Sign In  |  Register  |  About Burlingame  |  Contact Us

Burlingame, CA
September 01, 2020 10:18am
7-Day Forecast | Traffic

  • Search Hotels in Burlingame

  • CHECK-IN:
  • CHECK-OUT:
  • ROOMS:
Recent Quotes
My Watchlist
Indicators
Markets
Stocks
ETFs
Tools
Overview
News
Currencies
International
Treasuries

Intel discloses a new Spectre exploit variant, but leaves mitigation off by default

By: TechCrunch
The specter of Spectre still looms above Intel, which just today disclosed a new variant of that most dire of chip flaws. It's issuing a mitigation patch in tandem with the announcement that may come with a serious performance hit — which is why it will be off by default.

The specter of Spectre still looms above Intel, which just today disclosed a new variant of that most dire of chip flaws. It’s issuing a mitigation patch in tandem with the announcement that may come with a serious performance hit — which is why it will be off by default.

Like the other Spectre variants, this one has to do with “speculative execution,” a core component of modern computing architecture that predicts what might be required of it in the immediate future and executes on it, either keeping the results if the prediction is right or discarding them if not. Spectre variants basically trick the processor into revealing the data it uses for speculative execution, potentially allowing an attacker to get at even highly protected bits.

Variant 4 is similar to but distinct from variants 1 through 3, and in this case takes place “in a language-based runtime environment.” JavaScript is such an environment and would be the most obvious place to attempt the exploit.

Kernel panic! What are Meltdown and Spectre, the bugs affecting nearly every computer and device?

Variant 1 is the most similar and there are already mitigations in place for it both in browsers and in microcode, which is executed at a much lower level of a computer. But, as Intel puts it, “to ensure we offer the option for full mitigation and to prevent this method from being used in other ways, we and our industry partners are offering an additional mitigation for Variant 4, which is a combination of microcode and software updates.”

OEMs, which make components like motherboards, already have the fix. But like some other patches, this one will be left off by default. Why?

Probably because Intel observed a performance hit of “2 to 8 percent” when the fix was enabled. Accordingly, it has chosen in this case to let OEMs and consumers opt into having a slower, safer processor than opt out of it. Since many manufacturers live and die by the performance of their hardware, it seems unlikely they’ll choose the slow option, and few consumers are tech-savvy enough to enable it themselves.

Critics of this choice aren’t hard to find; it’s arguable that Intel is simply putting performance over safety. But it’s also arguable that an 8 percent drop in speed just isn’t worth the tradeoff when the problem is already partially mitigated.

“I continue to encourage everyone to keep their systems up-to-date, as it’s one of the easiest ways to ensure you always have the latest protections,” writes Intel’s Leslie Culbertson. The easiest way, presumably, is for it to be enabled by default, but her heart is clearly in the right place.

Whatever your opinion of Intel’s decision, the flaw and the mitigation are now out there, so theoretically the computing world is just a little bit safer. But let’s not fool ourselves: Variants 5 through 10 are probably out there too.

Data & News supplied by www.cloudquote.io
Stock quotes supplied by Barchart
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.
 
 
About Us | Contact Us | Privacy Policy | User Agreement | Advertise With Us | Site Map
Copyright © 2010-2020 Burlingame.com & California Media Partners, LLC. All rights reserved.