Search the Community

How can I completely uninstall the spectre/meltdown patch? Running old i3 CPU on a gateway computer, can't upgrade to ivy bridge since they don't offer a bios update. I've been using InSpectre to disable/enable the patches and I've found large performance differences in benchmarks. Wondering if there's a way to completely uninstall these patches, also is there an option to disable/uninstall these patches on android? I don't really care about the security tbh. Heard it's mostly been mitigated in web browsers anyways and I'm relatively conscious in what I use

Do you think that core i3 from Skylake is prone to hardware vulnerabilities?

Alright I can't help but think how the hell have these vulnerabilities not been found during all these years Intel was dominating and we're only finding about them NOW, after AMD have found such success with Ryzen? What have people been doing all this time?

ok i may be behind the times but i only found this patch yesterday. KB4497165: Intel microcode updates Apparently it's optional and it's now version 4 i just did a few simple benchmarks to resolve to myself the performance hit to my i7-4790k and actually i didn't even see the 4790k mentioned in the patch details... (although every other Haswell was mentioned, e.g. 4770k) but i installed it anyways and here are the results: (see attached image) Keep in mind i only ran these tests once. i also have the latest BIOS for cpu microcode on Win10 1909 Before “windows10.0-kb4497165-v4-x64” - fresh reboot Score 1908 Using “InSpectre.exe” to disable Spectre & Meltdown - reboot Score 1930 Renabled “InSpectre.exe” to enable Spectre & Meltdown Then Installed “windows10.0-kb4497165-v4-x64”- reboot Score 1946 Whatever this means is up to you, but i'm happy enough not to disable any patch for performance reasons. It's called V4 and Microsoft recommends re-installing it

I want to build a budget NAS and I found a really cheap i7 3770 but does it have protection against Spectre and Meltdown?

AMD has introduced a performance penalty in their latest update to their AGESA 1.0.0.4 Microcode. This update decreases the multi-threaded performance of the CPU by more than 15%. I have been in contact with Gigabyte and they acknowledged the problem and were able to reproduce the results as well. The performance decrease can be noticed using real world applications and synthetic benchmarks such as Passmark's PerformanceTest. Gigabyte said they would be contacting AMD about the issue. I have since tested this on two other motherboard manufactures and found the same result. Could someone test the Ryzen 5 2600x and see if this penalty exists there as well? My guess at the moment is a variant of Spectre flaw was patched and has critically hindered the performance and AMD just silently didn't tell anyone. Be warned for anyone buying the Ryzen 7 2700x and getting the expected performance that has been reported in the past. This patch has hit the overall performance of the CPU.

Hi, I Just sold my i7-8700K to buy the i9 9900K (don't need a lesson in price/performance, i just wanted the best and using the money i sold the i7 for made the i9 not that expensive), and i am wondering whether the same problems* experienced by the 8th gen still exist. *meltdown & spectre etc If i understand it correctly the bugs where an architectural flaw which could only be "fixed" (but more like "botched" leading to marginal performance decrease, especially in storage if i remember correctly) by updating BIOS and windows drivers. Did they mange to fix the flaw before the 9th gen? Surely it makes sense for consumers to think so as a new product shouldnt have a flaw, but at the same time fixing a architectural flaw, implementing it and then get it through new testing phase, then getting it into production must take some time. Do anyone know whether it is fixed, and if so do you have sources? I tried to search google with no luck, probably an answer out there but must be buried in "news and leaks" which mostly came up. And one more thing, I had to update my bios to newest version (i have z370) to support 9th gen, is the bios patch applied regardless what CPU is installed (only relevant if 9th gen is fixed), I know this question is way more techinical and harder to find out, but I would be surprised if they managed to make 2 different versions to operate in the BIOS for different CPU generations, but maybe it's not that difficult, as said IDK. Thanks in advance

