Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Intel says its new Spectre-busting Skylake firmware patch is ready

    Posted on February 8th, 2018 at 07:08 woody Comment on the AskWoody Lounge

    Oh boy. I love the smell of fresh bricked PCs in the morning.

    Yesterday, Intel said it has released new firmware that — this time, really, for sure, honest — plugs the Meltdown/Spectre security hole. Says honcho Navin Shenoy:

    Earlier this week, we released production microcode updates for several Skylake-based platforms to our OEM customers and industry partners, and we expect to do the same for more platforms in the coming days.

    What he’s actually saying is something like, “Hey, we spent six months coming up with new firmware to fix Spectre, released it, and bricked a bunch of machines. We went back to the drawing board and, two weeks later, came up with new firmware that won’t brick your machines. Have at it.”

    According to the freshly updated Microcode Revision Guidance, Intel has released updates for Skylake U-, Y-, U23e-, H-, and S- chips.

    Shenoy goes on to say:

    Ultimately, these updates will be made available in most cases through OEM firmware updates. I can’t emphasize enough how critical it is for everyone to always keep their systems up-to-date. Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change.

    To which I say:

    Fool me once, shame on me. Fool me twice… well, you know.

    Folks, you’d have to be absolutely batbox crazy to install these new BIOS/UEFI patches as they’re being rolled out. Give them time to break other peoples’ machines — or to prove their worth in open combat. I’m sure the folks who made the new firmware are quite competent and tested the living daylights out of everything. But they did that the last time, too.

    Again, I repeat, for emphasis, there is exactly NO known Meltdown or Spectre-based malware out in the wild.

    If that helped, take a second to support AskWoody on Patreon

    Home Forums Intel says its new Spectre-busting Skylake firmware patch is ready

    This topic contains 44 replies, has 21 voices, and was last updated by  Cascadian 8 months, 1 week ago.

    • Author
      Posts
    • #165970 Reply

      woody
      Da Boss

      Oh boy. I love the smell of fresh bricked PCs in the morning. Yesterday, Intel said it has released new firmware that — this time, really, for sure,
      [See the full post at: Intel says its new Spectre-busting Skylake firmware patch is ready]

      12 users thanked author for this post.
    • #165973 Reply

      witp
      AskWoody Lounger

      Let’s wait for Linus to speak.

      4 users thanked author for this post.
    • #165975 Reply

      The Surfing Pensioner
      AskWoody Lounger

      I rather enjoy waiting and watching. This website’s getting more poular than Facebook!

      2 users thanked author for this post.
    • #165976 Reply

      geekdom
      AskWoody Lounger

      Oh boy. I love the smell of fresh bricked PCs in the morning.

      Reply to #165970

      Noooooo, but noooooo.

      Group G{ot backup} Win7 · x64 · SP1 · i3-3220 · TestBeta
      • This reply was modified 8 months, 2 weeks ago by  geekdom.
    • #165982 Reply

      John in Mtl
      AskWoody Lounger

      …Research tells us there is frequently a substantial lag between when people receive updates and when they actually implement them. In today’s environment, that must change.”

      I guess Navin Shenoy and team is/are quite blind to the real world.

      Can you blame anyone these days for waiting to install any patch of any sort?

      • This reply was modified 8 months, 2 weeks ago by  John in Mtl.
      • This reply was modified 8 months, 2 weeks ago by  PKCano.
      6 users thanked author for this post.
      • #166034 Reply

        lurks about
        AskWoody Lounger

        I like mine medium rare thank you. After the last month or so update follies I think I will sit tight on any firmware updates.

    • #165986 Reply

      jescott418
      AskWoody Lounger

      I’m sure they are fine. (Wink)

    • #166012 Reply

      anonymous

      I think the quote is “fool me once, shame on you”…  : )

      1 user thanked author for this post.
    • #166019 Reply

      anonymous

      I love this part from their little speech:
      “According to the Department of Homeland Security’s cyber-emergency unit, US-CERT, as many as 85 percent of all targeted attacks can be prevented with – among other things – regular system updates.”

      It turns out that citation in itself cites another page which lists updates as #2 for applications and #3 for operating systems. #1 is listed as “Use application whitelisting”.  Hardware / firmware patches are not even listed.  Even this source cites another group in itself (source here).

