Hi, this is Wayne again with a topic “Why Does Intel Keep Having Security Problems?”.
In the never ending CPU wars between AMD and Intel, a lot of enthusiasts, understandably, focus on which of the latest offerings from team, red or team blue will give them the best bang for the buck for gaming streaming and content creation.. In other words, it’s all about performance but there’s another aspect: that’s much less discussed security. And if you’ve been following the CPU headlines for the last little, while you’ve probably seen plenty of stories about new vulnerabilities that keep coming out which affect Intel CPUs in particular.. So why exactly are they having so many issues? Well, a while ago we did a video on the Spectre and Meltdown vulnerabilities., Which you can check out up here for more details on how they work., But remember that, while Spectre affected both Intel and AMD chips, and even some Qualcomm ones Meltdown was basically an Intel. Only problem.
This was because of certain architectural flaws in the way that the CPU cache on an Intel processor is set up.. The cache is basically a small amount of very high speed memory built right into the CPU die. That allows it to access information that it needs frequently very quickly.. Now Intel did issue some patches to mitigate how vulnerable its chips were to Meltdown..
But since it’s really a Silicon level, bug. It’s difficult for Intel to fully fix the problem without redesigning the chips, fundamental architecture., And this has meant that variations of Meltdown have been discovered that also attack cache vulnerabilities.. One such example is a recent bug affecting an Intel chip feature called Software Guard Extension or SGX.. This is a part of the processor that encrypts and stores super sensitive information such as encryption keys., So that, even if the operating system is compromised in some way, the systems most sensitive data should still be protected if a program is coded to use SGX..
And surprisingly, this makes the SGX a pretty attractive target for attackers., And recently a bug was discovered that can decrypt and read the sensitive data inside by using timing attacks. Similar to how the original Meltdown vulnerability works.. Indeed, this new bug called SGAxe is based on a weakness called CacheOut, which is related to and inspired by Meltdown. According to researchers, who discovered both bugs., However CacheOut actively bypasses the software fixes that Intel issued highlighting a huge problem that Intel is facing with trying to shutdown these Meltdown derivatives., I mean you can patch one leak, but then another one springs up somewhere, else. And you’re, Like ( indistinct ), you know “, where do these moles keep coming from ?”? However, there is some good news in all of this.. First of all, we’ve known about Meltdown and Spectre for well over two years., But there haven’t been any major pieces of malware that managed to exploit them yet.. In fact, some have criticized the often alarming headlines you see on Tech News sites. Whenever a new variation of these bugs is uncovered since, although these attacks are theoretically possible.
So far, they only really exist as proofs of concept as they’re actually very difficult to pull. Off.. Remember that the headlines that you see about Spectre and Meltdown variants are there, because researchers have discovered these flaws, not because they were actually used to rip off someone’s banking information.. Also Intel does seem to be giving more of a focus to hardware based security., Especially with the news that it’s upcoming Tiger Lake CPUs will get a hardware solution called Control-flow Enforcement Technology to defend against common types of malware..
Of course, Intel has built hardware mitigation for Meltdown into some of its more recent chips already and yet security issues do keep getting discovered., Meaning the company might have to rethink its CPU architecture significantly before we get comprehensive protection against this class of attacks., But with these Bugs not yet having a major real world impact, you’re, probably fine, carrying on with your shiny Intel chip., At least for now.. This video is brought to you by Bitdefender Total Security 2020.. It was awarded Product of the Year by AV-Comparatives’ and has scored high in independent tests and protects over 500 million systems. Worldwide. It’s available for Windows, macOS, Android and iOS., And Total Security 2020 includes a VPN, multi-layer, ransomware protection, great speed and performance across all platforms and great protection against malware of course.. You can even run Total Security 2020 from your mobile device and it’s all backed up by Bitdefenders comprehensive 24/7 support. Click, the link in the video description for more information and a special giveaway uh.. So thanks for watching guys, like/dislike check out our other videos leave a comment.
If you have a suggestion for a future fast as possible and don’t forget to subscribe and follow or butterflies will come into your house and I’m not talking just like one or two. I’M talking thousands. It’ll be very unpleasant. .