Hi all, I wanted to ask about wether or not i should turn off spectre and meltdown protection on my PC. When i'm playing RDR2 and when i'm in cities/towns, i get bad stutter des[ite of my FPS being higher or very close to 60. I tried every fix and it was all in vain until someone suggested to turn this malware protection off. This worked and completely got rid of the stuttering and also gave me a few bonus FPS. I'm running an i7-4790 in my pc. So, the chances are i never even got a patch for it because despite my CPU being old, my bios isn't updated as well? The performance difference after disabling this from the software "InSpectre" is noticable. What i usually do is when i want to play intensive games, i turn this off and restart my PC and stay away from internet browsers and turn it back on when i'm done and again restart (It requires a restart to apply the change). Should i just turn it off or keep doing what i do? Thanks! Specs: i7-4790 cooled by Cooler Master MA410p, 16GB DDR3 1600mhz, MSI GTX 1070, 240GB GIGABYTE SSD (boot), 2TB WD Blue HDD (Games), CORSAIR HX620 PSU (620w 80+ Standard)

Primary Source: Intel (PDF), Research Paper (PDF), ARM (PDF) Secondary Source: Bleeping Computer Looks like CPU vulnerabilities will just keep popping out as security researchers continue to poke holes and chip makers are playing a game of whack-a-mole with these vulnerabilities. I have a feeling that 2018 will end and security researchers have found variant 10 vulnerability and it will come as a smear campaign by a CTS lab wannabe and will give Intel 12 hours to patch it. As of now no software mitigations are available but Intel is working with their partners on how to mitigate attacks taking advantage of the exploit at the software level. Microsoft for instance has recently released an advisory that they too are looking into this as well as ARM. If there's any consolation, the security researcher applied for Intel's bug bounty program via HackerOne and got paid $100,000. I don't really get as to why AMD is not listed when all of their CPUs including Ryzen are vulnerable to Spectre 1&2 and the newly published ones uses a similar attack technique. Maybe for the security conscious person like an IT guy in a company, the only thing that they can do at the moment is use an up to date endpoint security program and implement built-in mitigations like Force ASLR in Windows 10 which is turned off by default. I'm guessing the reason why Force ASLR is turned off by default is that not all programs are compiled to take advantage of ASLR and might result to incompatibilities. as @leadeater once said, naming CPU vulnerabilities are confusing

I noticed a 0.005%-0.85% consistent drop in CPU performance after updating my motherboard's Bios to a revision that was supposed to mediate the metldown and spectre flaws. Is this normal? CPU: i7 6700 GPU: GTX 1060 SSD: Ultra II 960GB (All drivers and updates are to the most current version.)

There has been a lot of speculation regarding Spectre and Meltdown, specifically how it will affect overall system, performance. Most sources seem to indicate Intel CPUs are taking more of a performance hit than AMD. This raises a question. Linus, when you do your performance testing, are you doing your testing with systems that have the Spectre Meltdown fixes in place or not? I ask because it seems like the test results WITHOUT those fixes in place would not be a good representation of what most people are dealing with... So do your test systems have Spectre and Meltdown patches in place?

A team of researchers found yet another spectre-like vulnerability in modern Intel CPUs. So far the exploit has been confirmed for Skylake and later generations, but researchers have only looked at Intel so far. Older CPUs and other brands may very well be vulnerable to variants of the same attack. Intel was informed a while ago and is in the process of releasing microcode patches for what it calls the "L1 Terminal Fault". Source : https://www.wired.com/story/foreshadow-intel-secure-enclave-vulnerability/ 2018 sure is shaping up to be the year of CPU vulnerabilities. It's going to take a while before all this will be behind us. In the meantime, be sure to patch your machines.