      Maybe I should blacklist Intel patch software until it proves okay to whitelist 🙂

    • #166026 Reply

      anonymous

      The Wall Street Journal reported a week ago that Intel had also provided an early disclosure to Chinese tech giants Alibaba Group and Lenovo, yet failed to inform the Department of Homeland Security’s US-CERT, which only learned of the bugs after Google’s disclosure.

      The disclosure to Chinese tech firms raises the possibility that the Chinese government was aware of the vulnerabilities before the US government and the National Security Agency.

      Yep, Intel doing Intel things. Of course, nothing could go wrong doing that, right?

      Right???

      5 users thanked author for this post.
    • #166046 Reply

      anonymous

      Has anyone yet seen anything resembling real world benchmarks for system performance degradation after installing the Meltdown/Spectre patches? The OEM vendors will likely not push out BIOS/UEFI updates to any Haswell CPUs and older anyway. And, it probably does not matter as I think these exploits might be slow to materialize in the wild.

      1 user thanked author for this post.
    • #166053 Reply

      anonymous

      Hello Intel, know your customer, or should I say, understand your client’s business and their expectations. Skylake systems installed in the enterprise will not have support staff scheduling firmware updates with any sense of urgency. Maybe even ever. The security guys and sysadmins will be watching out for Spectre/meltdown exploits in the wild before a call is made. Management could delay any decision due to business commitments or internal processing schedules.

      Consumers with Sky Lake systems are the crash test dummies for these updates. The OEMs have to deal directly with their customers and bricked systems become their problem. They’ve already been burned once, so they are going to go slow on this. No rush at all.

      Consumers are going to have to be very cautious. If they got a Sky Lake in August-December 2015, it is probably no longer be under warranty. Maybe someone can answer this, is the customer 100% covered under the warranty, if the system gets bricked?

    • #166058 Reply

      Noel Carboni
      AskWoody MVP

      All this makes me wonder…

      What is the expected / design lifetime of a computer system? I sense the industry wants us to believe more and more that a computer can be viable for a year or at most two.

      That’s just ridiculous.

      I have what I consider a pretty new system – a Dell PowerEdge T20 with a Haswell CPU bought new and put into service in April 2015. To read the various sources, Haswell is now old tech, barely worthy of updating. Implication: No longer worth having. That couldn’t be further from the truth. It does its job without fuss or muss, and I don’t see that changing for at least 3 more years.

      Another system I have, a Dell Precision T5500, new in 2012, is Westmere-based. Ancient tech by all standards, yet since it was a top-of-the-line workstation, augmented with newer hardware (video card, SSDs) since then it’s actually pretty darned decent. But clearly considered too old to worry about, as no one has ever mentioned any possibility of a BIOS / microcode update.

      Sure, I understand Intel’s unwillingness to spend money to service every chip they’ve ever built. But on the other hand, a concerted marketing campaign to make people think their Haswell computer is already obsolete seems, well, pretty devious.

      -Noel

      6 users thanked author for this post.
    • #166065 Reply

      anonymous

      Can updating the BIOS void a hardware warranty?
      – Read the warranty or call the OEM help line and ask them what their policy is.

      Depending on the circumstances a firmware update can brick a system and the system can be recovered. If the motherboard is damaged, nothing will revive it. OEM policy will determine if the warranty is considered void. There is CID (Customer Induced Damage) and ADP (Accidental Damage Protection) in a warranty (or hardware support policy).

      Some OEMs support an automated BIOS update procedure. It comes down the chute and installs itself without any user intervention. Unless there was a power interruption during the BIOS update, a hardware failure due to a BIOS update, should be covered under warranty. Though best to check with your OEM first, rather than assume it is so.

      Out of warranty – you have an interesting boat anchor or door stop.

      OEMs will not cover a bricked system, still under warranty if the update came from another site other than their own. It is considered improper maintenance.

      1 user thanked author for this post.
      • #166105 Reply

        OscarCP
        AskWoody Lounger

        As posted by Anonymous #166065 :

        “Some OEMs support an automated BIOS update procedure. It comes down the chute and installs itself without any user intervention. Unless there was a power interruption during the BIOS update, a hardware failure due to a BIOS update, should be covered under warranty. Though best to check with your OEM first, rather than assume it is so.
        Out of warranty – you have an interesting boat anchor or door stop.”

