[ad_1]
The horse race between AMD and Intel is fun to follow, but when it comes to safety, the stakes are much higher than those of video games. A ghostly apparition is easy to draw. The speculative runtime exploits such as Spectrum and its variants, as well as ZombieLoad and a number of other secondary channel attacks, are still scary.
Intel was primarily responsible for this vulnerability, but AMD processors are also not completely free. Far from there.
Both companies were forced to implement their own patches and hardware fixes to ensure user security against these potentially harmful exploits. But with all that has been done, what is the safest option for 2019: Intel or AMD?
Fight from day one
The first exploits revealed during the painful and painful last year of bug revelations were Spectrum and its variant, Meltdown. But where much of AMD's back catalog was affected by Specter, Intel chips released in 2008 were vulnerable to both. Other exploits that will appear in the following months, including Foreshadow, Lazy FPU, Spoiler, and MDS, were all viable attack vectors for Intel processors, but not for AMD processors.
To the credit of Intel, it has fought hard for its users since the discovery of these exploits, by publishing fixes and mitigation of microcode through software partners such as Apple and Microsoft, which largely these redundant operating paths.
Intel has also begun to implement much more permanent hardware fixes for some of these exploits in its latest processors. These patches work independently of software updates and firmware and make the selected processors secure and protected against these particular attacks because of their design. These are products that do not have the same flaws as previous processors and represent the best effort to stop attacks such as Specter.
Intel has begun implementing hardware fixes in its chips with the release of eighth-generation Whiskey Lake-U processors, including the Core i7-8665U, i7-8565U, and i5-8365U, protected against Meltdown, Foreshadow, and RIDL. .
It is comforting to know that Intel designs its future products for security reasons.
IIts range of ninth generation chips, such as the 9900K, 9700K and 9600KF, all include the same hardware mitigation. The Intel Xeon 2nd generation processors, based on Intel's Cascade Lake design, however, benefit from the most comprehensive hardware patch collection of all Intel processors, with only Spectrum v1 v2 and V4 requiring software protection.
The progressive proliferation of Ice Lake 10 nm mobile processors will be a new solution. during the rest of the year.
In a discussion with Digital Trends, Intel made it clear that there was no substantial difference in security between microcode / software patches and hardware mitigation measures.
But it is important to note that the end user should take no action to be protected by hardware patches. When operating system or software updates are required, they may not be installed and users may become vulnerable.
The only strategy developed by Intel refers the problem to software in a way that software developers are not able to handle.
Hardware fixes are a much more permanent solution to the problem and, according to Intel, "future Intel processors will include hardware solutions to address known vulnerabilities." It is comforting to know that Intel designs its future products for security reasons, but these hardware patches will not be exhaustive.
As Paul Kocher, Senior Technology Consultant at Rambus earlier this year, told Digital Trends, "When you use the most basic version of Spectrum, Intel's only strategy is to transfer the problem to software so that : Software developers are not equipped to handle […] The proposed solution is all that you have a conditional branch, so an "if" statement in a program, which could be problematic if it was incorrectly predicted. You are supposed to put an instruction called "L Fence! Even with the new design, the introduction of L Fence must prevent speculation from occurring, which has an impact on performance. "
Although not as affected as Intel, AMD also provides hardware fixes to its next-generation hardware. Its Ryzen 3000 processors all include hardware patches for Spectrum and Specter V4, as well as operating system protections.
The price of security
Hardware fixes are not just important because they help ensure that all users of that chip have the same fixes, but they do not cause the same performance loss as some hotfixes. In some cases, they must effectively disable some important features to protect against certain attacks.
Although its effects on Windows PCs are not directly comparable, Phoronix has done extensive testing on their impact on the Linux platform. He notes a noticeable decrease in performance in a variety of tests. In cases where hyperthreading was completely disabled, which companies like Apple and Google recommend, there was an average decrease of 25% in overall performance.