Source 1: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html Source 2: http://seclists.org/oss-sec/2018/q2/189 Honestly, I don't care about all these vulnerabilities. I'm not going out of my way to patch my 5820K, because I'm not a cloud service provider. However, with all these similar vulnerabilities being found with Intel's CPUs, I wonder how many unknown vulnerabilities are still undiscovered, and when all these will actually be fixed in hardware. There is a patch available on the seclists website, but I'm not sure what exactly that patches; Intel's website says software engineers can use Eager FP restore instead of Lazy FP state restore, so it seems like an update to windows and/or applications can fix this? It's not entirely clear if that'll fix it, or even if it's exploitable from javascript from the browser. These sort of registers do hold AES encryption keys, so it's fairly high priority for people who actually use it. edit/update 1: For those who don't know, "Lazy" is a term in computer programming that pretends to load the information and if that information is actually used then it actually calculates it for you. https://en.wikipedia.org/wiki/Lazy_evaluation You can have an "infinite" list in python, and store it with a finite amount of memory, because you only calculate what you actually use. It's also commonly used in databases as well with Hibernate. Another source that puts it in more human readable terms: https://www.theregister.co.uk/2018/06/13/intel_lazy_fpu_state_security_flaw/ No word if desktop windows 7/8.1/10 is patched or not. I guess it kinda makes sense that eager might be faster than lazy, depending on the data size and how frequently they need to be evaluated to its actual value. But I would think that it's more complex than "more often than not, eager is faster than lazy". Mitigated for years. Cool. People don't have to freak out. And AWS is protected. With no exploit code using this bug discovered in the wild just yet.

Finally going with intel coffee lake as my first gaming PC and recently this year there was an announcement of the meltdown and spectre. As a gamer only should I be concerned with it? And are the coffee lake line up affected by it. Been under the rock for quit some time and not up to date with the intel side news.

https://blog.frizk.net/2018/03/total-meltdown.html Microsoft made something termed "The worst which could happen" into something even worse. Microsoft's Windows 7 patch for Meltdown had the unintended effect of letting any application access kernel memory - both reading and writing. Microsoft accidentally set the User/Supervisor flag to User, allowing any user mode application to access the kernel memory which was what the patch should have prevented. Additionally the location of the flag was not randomised like in Windows 10, allowing simpler access to the flag. Microsoft has patched the issue in the mean time - only Windows 7 x64 systems were affected. Given only one platform was affected by an incorrect flag I would assume that this was produced by an incorrect compiler or a similar issue rather than a human. However one has to consider what sort of automatic security testing/fuzzing software Microsoft used if they did not check for the issue they were fixing. Edit: Windows Server 2008 R2 also affected

Intel finally on Feb 21 2018 released meltdown and spectre patches for its newest cpus. Very few cpus have had this patch installed at this time.... I believe that any future benchmarks should specify whether the meltdown patch has been installed or not because the patch has significant effects on performance for example responsiveness is reduced by over 10%, gaming and especially storage bandwidth is especially affected 29% ! I am seeing benchmarks of Intel cpus vs new AMD 12 nano Ryzen CPU’s and I bet they are using unpatched Intel machines. At least they should let us know because of the significant performance hit. Do you agree ? https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4

Meltdown and Spectre made quite a splash and pretty much everyone was talking about it. But i kinda feel like it has faded away. I got reminded of them by a TechDeals video i watched a while ago. My question is are they still a problem or were fixes found?

So I used the "InSpectre" tool to check if my system was vulnerable, it said that my system was meltdown protected but NOT spectre protected then I manually installed the kb4090007 update (Intel-validated microcode updates that concern Spectre Variant 2 [CVE 2017-5715 ("Branch Target Injection") , restarted a boom, now it says "yes" in everything (nice, I guess). The thing is, I'm still waiting for a new update for bios (z170 tomahawk) that's why I installed that update, but I also checked all of my installed updates and there was no KB4056892 which is the meltdown "fix" update. That's why it's weird, even without it says that my system is meltdown protected.. I tried to install it manually, but it won't let me. Should I be worried? *sorry If I wrote something wrong, english is not my first language, and sorry if this post is in the wrong topic :\

Hey, so I’ve been on a WAN Show binge for some time and I stumbled upon the one about Meltdown and Spectre. I got curious again about this and I tried googling if and how it’s been resolved, but all the posts I could find were right around that period where things were uncertain, so I thought to post here and ask you guys about it. Have these vulnerabilities been fixed with just some updates or are they impossible to patch and we need new CPUs to get rid of them? I’m mostly interested in how they affect Intel procesors and Windows 10, but I’m also interested in AMD, ARM & the other OS’