        This can be a real worry, as the implicit assumption is a bricked PC, unless one knows for sure that the OEM is not capable to do so without first asking.

        If is not possible, or very hard, to learn about that, is there a way to preemptively stop this from happening: to block the OEM from accessing my PC, so to speak, but without entirely isolating the PC from the Internet for that?

        By way of example — and perhaps not a very good one: PC makers usually preinstall an Agent or Assistant on the machines they sell. So, could one prevent the manufacturer from making BIOS or UEFI updates one has not asked for, or may not even want, by simply uninstalling the Agent?

        • This reply was modified 8 months, 2 weeks ago by  OscarCP.
        • This reply was modified 8 months, 2 weeks ago by  OscarCP.
        • #166135 Reply

          bobcat5536
          AskWoody Lounger

          Dell has Dell Update that does exactly what your describing. I got my BIOS flashed several weeks ago, with no bad after affects ( Lucky ). I have Skylake and I went into services and disabled it and haven’t heard a peep out of it since. It doesn’t even load at startup like it used to. I didn’t want to uninstall it because after the dust settles, I may want to use it again.

          Reply to # 166105

          • This reply was modified 8 months, 2 weeks ago by  bobcat5536.
    • #166079 Reply

      ViperJohn
      AskWoody Lounger

      Let’s wait for Linus to speak.

      He won’t…at least not yet.  The new Microcode has been released to the MB makers for further testing on their end then packaging into bios updates for their motherboards.

      Intel has not (to date and time of this post) put up / released the new Microcode as a “Linux Processor Microcode Data File” here:

      https://downloadcenter.intel.com/download/27337/Linux-Processor-Microcode-Data-File?product=873

      Windows Server and Linux powered servers (that is darn near all servers and server farms on the planet) rarely if ever update microcode by via a bios update initially. They typically they get nicrocode updates by directly injecting the new code into their Operating Systems, be that Win Server or Linux, using one of the available data files as the code source from the link above.  Done that way the Microcode change can be easily and quickly (file change and reboot) reversed if things go sour.

      Viper

    • #166090 Reply

      Pepsiboy
      AskWoody Lounger

      Oh boy. I love the smell of fresh bricked PCs in the morning. Yesterday, Intel said it has released new firmware that — this time, really, for sure,[See the full post at: Intel says its new Spectre-busting Skylake firmware patch is ready]

      Woody,

      Maybe just follow what I said in another thread about this stuff? Don’t patch for now, as nothing is happening. And I forgot who said it first, “Much ado about nothing”. Nothing happens, nothing to get excited about.

      Dave

    • #166085 Reply

      anonymous

      I don’t know why everyone is so worried about flashing firmware (intel: do it or you will be insecure, us: but it might brick or systems with no recovery).

      There is such a thing as a microcode update which applies to the CPU on boot (by the OS) and is 100% temporary (lost during power cycle). If the microcode update doesn’t do what it is supposed to the worse case scenario is the OS is broken (reinstall windows — or a better OS). If you can revert the update the OS isn’t even broken.

      Why does this seem to be taking the form of a firmware flash which permanently changes/updates the microcode with unclear options to revert?

    • #166094 Reply

      AJNorth
      AskWoody Lounger

      Interesting article in today’s SecurityWeek detailing the patch:

      Intel Releases New Spectre Patches for Skylake CPUs
      http://www.securityweek.com/intel-releases-new-spectre-patches-skylake-cpus

      • This reply was modified 8 months, 2 weeks ago by  AJNorth.
    • #166100 Reply

      OscarCP
      AskWoody Lounger

      The list of different CPU models for PCs that Intel has brought to market over the years is impressively long. According to the news relayed here by Woody, the latest BIOS, UEFI updates are only for those of some recent models.

      (For information on how to patch the BIOS or UEFI, read this — and despair:

      https://www.pcworld.com/article/187437/software/how-to-update-your-bios.html )

      So: how are the top managers at Intel planning to handle a general update?

      Employ a lot more people? Crowdsource?

