What CPUs are there which don't suffer from Meltdown ?
January 10, 2018 3:43 PM Subscribe
If you're buying a laptop today are there CPU's you can get which just don't have the Meltdown problem at all (as opposed to having it 'fixed' by OS level fixes) ?
BTW I do understand that Intel et al are saying that the OS level fixes are all that is needed but clearly they have their own boat to row so, if I could, I would prefer a CPU which just wasn't flawed in the first place.
BTW I do understand that Intel et al are saying that the OS level fixes are all that is needed but clearly they have their own boat to row so, if I could, I would prefer a CPU which just wasn't flawed in the first place.
But re-reading your question, technically any AMD processor isn't vulnerable to Meltdown.
posted by GuyZero at 3:57 PM on January 10, 2018 [2 favorites]
posted by GuyZero at 3:57 PM on January 10, 2018 [2 favorites]
Aren't some of the Chromebooks ARM-based? I know early surface was. Or does Meltdown affect RasPi etc. as well?
posted by aspersioncast at 4:02 PM on January 10, 2018
posted by aspersioncast at 4:02 PM on January 10, 2018
Yup, at least one of the Yogas.
Although apparently Spectre affects all three major chips.
ARM might actually be the most attractive target for a further exploit, since it's in everybody's fancy pocket communicators . . .
posted by aspersioncast at 4:08 PM on January 10, 2018
Although apparently Spectre affects all three major chips.
ARM might actually be the most attractive target for a further exploit, since it's in everybody's fancy pocket communicators . . .
posted by aspersioncast at 4:08 PM on January 10, 2018
I mean I get your concern and motivation, but let’s not forget rational threat models and common attack surfaces.
If you don’t have any specific desirablity as a target (super rich, famous, royal, made-a-personal-enemy-of-a-skilled-and-unscrupulous-hacker, etc.), you are probably more exposed to various phishing scams, social engineering, or other more conventional malware.
posted by SaltySalticid at 4:11 PM on January 10, 2018 [6 favorites]
If you don’t have any specific desirablity as a target (super rich, famous, royal, made-a-personal-enemy-of-a-skilled-and-unscrupulous-hacker, etc.), you are probably more exposed to various phishing scams, social engineering, or other more conventional malware.
posted by SaltySalticid at 4:11 PM on January 10, 2018 [6 favorites]
Meltdown doesn't affect ARM chips, but Spectre does so really there's no safe haven.
From Wikipedia:
ARM has reported that the majority of their processors are not vulnerable, and published a list of the specific processors that are affected by the Spectre vulnerability: Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73 and ARM Cortex-A75 cores.[29]
A large portion of the current mid-range Android handsets use the Cortex-A53 or Cortex-A55 in an octa-core arrangement and are not affected by either the Meltdown or Spectre vulnerability as they do not perform out-of-order execution.[citation needed] This includes devices with the Qualcomm Snapdragon 630, Snapdragon 626, Snapdragon 625, and all Snapdragon 4xx processors based on A53 or A55 cores.[30] Also, all Raspberry Pi computers are not vulnerable to either Meltdown or Spectre.[31]
I wouldn't worry a ton about raspberry pis even if they were vulnerable as this is really an issue for multi-tenant systems. Single-user dev boards don't have the same usage patterns that lends themselves to this kind of exploit. But indeed your 1 GHz raspberry pi is as safe as it gets.
posted by GuyZero at 4:12 PM on January 10, 2018
From Wikipedia:
ARM has reported that the majority of their processors are not vulnerable, and published a list of the specific processors that are affected by the Spectre vulnerability: Cortex-R7, Cortex-R8, Cortex-A8, Cortex-A9, Cortex-A15, Cortex-A17, Cortex-A57, Cortex-A72, Cortex-A73 and ARM Cortex-A75 cores.[29]
A large portion of the current mid-range Android handsets use the Cortex-A53 or Cortex-A55 in an octa-core arrangement and are not affected by either the Meltdown or Spectre vulnerability as they do not perform out-of-order execution.[citation needed] This includes devices with the Qualcomm Snapdragon 630, Snapdragon 626, Snapdragon 625, and all Snapdragon 4xx processors based on A53 or A55 cores.[30] Also, all Raspberry Pi computers are not vulnerable to either Meltdown or Spectre.[31]
I wouldn't worry a ton about raspberry pis even if they were vulnerable as this is really an issue for multi-tenant systems. Single-user dev boards don't have the same usage patterns that lends themselves to this kind of exploit. But indeed your 1 GHz raspberry pi is as safe as it gets.
posted by GuyZero at 4:12 PM on January 10, 2018
ARM-based devices are affected by Spectre. See this (somewhat technical) AnandTech article. Not all variants are vulnerable; Raspberry Pis aren't, for example, and that article links to a (very, since it's aimed at developer types) technical article with a list of ARM cores that are susceptible. (But: keep in mind RPis use less advanced ARM chips to begin with.)
posted by mrg at 4:13 PM on January 10, 2018
posted by mrg at 4:13 PM on January 10, 2018
If you're buying a new PC, AMD is definitely less vulnerable but still vulnerable. (See above.)
