switching off updates is a terrible idea right now. with meltdown and spectre variants appearing daily it seems , those security updates are essential.
spectre and meltdown effect all operating systems and require a processor firmware patch to fix . intel is the worst affected, but amd and arm can still be affected, albeit to a much lesser degree.
these patches are distributed via operating system updates and bios updates. anything much older than the current generation of chips is unlikely to get the bios update. the older a machine is ,the less likely a bios update will be available.
thus its left to the os vendors to implement the intel (amd/arm) microcode.
I had a really nice reply all typed up for you, and then the input box bit the dust on a preview.
So 2nd try:
Allow me to be more precise; I stand behind my statement to turn off updates for XP, which as of June of this year, still commanded over a 5% market share.
https://www.windowslatest.com/2018/06/03/new-stats-show-windows-xps-market-share-increased/If you are still running XP and want the updates, do the registry hack to fool the M$ servers into thinking you're an embedded system - at your own risk.
http://www.expertreviews.co.uk/software/8089/how-to-get-new-windows-xp-updates-for-free-until-2019-with-a-registry-hackWhy would I put it out there to turn them off for XP ? 3 months before EOL (2014) I had two XP machines that the updates totally hosed. In fact they were hosed so badly by the updates that I had to reinstall (from Bkps and turn off auto updates on them. (I use them for regression testing - XP Pro SP2 & SP3.)
As far as Spectre and Meltdown go, there is absolutely
no software or Bios update that will fix them. Those are NSA backdoors built right into the hardware of the motherboard that integrate with Intel ME and go all the way back to the Celeorn (the design all newer chips are based on) CPUs.
The NSA has been in bed with Intel since at least the early 90's so SPECTRE and Meltdown are not bugs, they're design features.
The only reason any of these 'features' have come to light is because the Shadow Brokers released them into the wild and the NSA had to cover their ass, so they they ran it down the pipe to their other bedroom buddies to look for the exploits - with some hints as where to look, I'm sure.
XKeyScore ring any bells ?
BTW, that design was developed in Israel. (I have no paper trail for the NSA shennanigans, but all the evidence points to it )
Of course they're going to say this;
https://www.techdirt.com/articles/20180106/10334238946/nsa-denies-prior-knowledge-meltdown-spectre-exploits-claims-it-would-never-harm-companies-withholding-vulns.shtml Now, these exploits are being modified;
https://www.csoonline.com/article/3253247/security/3-leaked-nsa-exploits-work-on-all-windows-versions-since-windows-2000.htmlMeltdown can be slightly mitigated, but forget about SPECTRE until the manufacturing process for the chips is revamped.
visitors can't see pics , please
register or
loginSPECTRE operates at the Instruction Set Architecture level, which is lower level than the BIOS / EFI or Operating System level. The machine doesn't need to be turned on, it just needs batteries or to be plugged in.
https://en.wikibooks.org/wiki/Microprocessor_Design/Instruction_Set_Architectureshttps://en.wikipedia.org/wiki/Instruction_set_architecture" According to some cybersecurity experts, fixing Spectre will require a complete overhaul of the way chips are made and could take years.
6. Spectre will require a complete re-architecture of the way processors are designed and the threats posed will be with us for an entire hardware lifecycle, likely the next decade.
— Nicole Perlroth (@nicoleperlroth) January 3, 2018 "
https://www.trustedreviews.com/news/intel-chip-problem-cpu-flaw-meltdown-spectre-vulnerability-patch-3365861" AV-Test, an independent antivirus testing house, is reporting that they’ve seen about 139 separate code samples that exploit the vulnerabilities. They include the first JavaScript-based proof-of-concept exploits attacking browsers. "
https://www.pcworld.com/article/3245606/security/intel-x86-cpu-kernel-bug-faq-how-it-affects-pc-mac.htmlTime to look into a fine grained JS blocker like NoScript if you're not already running one.
Nice, eh ?
(Not as elegant a response as I wanted, but I'm tired - I think it's nap time.)