      If the latter, are they going to pay well to those that deliver patches when they accept them (and before, or as, they distribute them to the OEMs that, in turn, can offer those patches to all PC users)?

      I wouldn’t mind making a little extra cash, in whatever spare time I may have. Of course, on my side at least, the licensing terms shall make it very clear that the patch is given on a strictly “PROVIDED “AS IS” ” basis, and also on  an equally strict “I AM NOT RESPONSIBLE IN THE LEAST IF YOU END UP WITH A FANCY DOORSTOP AFTER PATCHING YOUR BIOS OR UEFI WITH THIS ONE” basis.

      I had to do some assembler and machine-language coding once (long ago and far away). But it is just like riding a bicycle… is it not? How different could that be from writing patches for some, in Silicon Valley terms, ancient Intel chip’s BIOS?

       

      • This reply was modified 8 months, 2 weeks ago by  OscarCP.
    • #166101 Reply

      ViperJohn
      AskWoody Lounger

      Has anyone yet seen anything resembling real world benchmarks for system performance degradation after installing the Meltdown/Spectre patches? The OEM vendors will likely not push out BIOS/UEFI updates to any Haswell CPUs and older anyway. And, it probably does not matter as I think these exploits might be slow to materialize in the wild. [/quote

      Yes:

      https://www.askwoody.com/forums/topic/yet-another-massive-release-of-patches-re-patches-re-grouped-patches-and-a-few-explanations/page/2/#post-160517

      If Intel pushes the Microcode for them (and they most likely will for legal liability reasons) the MB makers will probably push bios updates for hardware back to at least Sandy / Ivy Bridge. While numbers are very hard to come up with it appears that Sandy / Ivy make up about 30-40% of the installed hardware base out there.  The reason for that is due to a lack of competition to push Intel resulting in a Sky/Kaby Lake CPU that is only about 15% faster than a 4-5 year old Sandy/Ivy clock for clock in benchmarks and even less real world.  It simply didn’t pay to upgrade until Coffee Lake became a reality where i3′ are now quad cores and i5 and i7 are 6 core.

      Viper

    • #166123 Reply

      wdburt1
      AskWoody Lounger

      I’m wondering what the smell of fresh-bricked PC is, so I can be alert for it.  Acrid smoke of the kind that would be outlawed by the EPA if it were known?

      • #166143 Reply

        anonymous

        I’m wondering what the smell of fresh-bricked PC is, so I can be alert for it. Acrid smoke of the kind that would be outlawed by the EPA if it were known?

        Yeah, but I’m not sure if fire retardant bromides are still put in plastics encasing computer equipment.

      • #166205 Reply

        witp
        AskWoody Lounger

        In reply to #166123 of course.  Edit attack !

        Maybe acrid for you, but I’m quite sure it’s sweet for intel ;>

        • This reply was modified 8 months, 2 weeks ago by  witp.
    • #166124 Reply

      fred
      AskWoody Lounger

      The Wall Street Journal reported a week ago that Intel had also provided an early disclosure to Chinese tech giants Alibaba Group and Lenovo, yet failed to inform the Department of Homeland Security’s US-CERT, which only learned of the bugs after Google’s disclosure. The disclosure to Chinese tech firms raises the possibility that the Chinese government was aware of the vulnerabilities before the US government and the National Security Agency.

      Yep, Intel doing Intel things. Of course, nothing could go wrong doing that, right? Right???

      So, what governments would use these vulnerabilities?
      Time to make a guess

    • #166128 Reply

      anonymous

      NSA first learn about the bugs not from Google, but from the spyware they put on the disk controller firmware sent to the Chinese.

    • #166193 Reply

      anonymous

      So I don’t think I have thought of updating my system since December, I’m running an i5 4670 I think it is….. uh…. should I update my Windows 7 now, or should I not?

      • #166208 Reply

        Elly
        AskWoody MVP

        So I don’t think I have thought of updating my system since December, I’m running an i5 4670 I think it is….. uh…. should I update my Windows 7 now, or should I not?

        On February 5th Woody moved to Defcon 3 and posted an article about getting patched.