From Intel, the Itanium and pre-2013 Atom processors, but good luck running any consumer applications on Itanium, and the old Atom was a lousy netbook processor that won't run any supported version of Windows (running XP in 2018: now that is just asking for malware).
Honestly, I can see why people would panic, but I would recommend universal precautions as before: keep your OS and applications up to date, don't run an unsupported OS (we know that XP and Vista are obsolete, but Mac OS X Yosemite also is no longer getting security updates), and have good anti-virus and anti-malware software, as always.
posted by Seeking Direction at 5:18 PM on January 10, 2018 [1 favorite]
From Intel, the Itanium and pre-2013 Atom processors, but good luck running any consumer applications on Itanium, and the old Atom was a lousy netbook processor that won't run any supported version of Windows (running XP in 2018: now that is just asking for malware).
Honestly, I can see why people would panic, but I would recommend universal precautions as before: keep your OS and applications up to date, don't run an unsupported OS (we know that XP and Vista are obsolete, but Mac OS X Yosemite also is no longer getting security updates), and have good anti-virus and anti-malware software, as always.
posted by Seeking Direction at 5:18 PM on January 10, 2018 [1 favorite]
From some reading these are a secondary attack vectors, the attack must come from code running on the system. That is after one account has been compromised by another external exploit. The biggest at risk systems will be the cloud or virtual machines, breaking across the restrictions from one user account to another. Very serious but single user systems would not be worth the effort, too many other easier exploits. But if you're running something in the cloud, it's not secure.
posted by sammyo at 6:54 PM on January 10, 2018 [1 favorite]
posted by sammyo at 6:54 PM on January 10, 2018 [1 favorite]
there are two bugs, Spectre and Meltdown, which are conceptually similar.
Recent AMD CPUs are not affected by Meltdown, so you can just buy one of those. Meltdown is easier for attackers to take advantage of.
Spectre is harder to take advantage of, but any CPU that you can buy for a general purpose computer or a modern smartphone is vulnerable. Nothing to be done. Keep your system up to date and, crucially, your web browser, because Spectre can be exploited just with javascript code, but browsers have been patched to make this much more difficult.
A Raspberry Pi wouldn't be affected and is probably pretty okay for light computer use.
posted by vogon_poet at 9:18 PM on January 10, 2018 [1 favorite]
Recent AMD CPUs are not affected by Meltdown, so you can just buy one of those. Meltdown is easier for attackers to take advantage of.
Spectre is harder to take advantage of, but any CPU that you can buy for a general purpose computer or a modern smartphone is vulnerable. Nothing to be done. Keep your system up to date and, crucially, your web browser, because Spectre can be exploited just with javascript code, but browsers have been patched to make this much more difficult.
A Raspberry Pi wouldn't be affected and is probably pretty okay for light computer use.
posted by vogon_poet at 9:18 PM on January 10, 2018 [1 favorite]
Just buy what works for your needs.
Spectre and Meltdown are on the level of a Carrington-Level EMP event. You don't buy a car being worried about what would happen if an EMP or Quasar blast fries your car's computer and IMO you should spend the same amount of worry on Spectre and Meltdown. That said, Specter and Meltdown are basically a Carrington level event that is coming soon, but it is such a huge looming problem that it is largely beyond any individual user's ability to control. So, following, the serenity prayer, accept it and hope for the best and in the meantime just get on with what works for you.
This is my "IT security is what I do professionally for a living opinion".
posted by Annika Cicada at 8:16 AM on January 11, 2018 [4 favorites]
Spectre and Meltdown are on the level of a Carrington-Level EMP event. You don't buy a car being worried about what would happen if an EMP or Quasar blast fries your car's computer and IMO you should spend the same amount of worry on Spectre and Meltdown. That said, Specter and Meltdown are basically a Carrington level event that is coming soon, but it is such a huge looming problem that it is largely beyond any individual user's ability to control. So, following, the serenity prayer, accept it and hope for the best and in the meantime just get on with what works for you.
This is my "IT security is what I do professionally for a living opinion".
posted by Annika Cicada at 8:16 AM on January 11, 2018 [4 favorites]
One correction - Atom-based netbooks are able to run Windows 7, which is still supported, if their memory is increased. My Asus Eee PC 900A from 2008 runs it fine - the only real issue is the small 1024x600 screen. I upgraded it to 2 GB of RAM and a 64 GB SSD.
posted by rfs at 10:50 AM on January 11, 2018
posted by rfs at 10:50 AM on January 11, 2018
This thread is closed to new comments.
Google says “effectively every” Intel processor released since 1995 is vulnerable to Meltdown, regardless of the OS you’re running or whether you have a desktop or laptop. (You can find a full list of affected Intel processors in this article.)
AMD processors aren’t affected by the Meltdown bug. But chips from Intel, AMD, and ARM are susceptible to Spectre attacks. AMD says its hardware has “near zero” risk to one Spectre variant because of the way its chip architecture is designed, but AMD CPUs can still fall prey to another Spectre flaw.
So Spectre makes the whole Intel vs AMD issue moot. You'd a P5 architecture CPU to avoid both bugs - anything that's P6-based is probably vulnerable. So a Pentium 200 is the best Intel processor that's not vulnerable. And honestly, you're not going to enjoy using one in 2018.
posted by GuyZero at 3:52 PM on January 10, 2018