As of today Asus have started rolling out BIOS updates to fix the Spectre flaws on their Z97 series motherboards. At least in some regions such as in the UK. e.g. https://www.asus.com/uk/Motherboards/Z97A/HelpDesk_BIOS/ https://www.asus.com/uk/supportonly/SABERTOOTH Z97 MARK 2/HelpDesk_BIOS/ Someone needs to tell their support staff. Source https://rog.asus.com/forum/showthread.php?98738-SPECTRE-and-MELTDOWN-Bug-rocks-Intel-ARM-CPUs/page60#post715845 Anyhow, these are currently in beta so update at your own risk. I've successfully updated my Sabertooth Z97 Mark 2. InSpectre confirms my Haswell CPU is finally protected. Just need Microsoft now to supply a decent Meltdown patch for Windows 7 that doesn't hamper performance.

is it necessary for me to update bios? can i just update win 10 and call it a day?

The german technews-site heise.de claims, that more CPU vulnerabilities like the Spectre and Meltdown bugs have been found in Intel CPUs. (Links to german and english articles at the bottom of this post). One of these flaws is endangering virtual machines dramatically, because it seems, that one can exploit this bug quite easily - much more simply than the previously found bugs that kept the computing industry on its toes. These flaws have been found on Intel Processors first, but users of AMD Processors shouldn't lean back, since similar bugs might linger there as well. These problems seem to be linked to the general design of modern processors, so to get rid of them, these processors might have to be redesigned with higher security aspects in mind. Well, I just hope, that we won't tumble down an endless path of updates that will result in computers that are patched up like ripped jeans and thereby loose much of their processing power with all the patchups implemented. But at the moment ... the outlook is rather bleak. Full English Article: https://heise.de/-4040648 Full German Article: https://heise.de/-4039134

Sources: The Verge, Intel, Microsoft, Google Project Zero, US-CERT, AMD I'm no longer getting surprised with new hardware vulnerabilities which seems to be harder to patch than software vulnerabilities. It sucks that so many people might not want the patch as it will affect performance negatively but not so much unlike the variant 2 patch which bricked a lot of older computers. Microsoft in their blog post discussed SSB or Speculative Store Bypass in detail. https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/ Since most modern browsers use JIT compiling to be fast, looks like prioritizing speed offers significant vulnerabilities as well including malicious code making system calls which can do a lot of things. It reminds me with that proof of concept automated exploit tool NVIDIA and Princeton University created that leverages Spectre and Meltdown. It seems that when it comes to hardware vulnerabilities, tech companies will continue to play whack-a-mole. Meanwhile, I'm glad that the US-CERT didn't stockpiled this vulnerability to perpetuate their spying agenda unlike with Eternal Blue and Eternal Romance vulnerabilities. I wonder if the patch will also be disabled by default in servers and datacenters just like the microcode update for Spectre and Meltdown @leadeater. Update: List of affected Intel CPUs: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00000.html Affected products: The following Intel-based platforms are potentially impacted by these issues. Intel may modify this list at a later time. Intel® Core™ i3 processor (45nm and 32nm) Intel® Core™ i5 processor (45nm and 32nm) Intel® Core™ i7 processor (45nm and 32nm) Intel® Core™ M processor family (45nm and 32nm) 2nd generation Intel® Core™ processors 3rd generation Intel® Core™ processors 4th generation Intel® Core™ processors 5th generation Intel® Core™ processors 6th generation Intel® Core™ processors 7th generation Intel® Core™ processors 8th generation Intel® Core™ processors Intel® Core™ X-series Processor Family for Intel® X99 platforms Intel® Core™ X-series Processor Family for Intel® X299 platforms Intel® Xeon® processor 3400 series Intel® Xeon® processor 3600 series Intel® Xeon® processor 5500 series Intel® Xeon® processor 5600 series Intel® Xeon® processor 6500 series Intel® Xeon® processor 7500 series Intel® Xeon® Processor E3 Family Intel® Xeon® Processor E3 v2 Family Intel® Xeon® Processor E3 v3 Family Intel® Xeon® Processor E3 v4 Family Intel® Xeon® Processor E3 v5 Family Intel® Xeon® Processor E3 v6 Family Intel® Xeon® Processor E5 Family Intel® Xeon® Processor E5 v2 Family Intel® Xeon® Processor E5 v3 Family Intel® Xeon® Processor E5 v4 Family Intel® Xeon® Processor E7 Family Intel® Xeon® Processor E7 v2 Family Intel® Xeon® Processor E7 v3 Family Intel® Xeon® Processor E7 v4 Family Intel® Xeon® Processor Scalable Family Intel® Atom™ Processor C Series (C3308, C3338, C3508, C3538, C3558, C3708, C3750, C3758, C3808, C3830, C3850, C3858, C3950, C3955, C3958) Intel® Atom™ Processor E Series Intel® Atom™ Processor A Series Intel® Atom™ Processor X Series (x5-E3930, x5-E3940, x7-E3950) Intel® Atom™ Processor T Series (T5500, T5700) Intel® Atom™ Processor Z Series Intel® Celeron® Processor J Series (J3355, J3455, J4005, J4105) Intel® Celeron® Processor N Series (N3450) Intel® Pentium® Processor J Series (J4205) Intel® Pentium® Processor N Series (N4000, N4100, N4200) Intel® Pentium® Processor Silver Series (J5005, N5000) I’ll continue to update the post once AMD releases the list of their affected CPUs.

