AMD Zen 2 processors get hardware level Spectre protection
Click here to post a comment for AMD Zen 2 processors get hardware level Spectre protection on our message forum
fantaskarsef
Hardware fixed in 2019...
... so let's pray that nobody decides to get the exploit working on AMD systems in the next 12 to 18 months?
fantaskarsef
schmidtbag
Noisiv
wrong and it's not what AMD said, at least not during the conference call. This is what Lisa said during conference call:
As a reminder, we believe Meltdown is not applicable to AMD processors.
For Spectre Variant 1, we continue actively working with our ecosystem partners on mitigations, including operating system patches that have begun to roll out. We continue to believe that Variant 2 of Spectre is difficult to exploit on AMD processors. However, we are deploying CPU microcode patches that in combination with OS updates provide additional mitigation steps. Longer term, we have included changes in our future processor cores, starting with our Zen 2 design, to further address potential Spectre like exploits. We continue to collaborate closely with the industry on these vulnerabilities and are committed to protecting AMD users from these and other security threats as they arise.
Which is a step down from the "near zero risk" rhetoric which landed them a lawsuit, but apparently still vague enough to cause confusion.
Can these new exploits be enabled remotely?
No. Any malware using this side channel analysis method must be running locally on the machine. Following good security practices that protect against malware in general will also help to protect against possible exploitation until updates can be applied.
https://www.intel.com/content/www/us/en/architecture-and-technology/facts-about-side-channel-analysis-and-intel-products.html
That is factuallyD3M1G0D
Silva
Guess I'll wait for Zen2 then, hopefully the DDR4 crisis will be over by then.
RzrTrek
I heard that it usually takes 3-5 years to make these kind of changes into silicon or perhaps they got their numbers wrong?
kruno
ZXRaziel
Not good enough , Intel will have the fix sorted this year according to he latest update . They all knew about the problem long enough imo to have this sorted in the next release , Ryzen+ in this case .
JamesSneed
I understand the patches should have been out earlier and agree. But the folks here talking about Intel will have it fixed sooner or all the IF this IF that are not really on point. Intel has committed to fixing these vulnerabilities in Ice Lake which at best is end of 2018 not much sooner than AMD should have Zen 2. Intel also has the most exposure to the variants. The other thing on all the If this if that patches micro code etc the only other option is to buy a new CPU with the fixes. I just don't understand all the hate as AMD is the least impacted CPU vendor of the bunch because they focused on security with the Zen design and they will only be shortly behind Intel with new CPU's that have the fixes in the silicon.
Personally I felt AMD and Intel commiting to fixes in Zen 2 and Ice Lake was pretty darn fast. Intel already has Ice Lake tape in ready so this is going to cost them a bit to go back and fix the design. This is also why i'm a little sceptical on their 2018 release date as it has to push them back a bit.
Maybe I'm just a half glass full person but I thought this was positive to have both AMD and Intel committed to these design fixes on there next round CPU's.
user1
Ladies and gentlemen, we have malware.
http://www.tomshardware.com/news/meltdown-spectre-malware-found-fortinet,36439.html
should be a lots of fun in the coming years.
sverek
hijodeosiris
Is there any way to know if my processor is affected by any of those?
sverek
https://forums.guru3d.com/threads/download-inspectre.419057/
warlord
I am bored with this Spectre/Meltdown noise and stuff. Perhaps tons of people should find new meaning in life. Boredom is harmful nowadays.
sverek
user1
sverek
Yes, JS exploits are scary. But as far as you end up visiting the site you can't trust, there no much you can do. Only pray your browser detects the bad JS and stops it from executing on client side. That why Google been patching Chrome for a while now.
Again, it's easier for virus to be executed while in binary and downloaded on disk, not poorly written in JS.
That why vising shady sites with downloading prompting and pressing all download buttons are generally not a good idea.
Fox2232
fantaskarsef
http://www.securityweek.com/malware-exploiting-spectre-meltdown-flaws-emerges
What I was referring too is that AMD brags with fixing the issues they have known in two years of time (since they have heard of Meltdown / Spectre), another 18 months from now on. Nothing to brag about, Intel isn't able to fix their CPUs with patches, but their hardware fix is at least announced to arrive this year. Also too long in my opinion.
Your comment shows you didn't understand what I was complaining about, that the fixes are way overdue in any way, at last in my opinion.
And I don't fancy posting off-topic, that's something for the trolls that roam this place.
Yeah, it's out in the wild apparently: