Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
NyetARussianSpy

Any particular reason for why Intel CPUs have a lot more reported vulnerabilities?

Recommended Posts

Posted · Original PosterOP

Just read about ZombieLoad this morning (https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html), along with tidbits about Foreshadow and some old Intel Management Engine Vulnerabilities. Any reason as to why Intel processors are showcasing more security related issues (and therefore performance issues because the Specter and Meltdown fixes cause performance degradation, as far as I know). Aside from Intel's ME, isn't the x86_64 architecture between an AMD Chip and an Intel Chip the same? Why are attacks that work on Intel CPUs, don't work on AMD CPUs?

Link to post
Share on other sites

Because Intel's core architecture stayed for much longer than Ryzen, giving much more time for research?

 

6 minutes ago, NyetARussianSpy said:

isn't the x86_64 architecture between an AMD Chip and an Intel Chip the same?

X86, X86_64 and many others are instruction sets, database for commands basically. Different hardware can do same things through different ways.


The best thing to do is reading the clock speed that doesnt end in a pair of zeros

CPU: i7-2600K 4745MHz 1.408V (software) --> 1.4?V at the back of the socket Motherboard: Asrock Z77 Extreme4 (BCLK: 103.2MHz) CPU Cooler: Noctua NH-D15 RAM: Adata XPG 2x8GB DDR3 (XMP: 2133MHz 10-11-11-30 CR2, custom: 2200MHz 10-11-10-26 CR1 tRFC:230 tREFI:14000) GPU: Asus GTX 1070 Dual (Super Jetstream vbios, +70(2025-2088MHz)/+400(8.8Gbps)) SSD: Samsung 840 Pro 256GB (main boot drive), Transcend SSD370 128GB PSU: Seasonic X-660 80+ Gold Case: Antec P110 Silent, 5 intakes 1 exhaust Monitor: AOC G2460PF 1080p 144Hz (150Hz max w/ DP, 121Hz max w/ HDMI) TN panel Keyboard: Logitech G610 Orion (Cherry MX Blue) with SteelSeries Apex M260 keycaps Mouse: BenQ Zowie FK1

 

Model: HP Omen 17 17-an110ca CPU: i7-8750H (0.125V core & cache, 50mV SA undervolt) GPU: GTX 1060 6GB Mobile (+80/+450, 1650MHz~1750MHz 0.78V~0.85V) RAM: 8+8GB DDR4-2400 18-17-17-39 2T Storage: 1TB HP EX920 PCIe x4 M.2 SSD + 1TB Seagate 7200RPM 2.5" HDD (ST1000LM049-2GH172), 128GB Toshiba PCIe x2 M.2 SSD (KBG30ZMV128G) gone cooking externally Monitor: 1080p 126Hz IPS G-sync

 

Desktop benching:

Cinebench R15 Single thread:168 Multi-thread: 833 

SuperPi (v1.5 from Techpowerup, PI value output) 16K: 0.100s 1M: 8.255s 32M: 7m 45.93s

Link to post
Share on other sites
Posted · Original PosterOP
7 hours ago, Jurrunio said:

Because Intel's core architecture stayed for much longer than Ryzen, giving much more time for research?

I might be wrong here, but the vulnerabilities were discovered after the launch of Ryzen and some attack vectors seem to do something with Speculative Instructions and ZombieLoad has to do with Intel's implementation of Multithreading, which I believe AMD CPUs also do?

 

7 hours ago, Jurrunio said:

X86, X86_64 and many others are instruction sets, database for commands basically. Different hardware can do same things through different ways.

Aah, makes sense! So, just for me to clarify - x86_64 is a database of instructions with expected outputs and the chip can fulfill them in any way deemed necessary.

 

Thanks @Jurrunio!

Link to post
Share on other sites
3 minutes ago, NyetARussianSpy said:

I might be wrong here, but the vulnerabilities were discovered after the launch of Ryzen and some attack vectors seem to do something with Speculative Instructions and ZombieLoad has to do with Intel's implementation of Multithreading, which I believe AMD CPUs also do?

AMD does do Multi threading, but they do it in a different way I believe. Someone explained it to me one time, AMD developed their own way completely different from Intel.

