Bit of both, really.
There are some very smart people out there, who break security on things. Like when you recover encryption keys, by watching the power supply consumption from a server. Power analysis - Wikipedia
Security is a hard problem. It’s worse when you have to run software you don’t entirely trust, as they’re already past several layers of protection.
there are many reports about game perfomance issues
Um, I find it interesting that so many have such low GPU usage. I have a i5 4670 that averages around 35% usage and my AMD R7 265, while old, sees 100% usage in game.
Exact same chip I have. AMD 4lyfe.
What motherboard do you have? I have the Gigabyte 990FXA-UD3 with 8gb RAM 
There are two main components to mitigating the two sttacks outlined in the news: OS and hardware (motherboard manufacturers are supposed to release all their own firmware updates).
Linux, Apple and MS have already been releasing updates, and so have many software creators. I assume they have their own issues to deal with since they run with administrator privileges most of the time.
The main issue I’m running into as I support machines is that motherboard manufacturers are dragging their feet with a release. ASRock, for example, has done little to fix consumer grade motherboards, regardless of whether they’re seven years old or brand new.
Lenovo is abysmally behind. They just fixed a 13-year-old security flaw this month. They can’t be trusted at all, which is a shame since they were once industry leaders. They are the type of company to respond to the Upwell Consortium by anchoring a POS!
Most Linux distributions load the microcode in their initrd which will be updated by the package manager. So you don’t even have to update the BIOS. Not sure about other OS though.
Another advantage to Linux is the open source microcode provided is more likely to be updated and maintained than the closed source amd-microde or intel-microcode. Most distributions recommend using the open source version for exactly this reason, unless you are in the .001% of computer science graduates who have some reason not to.
The main issue apart from that is the fact it doesn’t mitigate hardware attacks at post. Again, this is still in the hypothetical and theoretical stages of existence. But now that it’s out in the open, there is a widening window of opportunity for script kiddies with physical access to a machine doing real damage until firmware releases are taken seriously by hardware manufacturers. I imagine it’ll be another decade before universiies are able to deploy a fix, and that likely won’t happen at all because Intel has already indicated their strategy is to sell new hardware and abandon support for everybody’s expensive as heck hyperthreading i7s lol. They got their money! No microcode updates needed as far as their shareholders are concerned
Did you know that Intel is the biggest contributor to the Linux kernel and the microcode file is a text file?
The microcode update for Ubuntu came on January 8th.
I just looked, and you are right. What I find interesting is that many Linux guys who have been on the forums since the good old days tell all other users NOT to use the amd-microcode or intel-microcode if their systems are working normally.
https://usn.ubuntu.com/usn/usn-3531-1/
Considering what you just told me, and what I just found through my research, I now think that’s bad advice. If I didn’t just switch to the intel-microcode you mentioned, in the Driver Manager, I would have been left at risk.
So thanks for correcting me. You just made my systems more secure.
Hey, glad I could help. I found the microcode update by accident. Was in the driver manager even before the update was rolled out.
The microcode Linux distributions deliver is the binary blop from AMD and Intel. There is no open source microcode. Purism tries to reverse engineer the Intel one, but this is an absolutely insane task.
So far it smells like ■■■■■■■■ to me. I have yet to see a credible source on the topic. Till we hear something from the likes of Krebs or Schneier then it’s still vaporware.
That said, people in the research community have warned for a while now about the possibility of this class of attack. It didn’t just come out of nowhere.
Edit:
https://taosecurity.blogspot.com/2018/01/lies-and-more-lies.html?m=1
Hello, at the moment have not seen anyting negative concerning 8700K with microsoft patch(applied manually) playing eve online, mby there is something negative, but for daily use and gaming no probs on my end.
Thanks
Intel Admits It Won’t Be Possible to Fix Spectre (V2) Flaw in Some Processors
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.