AMD was not immune to performance loss through the implementation of software mitigation measures. Phoronix tests noted a drop of a few percent in most cases, although they generally had much less impact than those of Intel. This was true in the latest series of tests with the Ryzen 3000 processors too, where Intel chips started faster in some cases but became significantly slower after mitigation.
When we contacted Intel to discuss the reduced performance of its operating mitigations, it downplayed the impact, suggesting that, minimal. "
He also told us a report written by a security blog, The daily swig, which has collected a number of statements about the results obtained by the variants of Spectrum. The results were mostly positive on the Intel front, with a number of Swig sources suggesting that the impact on end users was minimal. However, he showed that in some cases, especially in data centers and cloud servers, some tests have had an impact of 10 to 15% on patches.
The major concern is that device manufacturers will not implement mitigation measures for fear that their device may seem less capable than competition.
Although it is disappointing to lose performance on a processor, the biggest concern is that device manufacturers are not implementing mitigation measures, lest their device be less efficient than its competitors. Intel has made patches an optional implementation for device manufacturers and end users. It's something that the creator of Linux, Linus Torvalds, was heavily criticized early 2018.
When we asked Intel if this practice would continue to evolve, it suggested not to impose security patches on its partners, but "as always, Intel encourages all computer users to make sure that their systems are up to date. because it's one of the best ways to stay protected. "
Asking anybody to do it, whether it's a smartphone or a laptop, is of concern to many businesses, even though it's the most One of the most important ways to protect your devices. hackers and malware in general. Thus, the fact that these particular patches can cause performance declines makes selling even more difficult. Especially because there is very little evidence to suggest that speculative execution attacks actually took place in nature.
In our discussion with Intel about this, he further downplayed the severity of these exploit paths, claiming that "Exploitation of speculative vulnerabilities of the run-side channel outside a lab environment is extremely complex compared to other methods available to attackers ".
He also stressed a Virginia Tech study from 2019 This highlighted the fact that an average of only 5.5% of discovered vulnerabilities were actively used in nature.
Do not be afraid. Be attentive
Even though Specter and his ilk are scary, Intel's claims should temper that fear. It is unlikely that Specter has been exploited in the wild until now. It is also likely that those who seek to hack your system use other methods before even considering a path of attack like Specter and its variants. There are just a lot easier ways to do it. In particular, I call you and we try to make you ingest personal information.
But that does not mean that we should not take into account our concerns for Specter regarding the purchase of new equipment. Still, Intel hardware is more vulnerable than the AMD processor, simply because there are more potential operating paths on Intel processors and more reliance on hotfixes that have been implemented or not.
Recent equipment from both companies is safer and less impacted by mitigation than older chips. You'll find more hardware fixes in the latest processors in the Ryzen 3000 series and the 9th generation Intel chips. Ice Lake promises an ever increasing number of patches and the supposed Comet Lake S chips in Intel in 2020 will still include new patches.
If you are concerned about Spectrum, upgrading your processor to one of the latest generations of Intel and AMD chips certainly deserves to be considered. If you are particularly concerned or do not want to worry about software fixes, AMD CPUs are less affected by these attacks.
For the moment, it is unlikely that the average of people affected by this type of bugs has a real impact.
It should also be noted that most of the experts with whom we spoke believe that we have not yet seen the last type of exploits, but that others may occur. In other words, until Intel and its contemporaries develop a new preventive strategy – pmaybe as a secure kernel right on the matrix. These new undiscovered potential exploits could also result in further degradation of the performance of existing hardware.
This is only speculation; perhaps an appropriate way to consider the future of a speculative execution bug. For the moment, it is unlikely that the average of people affected by this type of bugs has a real impact. But if you have to choose a winner in terms of security and performance, it is clear that AMD hardware is currently in the lead. Intel hardware is still performing well in many ways, but that's where its strengths turn against it.
Publishers recommendations
[ad_2]
Source link