        Check out https://www.askwoody.com/forums/topic/ms-defcon-3-lots-of-caveats-but-its-time-to-get-patched/

        There is a lot to read about in the linked ComputerWorld article, but it might help you decide what you really want to do… after all, it is your computer…

        It is a time to cautiously go forward with patching, if you haven’t joined the no-patching group after all that reading. I have confidence in following Woody’s system, because it got me safely through the GWX to now, with no problems. However, I’m waiting until I have plenty of time, just in case… and I have a current system image, and also do data back up. I was having all kinds of anxiety about updating this month, because of the Meltdown and Spector patching, and all the problems people are having… and I am tip-toeing up to it… but those are the thoughts of a non-techy…

        Win 7 Home, 64 bit, Group B

        2 users thanked author for this post.
        • #166405 Reply

          DrBonzo
          AskWoody Lounger

          @elly (166208) and @anon (166193). Here are 3 positive data points for January’s patches.

          I’ve patched 2 Intel machines, one 3rd generation (Ivy Bridge) core i5 and one 5th gen (Broadwell) core i3. Both run Win 7 Pro 64 bit service pack 1. I successfully installed in the following order KB4055532 (a .Net update), KB 4056568 (IE 11 security), and KB 4073578 (the latest security only update that has the so-called AMD no boot issue fixed). I was told I needed to restart after each update. I did the .NET update through Windows update, the other 2 manually (as you can tell, I’m basically group B.)

          Also did the same on an Intel Atom running Win 7 Starter 32 bit.

          On all 3 machines everything went smoothly and everything seems to work fine for the last 2 days. Haven’t noticed any performance hits but I’m not a gamer and don’t do any intensive number crunching or I/O stuff.

          The only thing I’d warn you about is to be patient on the KB 4073578 as it seems to take a few minutes (literally 3 or 4 minutes which in my experience is fairly long) on the restart when it gets to the 4-color Windows flag on startup.

          Good Luck!

          3 users thanked author for this post.
    • #166201 Reply

      Bill C.
      AskWoody Lounger

      @oscarcp in Post #166105.

      My Lenovo Thinkpad E440 (Win7-64Pro_SP1) has a Lenovo System Updater for the Lenovo specific software and hardware as well as the UEFI BIOS. It can be set to auto scan on a schedule if you wish, but it only will install if you permit it. It also allows you to hide updates. Generally, all the BIOS/UEFI updates have had cautions not to update them if the issues they are fixing have not minifested themselves on your machine.

      Mine shows a November 2017 BIOS update (pre-Spectre/Meltdown), but says it is not reversible to address a security issue. I suspect it may be to fix the Intel ME vulnerability issue. I have not installed it yet as I am waiting for the Spectre/Meltdown UEFI/BIOS update for that. When it appears I will monitor the Lenovo forums to see if there are any issues.

      That machine is not used that much since I bought an iPad Pro for the road. Plus the iPad Pro has a GREAT camera. I will keep it a Windows 7 laptop as long as possible and then it will become a Linux Mint machine.

      • This reply was modified 8 months, 2 weeks ago by  Bill C..
    • #166206 Reply

      Bill C.
      AskWoody Lounger

      WooHoo! I just checked the link in Woody’s original post and my old Bloomfield i7-960 is getting a firmware update. The 2/8/2018 Intel Guidance shows it as in planning. Since the CPU and MB are both Intel OEM, I guess they will have it on their site at some point.

    • #166210 Reply

      ViperJohn
      AskWoody Lounger

      Okay according to this 02/08/2018 revision to the “Intel Microcode Revision Guidance PDF”

      https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf

      Intel is planning on issuing Meltdown / Spectre Microcode updates going back 10+ years to Yorkfield and Wolfdale CPU’s.  Sandy and Ivy bridge code is currently in Pre-Beta stage.

      Looks like the 12+ year old Conroe / Kentsfield CPU’s are going to be cutoff.

      Viper

       

      • This reply was modified 8 months, 2 weeks ago by  ViperJohn.
      • This reply was modified 8 months, 2 weeks ago by  ViperJohn.
      2 users thanked author for this post.
    • #166252 Reply

      Noel Carboni
      AskWoody MVP

      Okay according to this 02/08/2018 revision to the “Intel Microcode Revision Guidance PDF”

      Intel is planning on issuing Meltdown / Spectre Microcode updates going back 10+ years to Yorkfield and Wolfdale CPU’s. Sandy and Ivy bridge code is currently in Pre-Beta stage.

