Well the bios update slow down is not a meme, thats for sure

Yikes it is on the latest gen as well the one which Intel has said will have "minimal" impact. I imagine Haswell or older are fucked, if they even get a BIOS update.

I imagine 99% of people will never even t un the bios update because they are normies and they will just unknowlingly have this big security flaw that will likely get exploited because its so high profile and prolific

Spectre v2 is hard to exploit and also requires to be run locally. I assume most people won't be affected by such a malware/virus unless this malware/virus finds a easy route into computers.

Plaes hep
I run ZFS on my Cent machine.

This might kill me.

It patches Spectre 1

No.
cloudblogs.microsoft.com/microsoftsecure/2018/01/09/understanding-the-performance-impact-of-spectre-and-meltdown-mitigations-on-windows-systems/

are bios updates even available?

Yes. But depends on the vendor and your current generation of CPU

>being so scared he is patching his system

Get commonsense 2018, commonsense is the reason none of my machines have been infected with any type of virus / rootkit including my servers and game servers I've been running for the past 10 years on multiple games.

Common sense involves patching your system you retard.

I did a bios patch not a windows update

Only half true, commonsense is all that's needed to avoid getting infected by those 2 exploits once Firefox has been patched and won't leak out your passwords.

Enjoy your performance decrease because you are retarded and cant help but click on younggirl.jpg.exe

You need both. W10 will force you to update. W7 and 8 can opt not to.

Won't help normies getting infected because they load up facebook and get hit by a drive by JS.

Enjoy having your kernal hijacked retard

Common sense dictates that you patch all possible vulnerable exploits and minimal performance decrease at the cost of security is fucking stupid. This applies to all possible exploits past and future.

Selectively deciding what to patch and not patch like it is a game of pros and cons is NOT common sense.

Most normies don't even get the windows update because almost all antivirus scanners haven't authorized compatibility yet

Drive by JS has already been patched. V1 and V3 are fixed by Windows update.
Also all popular free or paid AVs that normies use are already updated.

Update browser etc..

Incorrect.

The past 6 years i never ran any type of internet security, and never once got infected even though the machine i am right now i program, send money, login to my servers and so forth.

By the way kiddo, i used to do reverse engineering. I used to fuck niggers like yourself and hijack your botnet servers back in the day.

Come at me.

B8

Not everyone is getting a BIOS update. Thankfully Spectre V2 is the hardest one to exploit so yeah.

Obviously he isn't, just someone that wants to sound smart and re-using what he saw others post. If you are stupid enough to get infected, and stupid enough to decide for yourself just what updates / patches you need you don't deserve to live.

Sysadmin shouldn't be running their systems based on Common Sense™ especially since their systems potentially cost thousands in data or services.

>I use common sense
>Proceeds to prove nothing he does is common sense
Well done.

Didnt mean to delete my other post i am too stoned
I didnt even understand what he said so i deleted it. He is right, a sysadmin doesnt pich and choose patches trying to speed things up. That is autism

Commonsense is using commonsense, you weigh the pros and the cons especially on the severity of the exploit, how easy it is to use and obtain and performances losses in the process of patching. I shouldn't even be wasting my time explaining to some retard that probably just found out about Sup Forums and thinks he is a smart cookie for connecting the cables on his pre-built computer.

I'll be waiting for any of my servers to be "hacked" le "hijacked". 10 years and counting.

>I don't patch my systems because I have common sense!
>Vulnerability is hardware level
>Nothing that is done by the user causes the vulnerability

Common sense can only take you so far, if you ever get targeted and the attacker has knowledge of the vulnerability you're pretty much SOL.

No one cares about your anime server. Security doesnt matter when you are a broke NEET with nothing to lose so do as you please

Spooky ghosts are allegedly giving up the ghost according to sources.
You didn't hear it from me, Sup Forums.

Something is wrong with your testing methodology. I know for a fact that 4k random read speeds should either remain the same (unlikely) or decrease considerably (most likely) after both patches are installed. No way it would actually accelerate.

The only moron saying this exploit isn't severe and shouldn't be patched is you. Maybe v2 with the BIOS update can be skipped but not patching for v1 (which allows drive by JS) and meltdown is fucking idiotic. Considering that you are forgoing future windows security updates as well if you don't patch the latter two.

