nosirrahx:

Of course but there needs to be an initial step to exploit the hardware. You are unlikely to encounter an exploit on your bank site or Amazon. On top of that IP and execution restrictions can cripple an exploit as the connections made and/or software downloaded will fail. If a successful exploit tells your system to download and install a bot but that bot and it's location are blocked by default deny then the successful exploit only leads to failed payload.

kruno:

That is just playing with fire. In my experience sooner or later something will come and all firewalls and antivirus and anti-malware software will fail and then you are toasted and you know how this things go it will be sooner then later. You can be careful all you want, somebody else won't be and you will fail as collateral damage, there was last year that Malwarebyts was hacked and hackers put viral package in their product that they then distributed as "reputable" source. You download anti malware program to defend yourself and get as bonus virus, in the long run you can't win infection is just matter of when.

mbk1969:

I will correct you: I have not met mentions of write access in all Meltdown/Spectre descriptions. If you have then share the link, please.

nosirrahx:

Depends on how you are secured. Traditional security software is actively engineered against but actual access restrictions based on default deny is a completely different animal. One stops bad stuff (and mistakes can be made) the other stops everything that isn't explicitly allowed. Keep in mind that I am literally talking about dedicated hardware. A system like this may have in totality access to Windows updates, Amazon and one bank site, everything else fails to connect. You can't click on a bogus link on Facebook because Facebook won't open to begin with.

D3M1G0D:

I think it's still possible for a hacker to gain control of someone's computer through these exploits. Even though Meltdown/Spectre can only read from memory, the data collected (like passwords) can then be used to gain access to the system.

AsiJu:

Obv. can't speak for him/her but I see it as: - never visit sites other than your bank, PayPal etc. what you need to - install firewall and AV software + anti-malware/spyware software with browsing protection (no perf. consideration needed) - don't install Java or Flash if at all possible. AFAIK no financial transactions need either. - keep the system offline when it's not necessary to access the Internet or update OS. - never insert a single USB disk into the system other than OS installation media (if needed). Absolutely foolproof? No. Very unlikely to get an infection? Yes.

kruno:

You are complicating things too much, we are talking here about 5+ years old hardware, simply it is not worth trouble to go through all of the things you suggest to secure Core2Duo or i5-2600k

nosirrahx:

Depends on a lot of things. A dedicated laptop for just banking and Amazon, even if not locked down, is still safer than doing everything on a single system.

kruno:

insignificant like YouTube or porn

Agent-A01:

What's wrong with you? Youtube and especially porn are significant

RealNC:

So, what about people with CPUs older than 5 years? Middle finger and a FU from Intel?

Fender178:

This is indeed good news. Well there has to be a cut off. Look on how many CPUs have been made since 1995. Plus any vintage PC owners who have a Pentium, Pentium II, Pentium III chip are very unlikely to have those PCs connected to the Internet. However I see where you are coming from CPUs from 2006-2012 they are still being used in one case or another. Consdering there are C2D and C2Q are still being used to this very day. There are users that are still using 1st generation Core i5s and i7s as well as Sandy Bridge CPUs.

kruno:

From Intel with love :