system instability issues.For AMD systems only Spectre patches are required & Spectre v1 patch will be provided by MS through update while Spectre v2 patch require bios update from your system mobo manufacturer.


Thanks. Won't update the lappy's bios. My pc has a Asus B350 plus mobo. How to update its bios? Have they released a stable version?


----------



## whitestar_999 (Jan 24, 2018)

Doesn't seem so as latest bios is dated 08/12/2017 but AMD processors are much harder to exploit using Spectre v2 so it is not a priority & Spectre v1 patch is provided by MS windows update.
PRIME B350-PLUS  BIOS & FIRMWARE | Motherboards | ASUS India


----------



## Vyom (Jan 24, 2018)

So I found out from that GUI utility that my PC is not vulnerable to Meltdown (maybe having upto date Win 10 fixed it). But it IS vulnerable to Spectre.

So is BIOS update the only way to patch against Spectre?

Edit: I think so it IS. So let's start searching BIOS update for my MSI mobo.

Edit 2: MSI website don't have an update for my mobo. Last update was released in 2015 
Support For H87M-G43 | Motherboard - The world leader in motherboard design | MSI Global


----------



## whitestar_999 (Jan 25, 2018)

Meltdown bug only affects Intel processors & it can be patched via software update provided by MS at the cost of performance(6th gen or newer processors+win 10 is the least affected combo).There are two versions of Spectre bug(v1 & v2),Spectre v1 can be patched using software update(again by MS) but Spectre v2 can only be patched using bios update(again Intel processors are much more easier to exploit with Spectre v2 compared to AMD processors).Also these Spectre patches(software & bios) only protects against one specific Spectre based exploit.As long as new architecture processors don't come into market(at least 2-3 years) there will always be some known or unknown Spectre vulnerability present in all processors.

@Vyom don't hold your breath for 4th gen mobo bios updates,anything older than 6th gen mobo most likely won't get bios update except maybe for some high end mobos.


----------



## Vyom (Jan 25, 2018)

whitestar_999 said:


> @Vyom don't hold your breath for 4th gen mobo bios updates,anything older than 6th gen mobo most likely won't get bios update except maybe for some high end mobos.


WTH. So should I stop using PC altogether! Most of the PCs then, will just be in the limbo? Open to be attacked!?!


----------



## billubakra (Jan 25, 2018)

Vyom said:


> WTH. So should I stop using PC altogether! Most of the PCs then, will just be in the limbo? Open to be attacked!?!


What will the hackers steal if they hack our pc? Movies, songs?


----------



## Vyom (Jan 26, 2018)

billubakra said:


> What will the hackers steal if they hack our pc? Movies, songs?


AFAIK, credentials are the most likely thing that can be stolen, innit?


----------



## Hrishi (Jan 26, 2018)

Vyom said:


> AFAIK, credentials are the most likely thing that can be stolen, innit?


Why so paranoid? 

Sent from my ONE E1003 using Tapatalk


----------



## Vyom (Jan 26, 2018)

Hrishi said:


> Why so paranoid?


I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.


----------



## Darth Vader (Jan 26, 2018)

Vyom said:


> I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.


You're on the right track


----------



## billubakra (Jan 26, 2018)

Vyom said:


> I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.


I used to think the same brother. But we have no control over the OEM's regarding the patch. So, why worry about something on which we have no control? I too ride a bike, what's the guarantee that I  will come back home and won't be run down by a truck? So, don't stress about it. Remember, "Jab kismat ho gandu to kya karega pandu"


----------



## whitestar_999 (Jan 26, 2018)

Vyom said:


> WTH. So should I stop using PC altogether! Most of the PCs then, will just be in the limbo? Open to be attacked!?!


Don't get too worried,Meltdown bug can be patched by MS window updates & exploiting Spectre bug is quite tricky so chances of using it to steal credentials from individuals' PC is very little(if already using precautions like safe browsing,single browser window for sensitive transactions then even less).Keep using your PC & for your next system 2-3 years later get AMD processor free from Spectre bug(Intel's handling of this issue is quite poor & they deserve significant market share loss).


----------



## quicky008 (Jan 26, 2018)

Vyom said:


> I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.


