AMD Security Announcement on Fallout, RIDL and ZombieLoad Attack
AMD today responded to yesterday's news about the new serious Intel processor vulnerabilities. In this announcement, they confirmed that their processors are not susceptible to this kind of vulnerability.
Yesterday, researchers announced three new security exploits – Fallout, Rogue In-Flight Data Load (RIDL) and “ZombieLoad Attack”. Based on our internal assessment, we believe AMD products are not impacted by these new threats.
Below is our public statement, which you’ll also find available here.
At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.
You can read up all about it in this whitepaper, titled “Speculation Behavior in AMD Micro-Architectures.”
AMD Security Vulnerability – The Day After - Seems Financially Motivated - 03/14/2018 06:20 PM
It has been a day after the news broke on the acclaimed AMD Security Vulnerabilities. In this news-item, I wanted to recap and report on the current status and overview, as well as my look on things....
AMD Security Statement from CTO and SVP Mark Papermaster - 01/12/2018 03:30 PM
AMD have updated their web page and clarified a bit more on speculative_execution vulnerabilities with some additional details on current state of affairs and AMD actions....
Senior Member
Posts: 3107
Joined: 2016-08-01
You AMD fanboy's realize, this vulnerabilities have been around since 2008 or something and no one has been attacked due to it.... now there are actual patches out in software and soon micro code updates. Safer today than yesterday.
But go ahead, make a mountain out of a ant hill and enjoy your lower performance AMD in every application.
A) how you know none used em?
B) if they are known since 2008 how this makes intel look not fixing em in 11 years??
C) with this reasoning if there is no burglary on your neighbor last few years stop locking your door and instead just leave em wide open!
Senior Member
Posts: 707
Joined: 2003-11-19
Just build new gaming rig for my nephew. It was my fist AMD build and surprisingly to me it is a nice running machine. Waiting for Ryzen 3000 to build something for my self.
Senior Member
Posts: 423
Joined: 2002-07-24
@fantaskarsef :
Microcode updates for every intel cpu are available from microsoft, haswell included, they just released one yesterday, I have installed it, it loads before the kernel , not needing any bios or firmware update. My OS is fully mitigated now, so should be yours(1903 latest cumulative update)
Senior Member
Posts: 11808
Joined: 2012-07-20
Sure.
Senior Member
Posts: 14623
Joined: 2014-07-21
Go ahead, switch to AMD, when such overhyped vulnerabilities will easily be patched with microcode update, minimal performance impacts, it is good that research is being done on the matter, and i dont feel any less secure. With AMD you get lower per core performance, low efficiency interconnect, lower performance in games and productivity software. It is definitely not a reason to bash intel over this.
The security issue is not overhyped. Why fix anything if it's not that bad? Intel themselves prove you wrong by working on a fix.
Easily patched via a microcode update? I don't get those for my mainboard / CPU anymore, Haswell-E did not get the last fixes like Skylake etc., de facto I have no way to fix this as a user besides hacking a bios. That's not "easily" done, even for people around here on the forums.
Minimal performance impact, yeah sure. The least impact is on Skylake, the rest is actually pretty hefty. Read the benchmarks. And even if it's just a few %, add it up with 3 major issues and you get -15%. That is not minimal.
The reason you don't feel any more or less secure is because it was researches who discovered this vulnerability, not a black hat hacker. If so, we're back to wannacry that crippled virtually every PC or endangered it, as well as infrastructure. In these modern times, sorry to say, we as simple users are not the target. But have fun with your all so secure Intel CPU when the hackers switch off your districts power grid because an Intel CPU is in the server farm managing the grid. And it's not like this never happened before.
Sure, "lower per core performance" is lower in some scenarios, and higher in others with AMD. Especially for productivity you get a better deal with AMD, not sure what you are specifically referring to that makes Intel shine there. Gaming, you might be right, but not above 1080p. Then the CPU becomes less important, and when you're playing 4K AMD is just as good as Intel right now.
But hey, stay with your Intel CPUs it's fine, to each their own. I don't want a product that's faulty for a premium price when I can very well get by with something else without any issues like breaking OS features with mitigations, crippling performance people paid for, and not even having a fix for everything offered to everybody because older CPUs aren't interesting to them anymore.
And yes Intel does deserve bashing here, why should they not? It's pretty clear that their product has issues, yet they always sold it for a premium price. They didn't know? Too bad, just because I don't know there's a law forbidding something doesn't make me innocent when I still break it.
"Sorry I didn't know every CPU we sold is de facto 10% slower an average than we said because we need to fix so many vulnerabilites the average user doesn't even know, but thanks for your money, we used it well to NOT improve our products that much at all, but our company's officers earned a few good bonuses."
You AMD fanboy's realize, this vulnerabilities have been around since 2008 or something and no one has been attacked due to it.... now there are actual patches out in software and soon micro code updates. Safer today than yesterday.
But go ahead, make a mountain out of a ant hill and enjoy your lower performance AMD in every application.
You Intel fanboy realise, that the patches and microcode updates probably won't be available for every one of those older CPUs? Like the last vulnerabilities still haven't reached an available patch state for Haswell and before that? So no, I'm actually less safe than yesterday because now the vulnerability I can't patch is publicly known.
But yeah, go ahead on your high horse and enjoy your security issues and the "better performance" in "every" application (which simply is not true, but read it up yourself).
And yes guys, I'll enjoy my new CPU, thanks