And the vulnerabilities were discovered after the launch of Ryzen, however, these vulnerabilities were probably already being used before the launch.

Link to post
Share on other sites
23 hours ago, NyetARussianSpy said:

I might be wrong here, but the vulnerabilities were discovered after the launch of Ryzen and some attack vectors seem to do something with Speculative Instructions and ZombieLoad has to do with Intel's implementation of Multithreading, which I believe AMD CPUs also do?

 

Aah, makes sense! So, just for me to clarify - x86_64 is a database of instructions with expected outputs and the chip can fulfill them in any way deemed necessary.

 

Thanks @Jurrunio!

They do similar things in different ways.

 

There's three reasons why I believe there's more (known) exploits for intel chips:

 

1: as stated, Intel architecture has been largely the same for a long time. This gives more time for vulnerabilities to be discovered.

 

2: there's more reason to exploit Intel chips, because they're more common. If you throw out a malicious vector, you want to hit as many systems as possible. AMD simply isn't enough of the user base (especially professional/commercial) to make it worth it.

 

3: Intel spends a lot of money to actually LOOK for vulnerabilities in their own products, to stop them before they become problematic. They offer "bounty rewards" for researchers to report bugs to them.

 

Mostly, it's because amd isn't worth hacking imo. If hacking AMD was highly profitable or needed, bad guys would figure out a way.


My System: i7-8700k 5.0ghz delidded @1.355v // Cryorig H7 Quad Lumi // Gigabyte Aorus Z370 Gaming 5 // 16GB Corsair Vengeance DDR4 3200 // Sapphire Radeon RX Vega 64 UV/OC 1677core/1050hbm // NZXT S340 White // Seasonic Focus Plus Gold 850w // Intel 660P 1TB NVME M.2 SSD/120GB PNY CS900/480GB PNY CS1311/1TB Hitachi Deskstar // Displays: ASUS VG248QE/ASUS VG245H/ASUS VP248QG // Eagletech KG010 Mechanical Keyboard - Logitech G502 

 

Wife's System: Ryzen 5 1600 3.8ghz // Wraith Spire // Gigabyte AX-370-Gaming // 16GB T-Force DDR4 2667 // XFX Radeon RX 580 8GB // Corsair Obsidian 750D // Seasonic Focus Plus Gold 850w // 120GB Sandisk SSD/500GB Silicon Power A55/4TB Western Digital Blue // Displays: Acer K242HYL/Acer K242HYL // Eagletech KG010 Mechanical Keyboard // Logitech G602

 

Son's System: i3-8350k 4.8ghz @ 1.35v // Cryorig H7 Quad Lumi // ASRock Z370 Extreme 4 // 16GB Corsair Vengeance DDR4 3200 // ASUS Radeon RX 570 4GB // NZXT S340 Black // Seasonic S12II 620w Bronze // 525GB Crucial MX300/500GB Wester Digital Blue // Display: Dell P2417H - Eagletech KG010 Mechanical Keyboard // Logitech G203

 

Daughter's System: i5-4570 // ASUS H81I-Plus // 8GB Corsair DDR3 XMS2 1333 // Zotac GeForce GTX 1060 3GB Mini // Cooler Master Elite 130 // Corsair CX600M // 120GB Sandisk SSD/500GB Western Digital Blue // Display: AOC 20" // HP Business Keyboard // HP Business Mouse

Link to post
Share on other sites

While there have been changes over the generations, a lot of things in Intel CPUs have gone down the Core i series which started over 10 years ago. Zen was a fresh start for AMD and is little over 2 years old. If you were designing a CPU from scratch these days, you'd probably make different design decisions than 10 years ago.

 

Intel's first really different architecture since Skylake is due this year, even if only in mobile form, so it will be interesting to see where that goes. I think it is still an evolution than a revolution though.