Your statements echo my thoughts as well-i have 2 3rd gen intel systems which are still functional but its highly unlikely that their mobo manufacturers will ever release any updated bios for them,thereby making them vulnerable to this much dreaded specter bug.

What concerns me is that while these machines are working just fine,there may come a day in the not so distant future when i may be compelled to retire them if exploits based on specter start surfacing at an alarming rate-and to think all this could have been mitigated with a simple bios update which these accursed mobo manufacturers have refused to provide simply because these motherboards are a bit older.If only MS could include the updated cpu microcodes with any of their upcoming OS patches,then updating the bios wouldn't have been necessary anymore.


----------



## billubakra (Jan 26, 2018)

quicky008 said:


> Your statements echo my thoughts as well-i have 2 3rd gen intel systems which are still functional but its highly unlikely that their mobo manufacturers will ever release any updated bios for them,thereby making them vulnerable to this much dreaded specter bug.
> 
> What concerns me is that while these machines are working just fine,there may come a day in the not so distant future when i may be compelled to retire them if exploits based on specter start surfacing at an alarming rate-and to think all this could have been mitigated with a simple bios update which these accursed mobo manufacturers have refused to provide simply because these motherboards are a bit older.If only MS could include the updated cpu microcodes with any of their upcoming OS patches,then updating the bios wouldn't have been necessary anymore.


Brother read my above post. You shouldn't let these petty things worry you. If you are so concerned follow the steps @whitestar_999 has mentioned above like using incognito mode etc.


----------



## whitestar_999 (Jan 26, 2018)

quicky008 said:


> Your statements echo my thoughts as well-i have 2 3rd gen intel systems which are still functional but its highly unlikely that their mobo manufacturers will ever release any updated bios for them,thereby making them vulnerable to this much dreaded specter bug.
> 
> What concerns me is that while these machines are working just fine,there may come a day in the not so distant future when i may be compelled to retire them if exploits based on specter start surfacing at an alarming rate-and to think all this could have been mitigated with a simple bios update which these accursed mobo manufacturers have refused to provide simply because these motherboards are a bit older.If only MS could include the updated cpu microcodes with any of their upcoming OS patches,then updating the bios wouldn't have been necessary anymore.


See my earlier reply,Spectre exploits are not your usual exploits & require quite sophisticated programming skills.Nobody is going to use Spectre exploits for stealing credentials from individuals' PCs unless they are targeted by 3/similar letter agencies of various countries.BIOS updates only prevents against "one known form of Spectre v2 bug" nothing more(Spectre v1 bug has no hardware patch,only software patch by windows & again only for one known form of Spectre v1).


----------



## quicky008 (Jan 26, 2018)

Thanks whitestar and billubakra-yes its being suggested that one requires a high degree of proficiency in programming and thorough knowledge of the intricacies of the way cpus work to be able to exploit the specter related loophole properly.But even would be hackers and the so-called script kiddies are getting increasingly precocious these days,so one never knows.

Btw are AMD's ryzen cpus impregnable to specter?Since eliminating these flaws requires a complete overhaul of the way cpus are designed right now,when can we expect newer processors to emerge that are immune to such threats or vulnerabilities?


----------



## Vyom (Jan 26, 2018)

My "we are doomed" comment might have been an exaggeration of the fact that I am binge watching Rick and Morty this week. I just had a tad too much of Rick and Morty. Damn.

Also, how can it be that OS can't fix this bug. I hope we can try to make our peace with it. And hope we can work on our PCs knowing it has cancer. Together we can do it. Fight it. Live with it. In the end, torch it on fire and buy Ryzens.


----------



## karthik99387 (Jan 26, 2018)

> I am paranoid on behalf of most of people on this planet infected with this hardware bug that they have no control over, and are on the mercy of motherboard manufacturers. Oh well. We are doomed.


Dont all the tech gaints work with NSA so they can access these backdoors and eavesdrop on anyone on any part of the world?
When were we safe...?


----------



## chimera201 (Jan 26, 2018)

Should be worried more about Aadhaar rather than meltdown/spectre.