This is the first time I made a thread with my phone just like @NumLock21 while traveling so I hope I don’t butcher it. ?? Sources: PC Gamer, Intel This is a response to the problematic Spectre v2 patch that prompted Microsoft to push a roll back update which now Intel managed to fix and hopefully no boot loops or bricked PCs but it’s available only to Skylake up to Coffee Lake. Sandy Bridge up to Broadwell may have to wait as those updates are currently in beta. Given how NVIDIA and Princeton University managed to make a working exploit leveraging Spectre and Meltdown vulnerabilities it’s a good idea to update your computers. Also, make sure your anti-virus programs are up to date and is expressing the proper registry keys because that’s the only time the update installation will proceed. As it turns out, some AV programs like Bitdefender and McAfee are circumventing Windows 10’s built in rootkit protection named “kernel patch protection” which makes it harder for the those AV companies to certify compatibility. Windows Defender, ESET, and Kaspersky and others as it turns out do not mess with Windows 10’s security feature that’s why they where they’re te first ones certified for compatibility. [link I used to have but currently unavailable because I’m only with my phone] found it: https://threatpost.com/anti-virus-updates-required-ahead-of-microsofts-meltdown-spectre-patches/129371/

Sources: The Register, arxiv.org 1802.03802.pdf And it looks like the hardware changes Intel and AMD is doing for their upcoming processors is not enough for them to be out of the woods. The good news is that as long as your device is up to date, it is protected from the exploit and that the tool is not released to the public for hackers to use. The hardware changes Intel, AMD and ARM is planning might not be enough as the researchers warned that the issue requires new considerations before applying any microarchitectural mitigation. More details on the PDF file linked above but using two CPU cores and the cache to execute the tool is both ingenious and a bit concerning as this is the first time I've read something like this. The exploit toolkit was tested on a MacBook Pro [2.4GHz core i7 and macOS Sierra] and the researchers noted that it doesn't matter what OS the device is using as long as it's not patched. At the moment, Intel announced their bug bounty program and they are bold enough to reward anyone up to $250,000 for a vulnerability as serious as Spectre and Meltdown. So anyone who's interested can signup to Intel's bug bounty program and you're not only saving the world, you'll get rewarded too. I'm guessing the toolkit will only be disclosed to certain individuals like tech companies to create counter measures to block any malware attempting to do similar stuff. This is the first working exploit toolkit leveraging these vulnerabilities but somehow I can't shake the feeling that someone already did before PrincetonU and NVIDIA collaborated and it's out in the wild. With that said, I can't really blame Intel for the vulnerability because the exploit is taking advantage of the fact that modern CPUs prioritize speed because that's what everyone wants but at the expense of security and it looks like the search for a middle ground between speed and security is getting harder as technology improves.