View Single Post
  #12  
Old January 5th 18, 01:11 AM posted to alt.windows7.general
Paul[_32_]
external usenet poster
 
Posts: 7,300
Default Very interesting Intel CPU problem

Brian Gregory wrote:
On 03/01/2018 14:18, Mayayana wrote:
"Brian Gregory" wrote

| I'd be a lot more convinced that it's worth worrying about if they
could
| actually produce a working proof of concept.
|
| Also wish it was clearer than AMD wasn't effected. Seems to me they
| might just have not tried so hard to break AMD.
|

The article I read said AMD is not affected.
The proof of concept may be awhile. Apparently
they're being deliberately vague to avoid giving
away the bug until it's patched. (Also see article.)



I think I was muddling two separate vulnerabilities which seem to be
called meltdown and spectre. Meltdown affects only (or maybe mainly)
Intel. Probably Meltdown does have proof of concept code somewhere but
hopefully not public.

I just installed a large security patch KB4056894 on both my Windows 7
64 bit PCs which apparently includes patches for something or some
things that are important, probably including Meltdown. No noticeable
slowdown seen yet. Benchmarks: the one in CPU-Z still the same result,
Novabench 4.0.3 still same result.

Looks hopeful.


Check to see if a registry entry was added, to switch
that patch on and off.

Linux called theirs KPTI. I don't know the registry
key name for the Windows patch, as there is supposed
to be a way to turn it on and off.

I just did a search, and there is a *second* kind of
registry key involved. The patch can't come in, until
your AV product says it's safe to do so.

*******

Uh oh. It's worse than that.

"Barry Pain says:
January 4, 2018 at 12:39 pm

So the MS patches, e.g. kb4056888 are only being offered
if the AV software is compatible and sets a registry entry as below:

Key="HKEY_LOCAL_MACHINE"Subkey="SOFTWARE\Microsoft \Windows\CurrentVersion\QualityCompat"
Value Name="cadca5fe-87d3-4b96-b7fb-a231484277cc"
Type="REG_DWORD”
Data="0x00000000”

Are Sophos aware of this and are Sophos products compatible?
"

Apparently, some sort of patch is gated by your AV product
setting a flag that it's prepared for the patch to take place.

You may think you've installed a patch, but the application
may be gated by your AV and when their patch comes out.
You can't start modifying kernel behavior, without some
AV blowback (heuristic behavior or whatever).

It's possible '894 isn't actually for that issue.
The article here says there are patches for Win7 and Win8.1,
coming in via catalog.update.microsoft.com but not via
Windows Update. Kinda like the WinXP patches last year ?

https://www.ghacks.net/2018/01/04/mi...urity-updates/

At least we're pulling out the stops on this one,
and setting the "confusion knob" to 11.

I blame the music group Spinal Tap for this.

Paul
Ads