----------



## Darth Vader (Jan 26, 2018)

*Intel Announces 'In-Silicon' Fixes For Meltdown And Spectre Coming This Year*
Intel Announces 'In-Silicon' Fixes For Meltdown And Spectre Coming This Year, 10nm Update


----------



## whitestar_999 (Jan 26, 2018)

Vyom said:


> My "we are doomed" comment might have been an exaggeration of the fact that I am binge watching Rick and Morty this week. I just had a tad too much of Rick and Morty. Damn.
> 
> Also, how can it be that OS can't fix this bug. I hope we can try to make our peace with it. And hope we can work on our PCs knowing it has cancer. Together we can do it. Fight it. Live with it. In the end, torch it on fire and buy Ryzens.


OS can't fix Spectre bug because the bug is in the fundamental design of all processors(incl Ryzen).Meltdown bug was fixable by a software patch because it was caused by Intel's weak security handling of cpu instructions(that is why only Intel & not amd processors are affected by meltdown bug) which the patch takes care of by checking/rechecking instructions leading to performance loss.

A good read for getting the basics about these bugs in an interesting non technical way:
An Explanation of the Meltdown/Spectre Bugs for a Non-Technical Audience


----------



## billubakra (Jan 26, 2018)

Yaar meltdown, spectre ko choro. Petrol is hitting 80rs./litres, any patch for this?


----------



## whitestar_999 (Jan 27, 2018)

Pray for peace in middle eastern countries,they control petrol prices!


----------



## billubakra (Jan 27, 2018)

whitestar_999 said:


> Pray for peace in middle eastern countries,they control petrol prices!


+1. Also control VAT % in our country & stoppage of free/discount rate petrol to mantris.


----------



## whitestar_999 (Jan 27, 2018)

billubakra said:


> +1. Also control VAT % in our country & stoppage of free/discount rate petrol to mantris.


Petrol was never sold in India at its current international price,it was always subsidised & the reason for India's huge import bill.The prices have been deregulated for a few years now.Petrol & Diesel don't come under GST & if govt reduces taxes on them to reduce their price then govt's income will also reduce significantly.There is no such thing as free in this world,it is better to accept fuel prices as they are & instead focus on reducing expenditure elsewhere.


----------



## bssunilreddy (Jan 27, 2018)

Several companies like Asus, MSI & Gigabyte removed their Meltdown & Spectre bugs rectified Bioses and Drivers. 
New updated software is being tested and shall be released shortly by the respective companies.

I think Intel released rectified measures in a haste without testing their validity. Now it has already re-released rectified updated measures(softwares) to the OEMs. The OEMs are in the process of testing them before releasing it to general public(end users)

The Microcode updates given by AMD has already rectified their Processors and Graphics Processors for Meltdown but for Spectre updated softwares are yet to be released by AMD.

To the general public, these 2 bugs are not much of inconvenience but it affects Enterprise Systems used for mission critical operations.

What does the hackers will find in normal systems like ours, ex: Games, songs etc


----------



## bssunilreddy (Jan 27, 2018)

AMD might have known about these bugs when it was releasing Ryzen Processors, so released microcode updates beforehand. Even Intel might have known including all other chip manufacturers but they gave less importance to it before being blown out of proportions about these 2 bugs.

Now they are licking their wounds but I think updated measures will be available by next month and continue into next year as well. The updates will be released in increments correcting one flaw at a time because it is hardware based right.


----------



## whitestar_999 (Jan 27, 2018)

@bssunilreddy *AMD processors are not affected by Meltdown bug.Spectre bug has two versions v1 & v2.For Spectre v2 bios/processor microcode update is required.For Spectre v1 there are only software updates(OS & browsers).*


----------



## bssunilreddy (Jan 27, 2018)

whitestar_999 said:


> @bssunilreddy *AMD processors are not affected by Meltdown bug.Spectre bug has two versions v1 & v2.For Spectre v2 bios/processor microcode update is required.For Spectre v1 there are only software updates(OS & browsers).*


The Meltdown and Spectre CPU Bugs, Explained

Sent from my Moto G (5) Plus using Tapatalk


----------



## whitestar_999 (Jan 27, 2018)

bssunilreddy said:


> The Meltdown and Spectre CPU Bugs, Explained
> 
> Sent from my Moto G (5) Plus using Tapatalk


And your point being?The reason I am asking is why you quoted my post because there is no error in my post so I don't need to understand anything from that link you posted.


----------