>if you ever get targeted and the attacker has knowledge of the vulnerability you're pretty much SOL.

Righto, I'll be over here waiting. All the ones over the years have failed, and will continue to fail unless i get hit with a zero day exploit which again are incredible hard to find, cost thousands / hundreds and thousands to buy and so forth.

Won't happen.

Be quiet, kid.

Be quiet, please.

is the bios upgrade really necessary?

Nah. You are the one who should shut the fuck up considering everything you say is polar opposite of what every security expert is saying.

>Hurrr durrr b-b-but my anime machine hasn't been HACKED.

Be quiet, please.

This. I might not update my computer if this shit is unnecessary.

security """""experts""""""" like you I presume?

>No argument left
>B-b-b-be quiet
I can already imagine you chugging away at your Mt Dew as you type that.

No.
But if it is available you should patch it.

Just be quiet please, you are embarrassing yourself.

You obviously don't understand what a zero day is.

Of course it's necessary. It's just that the bios patch is for v2 which is the hardest to use but not impossible.

>He types while chugging away at Mt Dew and fapping to his anime porn

Why don/'t you tell us all, since you seem like the expert what a zero day exploit is and how you obtain a zero day exploit.

Pro-tip moron, it's not a zero day exploit anymore if it's widely known and known by researchers.

It's time you stop pretending you have Huntington's Disease.

>and will continue to fail
That's what you think until they succeed. Not patching and being arrogant won't help you in that case.

And if you don't update your shit you're still vulnerable to those zero days, even after they're no longer considered zero days.

well then i'm screwed. no way they are going to release a bios update for my almost 10 year old motherboard

>B-b-but muh common sense

I saw that too. I only ran it once i will try it again

My 4k random reads are still shit second run. I have an msi board though it may be different per manufactuer

You still should be relatively safe. Remember 99% of people who use a PC don't know what a BIOS update is.
MS might push a microcode update via Windows Update but that looks unlike from their recent blog post.
Just keep your windows and other applications up to date and don't run random binaries on your PC. v1 and v3 have already been fixed so drive by JS attacks should not be a threat now.

>Of course it's necessary.

No it's not.

The exploits would have been used in the wild by now, which haven't as google has stated and there security research team.

>And if you don't update your shit you're still vulnerable to those zero

Yes, if you're an idiot like yourself. I'll be waiting for my servers to be hacked (lol).

As for the guys in here who are questioning it, don't patch and lose performance for absolutely nothing because your tin-foil had said so.

If you have nothing on your machine that's exploitable then I defy anyone to articulate a reason to patch.

If I get a cut on my knee I still apply antiseptic even if I'm sure it won't get infected.

>The exploits would have been used in the wild by now
Do you even know what that means retard? That just mean that google has no knowledge of the exploit being used before, not that it has never been used. Given that it is an NSA backdoor, it has probably been used for targeted hacks.
Not that it matters since how that these exploits are known, malware/virus makers are free to now use and exploit them.

I just apply water, and it has worked for the past 28 years. Why go overboard? unless you got cut by a dirty nail or something else of the likes?

neck you're self frogposter faggot

The internet is a rather dirty place nowadays.

Your CPU is exploitable so unless you have an unexploitable CPU, you should patch.

I get that you are in damage control mode but yoi really should just stop it

>That just mean that google has no knowledge of the exploit being used before,

Incorrect, google stated they have never seen any such attacks of the likes of both exploits ever being used in the wild even though the exploits are 10 years old and were found out years ago and only now brought to light by googles zero day team.

Why would i be scared of the boogeyman?

They can attack your network through your infected pc

That is if you get infected.

Commonsense 2018 special edition.

They are common knowledge now and foreign goverment will be working hard to get their attacks out for it now they know that a hundred millions pcs are insecure.

.t tinfoil

Bad analogy and you should feel bad.

So what if my OS gets infected? There's literally no personal info in that box. I boot live Linux .isos for banking, paypal etc which have zero involvement with the existing hd. I often use a spare machine without an hd as I've lots of PCs.

DoD agrees with me and offers this free downloadable .iso for telecommuters connecting to DoD networks. The public version is a free download.

spi.dod.mil/lipose.htm

Now I'll say it again. Why PRECISELY should I give the slightest nanoshit about an OS infection of any sort when it cannot touch the OS I boot live for communication?

>Incorrect
What the fuck? You just repeated what I said and pretend that your is more "deep". Fuck off moron. Google said they never seen such attack before doesn't mean these exploits haven't been used before unless you are saying Google has access to every single PC in the world.

idiot.

>Moving the goal post that hard after getting btfo

You are the anti-vaxxer of computers.
Amazing.

>If nothing on your machine is exploitable why should one patch
>Vulnerability exposes exploit
>Your computer is now exploitable

Huh I wonder why anyone would patch

They can attack your network from the infected pc

>There's literally no personal info in that box

This.

People need to shut the fuck up. So what if you even obtain my fucking password to my accounts? good luck stealing my mobile as well to reset the passwords.

This isn't 2007.

Kek

WOOOOWWW

They will see a password or two because i logged in a torrent website.

and?

>Takes all sorts of mitigation and inconveniences to be safe
>But doesn't want to patch due to minimal performance hits that probably he won't even noticed compared to dual booting everytime he wants to do something else
You are a special kind of retard.
Regardless, your advice shouldn't apply to the rest of the general public.

How does common sense help if you visit your favorite website one day when someone put a malicious script on the site that infects your kernel?

Yeah no big deal when they stary mining coins on your, encrypt the drive and hold it for randsom, and start using your computer as a botnet zombie to do illegal things. No biggie. Also as i said before they can attack your home network, which is bad

Incorrect, you said it "has" been probably used before for attacks. Google stated they have never ever seen such an attack in the wild.

>So what if you even obtain my fucking password to my accounts?

Huh, maybe just hand them over and see what happens.

The CPU exploit is not persistent between hard reboots.

Now precisely why should I worry about a short live session in which I only do the minimum required to interact with bank, Ebay etc? Winged monkeys are unlikely to hold me at gunpoint to force a visit to an attack site.

>Yeah no big deal when they stary mining coins on your,

For something like that you can see, notice, and easily stop you dumb cunt.

Why don't you dump all your passwords here and let us test how foolproof your system is? You have nothing to hide right?

Oh you dont bank or have a 401k to steal from because you are a child

So glad I kept my 1090t.

Use something else other then your main machine, and turn off wifi while using your 4G.

Dumbass.

Do you know what "probably" means you fucking retard?
Here is NSA with a published paper in 1995 that hints at these exploits.
pdfs.semanticscholar.org/2209/42809262c17b6631c0f6536c91aaf7756857.pdf
>Prefetching may fetch otherwise inaccessible instructions in Virtual 8086 mode (unspecified version).
>Cache and TLB Timing Channels. As mentioned in the preceding scenario, caches present potential for covert timing channels. Even without MSRs for direct measurements of cache activity, cache hits and misses can be detected strictly from instruction timing, as described in [Wray91]. To eliminate these flows, caches must be managed. This can reduce their efficiency considerably, depending on cache architecture, as it introduces otherwise unnecessary cache flush and invalidation activity

Just because Google hasn't seen it, doesn't mean it hasn't happened. Unless you think Google is somehow omnipresent and can view every single PC in the entire world.

Once you get the admin pass from the kernal you install a bootloader hook and now you completely control that hard drive and you have to remove it and install on a different one. It isnt rocket science, my windows activator does the same shit

And do what? I don't have any exploitable information on my network. Those who do should take measures accordingly. All anyone could get from my network is basically porn, movies and vehicle manuals.

pwning my home LAN would be like trying to pour water out of an empty bucket. I learned long ago the best security is not putting shit you care much about on a computer in the first place.

What does not exist cannot be stolen.

>that one skid that thinks he will create a bootkit, or find a bootkit that's not detected by every single AV.

Wow.

What are you implying?
You said you have nothing exploitable? I think what you mean is that there is nothing to gain from exploiting your computer?

my windows activator hook isnt detected my the windows av. Hitmanpro finds it though.