      Thanks for that.

      Of course, two important issues remain:

      1. Does the computer’s OEM plan to bring forth an update to carry the microcode. For example, in my case with a Westmere EP processor for which the chart still shows “Planning”, will Dell push the change forth in a BIOS upgrade? Up to now Dell’s list has not included my system.

      2. What are the performance implications? So far we have seen hardly ANY information – anecdotal or artificially derived via benchmarks – even for the Windows patches alone. What will the degradation be with the Microcode updates? It’s ridiculous that the best we’ve got so far is Microsoft’s statements about “who’s likely to notice”. Is this really “security at all costs”?

      -Noel

    • #166342 Reply

      ViperJohn
      AskWoody Lounger

      Thanks for that. Of course, two important issues remain:

      1. Does the computer’s OEM plan to bring forth an update to carry the microcode.

      2. What are the performance implications?

      -Noel

      (1) If Intel releases Spectre mitigation Microcode for a given CPU series I think that would push the OEM’s / MB Makers to create bios updates for their MB’s.  If they didn’t then liability for future Spectre attacts that involve their product would be borne by the OEM / MB maker alone.

      Also even if an OEM / MB maker decides to not release (foolishly IMO) a bios update if the Microcode exists then it can be directly applied to the Windows OS at boot using VMwares CPU Microcode Update Drivers.  It realy not that hard to setup and do after ya get past the initial “Oh Snap Now What” panic.

      (2) I still have not seen more than a 2.1% worst case performance drop (in any benchmark), in BOTH Win 7 and Win 10 post Meltdown Patch install.  That has now included a Skylake system that had Intel’s original Spectre microcode installed (and ran flawlessly after too).  By my real world testing the typical home user just isn’t going to see or notice any performance drop/change real world post patch in W7 or W10.

      Now a multi CPU server running many concurrent virtual machines with massive amounts of disk I/O over fiber or multiple 10Gb/sec ethernet cards (and the amounts of branch speculation that goes with that) may get clobbered performance wise BUT you are also talking machines running Windows Server OS’s not W7 or W10.

      Viper

      • #166402 Reply

        Noel Carboni
        AskWoody MVP

        Try the Advanced “Workstation” disk test in PassMark PerformanceTest.

        On one Haswell system here I measured a drop from a 1400 MB/second cached I/O rate to 900 MB/second. That’s pretty serious, and I’ve found that benchmark to be a good indication of real world all out disk-intensive application performance, such as one might see by an I/O limited application like, I don’t know, Visual Studio..

        -Noel

        • This reply was modified 8 months, 2 weeks ago by  Noel Carboni.
    • #166412 Reply

      ViperJohn
      AskWoody Lounger

      Try the Advanced “Workstation” disk test in PassMark PerformanceTest. On one Haswell system here I measured a drop from a 1400 MB/second cached I/O rate to 900 MB/second. That’s pretty serious, and I’ve found that benchmark to be a good indication of real world all out disk-intensive application performance, such as one might see by an I/O limited application like, I don’t know, Visual Studio.. -Noel

      I did run that test many times Noel and did not see a performance drop but I do not have drives that can move disk data that fast either.  I also did real world timed bulk file copies  (100 files of various sizes from 50KB to 10GB) between my SSD’s and/or HDD’s and saw zero slow downs in any source – target combination.

      My test drives were a pair of 500GB WD Blacks and a pair of 500GB Samsung 850’s. Those SSD’s top out around 550MB/sec seq in my system so they are probably not fast enough for a disk I/O slowdown to show up.  I suspected that if you had some Samsung 960’s that could do 1400 to 2000MB/sec you may see a disk I/O slowdown with them.

      I have know idea what the in use stats for systems with drives that fast are. Considering their cost per GB/TB of capacity and the fact MB’s with NVMe interfaces haven’t been around all that long I would bet their use in home desktop systems (versus spinning rust) for internal bulk file storage is close to zero and still few and far between for workstations desktops at this time.