 

 


Main rig: Asus Maximus VIII Hero, i7-6700k stock, Noctua D14, G.Skill Ripjaws V 3200 2x8GB, Gigabyte Windforce 980Ti, Corsair HX750i, In Win 303 NVIDIA, Samsung SM951 512GB, WD Blue 1TB, HP LP2475W 1200p wide gamut

Gaming system: Asrock Z370 Pro4, i7-8086k stock, Noctua D15, G.Skill TridentZ 3000C14 2x8GB, Asus 1080 Ti Strix OC, Fractal Edison 550W PSU, Corsair 600C, Optane 900p 280GB, Crucial MX200 1TB, Sandisk 960GB, Acer Predator XB241YU 1440p 144Hz G-sync

Ryzen rig: Asrock B450 ITX, R5 2600, Noctua D9L, Corsair Vengeance LPX 3000 2x4GB, Vega 56, Corsair CX450M, NZXT Manta, Crucial MX300 525GB, Acer RT280K

VR rig: Asus Z170I Pro Gaming, i7-6600k stock, Silverstone TD03-E, Kingston Hyper-X 2666 2x8GB, Zotac 1070 FE, Corsair CX450M, Silverstone SG13, Samsung PM951 256GB, HTC Vive

Gaming laptop: Asus FX503VD, i5-7300HQ, 2x8GB DDR4, GTX 1050, Sandisk 256GB SSD

Total CPU heating: i7-7800X, 2x i7-6700k, i7-6700HQ, i5-6600k, i5-5675C, i5-4570S, i3-8350k, i3-6100, i3-4360, 2x i3-4150T, E5-2683v3, 2x E5-2650, R7 1700, 1600

Link to post
Share on other sites
Posted · Original PosterOP
7 hours ago, Plutosaurus said:

Intel architecture has been largely the same for a long time. This gives more time for vulnerabilities to be discovered

Wouldn't optimizations result in a change in internal architecture which should result in some sort of variation in the effectiveness of a vulnerability? A Haswell is eons different from a Coffee Lake in terms of performance, so I can guess that there are similar factors which allows for the exploits to remain persistent?
 

7 hours ago, Plutosaurus said:

Intel spends a lot of money to actually LOOK for vulnerabilities in their own products, to stop them before they become problematic. 

Is there any way in which Management Engine can be realistically disabled?

Link to post
Share on other sites
Posted · Original PosterOP
7 hours ago, porina said:

Intel's first really different architecture since Skylake is due this year, even if only in mobile form, so it will be interesting to see where that goes. I think it is still an evolution than a revolution though. 

The vulnerabilities affect processors beyond Skylake (as far as I am aware), and has Intel abandoned the tick-tock system (one year architecture, one year die shrinking)?

Link to post
Share on other sites
23 hours ago, NyetARussianSpy said:

The vulnerabilities affect processors beyond Skylake (as far as I am aware), and has Intel abandoned the tick-tock system (one year architecture, one year die shrinking)?

Moore's Law was never a law


My System: i7-8700k 5.0ghz delidded @1.355v // Cryorig H7 Quad Lumi // Gigabyte Aorus Z370 Gaming 5 // 16GB Corsair Vengeance DDR4 3200 // Sapphire Radeon RX Vega 64 UV/OC 1677core/1050hbm // NZXT S340 White // Seasonic Focus Plus Gold 850w // Intel 660P 1TB NVME M.2 SSD/120GB PNY CS900/480GB PNY CS1311/1TB Hitachi Deskstar // Displays: ASUS VG248QE/ASUS VG245H/ASUS VP248QG // Eagletech KG010 Mechanical Keyboard - Logitech G502 

 

Wife's System: Ryzen 5 1600 3.8ghz // Wraith Spire // Gigabyte AX-370-Gaming // 16GB T-Force DDR4 2667 // XFX Radeon RX 580 8GB // Corsair Obsidian 750D // Seasonic Focus Plus Gold 850w // 120GB Sandisk SSD/500GB Silicon Power A55/4TB Western Digital Blue // Displays: Acer K242HYL/Acer K242HYL // Eagletech KG010 Mechanical Keyboard // Logitech G602

 

Son's System: i3-8350k 4.8ghz @ 1.35v // Cryorig H7 Quad Lumi // ASRock Z370 Extreme 4 // 16GB Corsair Vengeance DDR4 3200 // ASUS Radeon RX 570 4GB // NZXT S340 Black // Seasonic S12II 620w Bronze // 525GB Crucial MX300/500GB Wester Digital Blue // Display: Dell P2417H - Eagletech KG010 Mechanical Keyboard // Logitech G203

 

Daughter's System: i5-4570 // ASUS H81I-Plus // 8GB Corsair DDR3 XMS2 1333 // Zotac GeForce GTX 1060 3GB Mini // Cooler Master Elite 130 // Corsair CX600M // 120GB Sandisk SSD/500GB Western Digital Blue // Display: AOC 20" // HP Business Keyboard // HP Business Mouse

Link to post
Share on other sites
On 5/16/2019 at 7:31 PM, Jurrunio said:

Because Intel's core architecture stayed for much longer than Ryzen, giving much more time for research?

It's not only that. Intel did deliberately design their CPUs to skip certain security-checks in order to gain more performance, which led to Meltdown.


Hand, n. A singular instrument worn at the end of the human arm and commonly thrust into somebody’s pocket.

Link to post
Share on other sites
12 minutes ago, WereCatf said:

It's not only that. Intel did deliberately design their CPUs to skip certain security-checks in order to gain more performance, which led to Meltdown.

 

Given it's taken a decade for people to exploit this, while paying people to look for flaws, and no apparent actual victims, I feel that benefits outweighed the risks at that time.

 

Let's be clear, this isn't like airbags that have killed people.


My System: i7-8700k 5.0ghz delidded @1.355v // Cryorig H7 Quad Lumi // Gigabyte Aorus Z370 Gaming 5 // 16GB Corsair Vengeance DDR4 3200 // Sapphire Radeon RX Vega 64 UV/OC 1677core/1050hbm // NZXT S340 White // Seasonic Focus Plus Gold 850w // Intel 660P 1TB NVME M.2 SSD/120GB PNY CS900/480GB PNY CS1311/1TB Hitachi Deskstar // Displays: ASUS VG248QE/ASUS VG245H/ASUS VP248QG // Eagletech KG010 Mechanical Keyboard - Logitech G502 

 

Wife's System: Ryzen 5 1600 3.8ghz // Wraith Spire // Gigabyte AX-370-Gaming // 16GB T-Force DDR4 2667 // XFX Radeon RX 580 8GB // Corsair Obsidian 750D // Seasonic Focus Plus Gold 850w // 120GB Sandisk SSD/500GB Silicon Power A55/4TB Western Digital Blue // Displays: Acer K242HYL/Acer K242HYL // Eagletech KG010 Mechanical Keyboard // Logitech G602

 

Son's System: i3-8350k 4.8ghz @ 1.35v // Cryorig H7 Quad Lumi // ASRock Z370 Extreme 4 // 16GB Corsair Vengeance DDR4 3200 // ASUS Radeon RX 570 4GB // NZXT S340 Black // Seasonic S12II 620w Bronze // 525GB Crucial MX300/500GB Wester Digital Blue // Display: Dell P2417H - Eagletech KG010 Mechanical Keyboard // Logitech G203

 

Daughter's System: i5-4570 // ASUS H81I-Plus // 8GB Corsair DDR3 XMS2 1333 // Zotac GeForce GTX 1060 3GB Mini // Cooler Master Elite 130 // Corsair CX600M // 120GB Sandisk SSD/500GB Western Digital Blue // Display: AOC 20" // HP Business Keyboard // HP Business Mouse

Link to post
Share on other sites
Posted · Original PosterOP
29 minutes ago, WereCatf said:

It's not only that. Intel did deliberately design their CPUs to skip certain security-checks in order to gain more performance, which led to Meltdown.

Never heard of that reason, are there any academic sources on that? I've mostly just found blog articles on that

Link to post
Share on other sites

I believe it’s simply that with the recent discoveries of speculative execution vulnerabilities more focus has been on people trying to find similar exploits.

 

It’s like someone finding gold in the old west and then suddenly there was a huge gold rush. More gold got found because more people were looking.

 

i don’t believe that anyone had even considered this vector when designing the chips hence why it was unnoticed in the general population for so long.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×