Intel Discloses New 'Variant 4' Spectre-Like Vulnerability

[steve123]

When Spectre and Meltdown hit the proverbial CPU fan, I told myself don’t buy any new products for at least 5 years.

Thanks Intel, ARM, AMD for lowering my home infrastructure CapX for the next 5 years. I might just buy a new car or go on a vacation.

Agreed ... though I have seen more than one Intel PR troll on this site advising people who asked if they should buy a new computer that they have nothing to worry about and it doesn't affect performance.

 

[btrach144]

You usually dont actually need motherboard BIOS updates to get the latest microcode.

If you use linux, you can download the latest microcode bundles from intel's downloadcentre ( https://downloadcenter.intel.com/download/27776/Linux-Processor-Microcode-Data-File?v=t ) and reload the microcode on the fly (not recommended), or preferrably get it loaded extremely early in the boot process. The intel-ucode tools can automate most of it. But more often than not the linux distribution will just push out these updates seamlessly and keep everything updated for you. A quick "dmesg | grep -i microcode" command will let you know what revision is loaded.

Microsoft Windows keeps intel microcode updated via normal software updates also ( eg: https://support.microsoft.com/en-gb/help/4091664/kb4091664-intel-microcode-updates ).

There are some microcode variants that apparently do need to be loaded pre-OS, my 4970K and 4360T dont, not sure about your 4960X but might be worth checking.

In saying that, shame that ASUS has taken such a poor support route. I have a Gigabte and Asrock here with 9 series chipsets (used on 4th gen CPUs like yours) that didnt have their BIOS's updated in ages until the meltdown/specter debacle, and have received at least two BIOS updates recently to coincide with intel microcode updates.

Of course you always have the more extreme option of using tools to deconstruct your BIOS and update individual modules and reflash it yourself. You could update the Intel ME engine and other stuff while you are at it. Not sure if the risk reward ratio is worth it.

Hmm, looking at Gigabyte's G1.Assassin 2, which is likely the closest mobo to my ASUS Rampage IV Black Edition from the X79 chipset series, they have not updated the BIOS either... or for any of their X79 mobos.

Keep in mind that Microsoft just updated the list/patch of microcodes this week included in their update to include the X79/Ivy Bridge generation chips. For something that was marked as critical, this seems unacceptability slow.

I had worked with other RIVBE owners to develop a custom bios that includes the latest 42C microcode but this is way more work than an end user should have to do.

 

[SRLMJ23]

Hmm, looking at Gigabyte's G1.Assassin 2, which is likely the closest mobo to my ASUS Rampage IV Black Edition from the X79 chipset series, they have not updated the BIOS either... or for any of their X79 mobos.

Keep in mind that Microsoft just updated the list/patch of microcodes this week included in their update to include the X79/Ivy Bridge generation chips. For something that was marked as critical, this seems unacceptability slow.

I had worked with other RIVBE owners to develop a custom bios that includes the latest 42C microcode but this is way more work than an end user should have to do.

Even though this is about security, these companies will milk it for all the money they can get out of it.

"Oh sorry sir, but ASUS (and other mobo manufacturers) is not going to release motherboard updates for the Rampage IV Black Edition. We recommend you upgrade to a newer ASUS motherboard that we will be releasing updates for. Sorry for the inconvenience."

Some crap like that. Your motherboard is from 2013, I believe? Yeah...they definitely want you to buy a brand new mobo. Bunch of crap, but if they can get away with it, they will!

 

[EmpireITtech]

So with these security issues on the chips, is the software patches completely stopping those from harming the user (even with some slowdown) or just slightly stopping it bc the software side can only prevent so much?

<I understand newer threats will take time for a software patch, I mean known already patched security threats>

Thanks

 

[btrach144]

Even though this is about security, these companies will milk it for all the money they can get out of it.

"Oh sorry sir, but ASUS (and other mobo manufacturers) is not going to release motherboard updates for the Rampage IV Black Edition. We recommend you upgrade to a newer ASUS motherboard that we will be releasing updates for. Sorry for the inconvenience."

Some crap like that. Your motherboard is from 2013, I believe? Yeah...they definitely want you to buy a brand new mobo. Bunch of crap, but if they can get away with it, they will!

Yeah, it seems to be an industry wide issue. I believe ASUS support told some dude they aren't releasing the bios update because if it bricks the mobo, everyone's warranty is out of date. Kind of a lame excuse... I know my warranty is out of date... plus this mobo has two bios chips so you should be able to rotate between bios versions if you do get stuck.

 

[bmot]

Isn’t this just speculation? They haven’t confirmed anything yet have they?

They work on and with prototype MacBooks with ARM CPU‘s for two years at least. It obviously is a very difficult task and will likely take some more years to modify OSX to work properly with those chips.

 

[shaunp]

Better or equal on power usage with equal or better performance. AMD chips are being used in many Windows laptops with great battery life.

Awesome, I hope this pays off for AMD as their new chips look great.

 

[SPUY767]

Does anyone know how AMD compare to Intel on power usage? that could be one area Intel still have and advantage and that would be a big deal on mobile devices.

Depends on the chip. Ryzen and Threadripper perform decently, they are at the top of the power consumption heap to be sure, but they are a few % higher or lower depending on the workload compared to comparable 8 and 16 core chips from intel at half the price. Epyc does extremely well against comparable XEONs while positively crushing them performance/$ wise.

A 24 Core Epyc is about the same price as an 8 core XEON W, this being based purely on MSRP and not whatever deal Apple has with Intel, but imagine getting the 24 cores with 64MB L3 for the price of 8 cores with 19MB L3. Sure, the AMD will suffer slightly in single threaded performance, but there aren't many Pro workloads that don't effectively utilize multithreading, and the XEON can't push all of its cores to its max turbo boost, usually only one, while the others run at their base clock or lower to keep their TDP down.

On the Mobile Side a 2200/2400G will give you Skylake i7 performance for about 10W more than the Intel, but that includes a decent mobile GPU as well, 4C/8T for about half the price of the i7 along with a GPU that delivers twice the performance of the Intel iris.

 

[fairuz]

So you would rather be open to attack & unsecure? Great plan!

It might be ok. The only real threat for consumer PCs was the browser vulnerability, and they've put in a layer of software fixes for that anyway. Though if you use certain things like MS Office, I imagine there's some way to abuse it through macros since they never really secured that crap.