      I’m not saying there won’t be select workloads that will not see slowdowns.  What I am saying is the typical desktop user is going to see little to no slowdown (and absolutely none in gaming frame rates) and that Win10 is no better than Win7 or Win8 in that respect.

      Viper

      • This reply was modified 8 months, 2 weeks ago by  ViperJohn.
      1 user thanked author for this post.
    • #166439 Reply

      Noel Carboni
      AskWoody MVP

      I think you’re onto something here… If the OS with a modern processor wasn’t the limiting factor in I/O speed, then making the OS a little slower was unlikely to cut into I/O speed. So most folks aren’t able to measure a speed drop. But with systems maxed out with hardware (e.g., the “servers” Microsoft alluded to) then OS has been and will be more of a bottleneck. I have specifically built my systems with arrays of flash drives to max out I/O performance, so I’m seeing the OS becoming more of a bottleneck.

      -Noel

      1 user thanked author for this post.
    • #166688 Reply

      anonymous

      I have  Windows 7 Pro, SP1, x64, I-7 quad Sandy Bridge CPU, and these two questions:

      (1) How can I find out, in a simple, low-level-of-skill-required way, if the manufacturer (HP) already has installed automatically a microcode patch in my PC?

      (2) How can it can be prevented from doing so: (a) for ever, (b) with the option to install it a some later time — if the new patch has not been installed already?

      (If I find my machine has been updated already and it is, obviously, still working, I suppose I can live with that. Particularly if I have not noticed anything untoward, such as a significant slowdown. And I am not too worried about speed, anyways.

      Thanks.

    • #166696 Reply

      Elly
      AskWoody MVP

      I have Windows 7 Pro, SP1, x64, I-7 quad Sandy Bridge CPU, and these two questions: (1) How can I find out, in a simple, low-level-of-skill-required way, if the manufacturer (HP) already has installed automatically a microcode patch in my PC?

      Intel hasn’t pushed out the required microcode to the OEM yet. It is starting with the most recent processors, so Sandy Bridge has a way to go.

      Take a look at this article about Steve Gibsons utility that simply reports on the status of your computer regarding Meltdown and Spectre vulnerabilities.

      https://www.askwoody.com/2018/scan-for-meltdown-and-spectre-with-steve-gibsons-new-inspectre-utility/

      Win 7 Home, 64 bit, Group B

      • #166713 Reply

        anonymous

        Thanks, Elly.

        The article you refer me to is about installing software to see if one’s machine is vulnerable.

        For the moment, my machine is definitely vulnerable, because I still have not installed February’s Security Only update for Win 7 (only the one for E11). I am in a “careful watching” mode, waiting to see how it goes with those who install it.

        One thing I am very interested is on the BIOS/UEFI patch: has the manufacturer pushed it through an automatic update I know nothing about? From what you wrote, it seems the answer is “not yet”.

        The other point, and somehow doubt the software in that link can help me with it, is whether I can prevent the manufacturer from installing the patch sometime in the future without my knowing, and if this can be prevented, how is it done? I am not happy about having the worrisome patch installed in exchange for avoiding a rather theoretical problem that might never come to pass.

        As others have written here, if a patch to the UEFI or BIOS goes bad (I think for my PC is already an UEFI), it can be curtains for the old, familiar, much needed, much used (and, therefore, much loved) machine. Or a perhaps expensive and quite likely time-consuming attempt at restoration, in my case after finding someone with the skill, experience, knowledge, reputation… to do such a job.

        Most likely outcome, if that ever happened to me: a very premature and pitiful terminal doorstop.

        1 user thanked author for this post.
        • #166718 Reply

          Cybertooth
          AskWoody Lounger

          @anonymous:

          I have had PCs from a fairly wide variety of manufacturers over the years (Dell, HP, Lenovo, Toshiba, etc.). None have ever tried to force-feed a BIOS/UEFI update onto any of my machines.

          Generally speaking, if a manufacturer has that kind of update available, it will be available for manual, deliberate download from their website. At best, they may send you a notice (via their pre-installed PC maintenance software) telling you that such an update is available. But I have never heard of BIOS/UEFI updates just showing up and getting installed without the owner’s participation, let alone his knowledge.

