3

Various versions of Spectre, Meltdown, Foreshadow and ZombieLoad make it quite the jungle trip to navigate which CPUs are affected, how to mitigate them.

Right now, my problem is that I need a new computer but I want to make sure that I buy the most secure CPU available.

Let's say I don't care at all about performance, only security. It's already December 2021 and what most of these vulnerabilities have in common, is that people have been saying that the only true solution to them, is new chips.

But it seems like there is no consistent way to simply check if a make and model has been designed to resist these vulnerabilities on the hardware level. There are endless lists, from various time periods, either for Intel or AMD or ARM, for some versions of these vulnerabilities. As an example, I found a "complete" list of CPUs vulnerable (which then turned out to be out-dated as well), but what is much rather needed when shopping for a new CPU, is a complete list of CPUs that are not.

A simple search online shows that there are endless instructions on how to check your current system. That's fine. But obviously, a potential CPU buyer is not going to get to run some arbitrary software on a computer before purchasing it, not to mention that no one would have the time to, even if they could.

It seems that the only people capable of protecting themselves on a hardware level, first need to become experts on these vulnerabilities. Unless security is only for security experts, it needs to be simpler than that.

Is there any kind of central resource where people can go to simply look up the make and model of a processor and know whether these problems have been fixed on a hardware-level or not? If not, then is there a good reason for the non-existence of such a resource?

Bonus question; is there any particular CPU on the consumer market, at all, that is resistant to Spectre, Meltdown, Foreshadow and ZombieLoad, as of December 2021?

Teekin
  • 131
  • 3
  • You'd likely need to go *way* back, to times where performance was measured in Megahertz. –  Nov 29 '21 at 13:22
  • That's not what I've been reading. Lots of articles mention that mitigation so-far has required slow-downs that cloud providers will notice while most everyday consumers won't notice at all (computers already being way faster than what most people actually need), and that the only way to mitigate them without much slowdowns is with new chips. And that's where I'm stuck with the question, what are the makes and models of those "new enough" chips? Like, Ryzen 5 5500H, for example. What is it vulnerable to, and how can I find out? Any central database with info on this would help a lot. – Teekin Nov 29 '21 at 13:42
  • Intel provides a database for its vulnerable processors [here](https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html). I don't think new chips are completely immune to all these vulnerabilities as that might require significant redesign of processors. It seems as if Intel has resorted to mitigating some stuff with just software/microcode. – nobody Nov 29 '21 at 17:23
  • There's a million other ways you'll get pwned before you get pwned by a spectre/meltdown/w/e attack – Mattwmaster58 Dec 05 '21 at 13:51
  • I'm not asking about the odds of being pwned. – Teekin Dec 11 '21 at 22:19

0 Answers0