          Historically, BIOS updates have been tricky to install and risk-prone, so they are handled via a much more careful, step-by-step procedure requiring your close involvement. It’s highly unlikely your manufacturer would simply foist the patch on you willy-nilly.

          So, chances are you can rest easy on this point.

          2 users thanked author for this post.
    • #166909 Reply

      Cascadian
      AskWoody Lounger

      … The other point, and somehow doubt the software in that link can help me with it, is whether I can prevent the manufacturer from installing the patch sometime in the future without my knowing, and if this can be prevented, how is it done? …

      Hi anonymous, I agree that the InSpectre tool discussed above does not address your concern directly as a preventative measure. However, I believe Elly was wanting to point out that it offers a painless method to deactivate any protection you have decided is harmful to your top performance requirement. This can be done after-the-fact, without requiring a firmware rollback, which has more hazards if attempted.

      As Cybertooth has mentioned it is not likely that a truly preventative measure is required at this point. I will extend on the point offered by adding that making changes to purchased hardware without permission of the owner could open up the OEM or chipmaker to liability. This is untested. But I do not believe there is a leased license to hide behind, the way Microsoft does with their OS.

      I agree that it is difficult to predict the future, and how the business model may change. But think your level of concern is not supported by current information.

      2 users thanked author for this post.
    • #166926 Reply

      OscarCP
      AskWoody Lounger

      Paul,

      First: thanks for some advice you gave me some time ago that fixed a problem with my user profile being corrupted repeatedly. Your suggestion of disabling services that are not from MS did work like a charm.

      Now, because I am very interested in Anonymous question, I have one for you of my own.

      You wrote:

      “However, I believe Elly was wanting to point out that it offers a painless method to deactivate any protection you have decided is harmful to your top performance requirement. This can be done after-the-fact, without requiring a firmware rollback, which has more hazards if attempted. ”

      Question:

      Would not be the same to either return the machine to an early state by going back to the restore point created before the questionable update, and then install again any OK updates that might be gone after doing that, or else simply uninstall the undesirable ones without first returning the machine to an early state?

      Even if recommended by several people who know what they are talking about, I generally don’t feel too good about installing software that is not essential for what I am doing and comes from an outfit that I do not know a good deal about already.

      • This reply was modified 8 months, 1 week ago by  OscarCP.
      1 user thanked author for this post.
    • #166952 Reply

      Cascadian
      AskWoody Lounger


      Would not be the same …?

      (enclosing quotes so that if Woody reverts to threading, there will be a link to referenced comment)

      Thank you for sharing your 3rd-party services disabled success. Glad it helped. Regret that I have forgotten from whom I learned it.

      On the current item, in my understanding, firmware is a different beast from software patches with a different set of hazards. If I have crossed ideas here, I hope to be corrected by others.

      Software patches, including patches to the Operating System, which is software, are simple things to revert to the prior condition. Though the steps required to make the change are protected to prevent malicious or accidental changes.

      But the fix that would come from the OEM or chipmaker would involve a ‘permanent’ change to the encoded logic onboard the actual hardware. And while the microphysics involved are a little fuzzy to me, there is a hazard in changing or flashing this instruction set at that level. Reverting to a former state is not as easy as rolling back to a saved file of instructions. The same instruction set must be overwritten yet again, increasing the chances of a lingering bit here or there failing to revert. Resulting in an inoperable instruction set. At this point getting a Blue Screen would be a lucky outcome. The possibility of no display on screen, while audible noises come from within the case, or even worse, just silence. No opportunity for F8 or any other input.

      Please, for other readers, this is a description in answer to a specific question. This is not a scare-story for any of the Microsoft updates from January or February. It is only the possible outcome of undoing or reverting a change to hardware instructions. This change would come from the OEM badge (Dell, Toshiba, &c) or, in the case of this topic title, from Intel. But it is an answer to a hypothetical question only.

      Your hesitation is wise. Beyond trusting the vendor, and their instructions, I would also feel better reading results from another user’s real-world experience first. Kind of like the entire purpose of Woody’s MSDefcon warning system.

      • This reply was modified 8 months, 1 week ago by  Cascadian. Reason: noted in text
      1 user thanked author for this post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Intel says its new Spectre-busting Skylake firmware patch is ready

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.

    Your information: