Meltdown and Spectre Fix for Predator 17 G9-793-79 v5

Squatta
Squatta Member Posts: 28 Enthusiast WiFi Icon
edited November 2023 in 2018 Archives
I have purchased this laptop, but forgot my Serial Number today (I was going to chat with them about this at work). Anyways, does anyone know when ACER will be getting together with Intel to get this massive hole patched. I have already patched Windows 10, but from what I understand this is a hardware issue and the best way to fix it is to get your drivers and firmware updated (even though this doesn't fix the issue at the hardware level). I read that Intel will not be directly patching these, as the patches need to be designed specific to the computer model. From what I have read, Acer would have to work with Intel and create a patch to fix this. Anyone have any more information about this. 

Best Answer

  • Skelomorph
    Skelomorph ACE Posts: 463 Pioneer
    edited January 2018 Answer ✓
    Spectre Variant 1 requires updates to Browsers, Javascript, and OS.

    Spectre Variant 2 requires a BIOS update.

    Spectre Variant 3 (Meltdown) is patched VIA Windows Updates or similar OS patches.

    The Intel ME Vulnerability is patched using a BIOS Update.

    The main ones to really be cautious of are Spectre Variant 1 and Variant 3 Meltdown, which were patched the quickest and require a core rewrite to CPU architecture to resolve the issue, and there are no new Intel CPUs have have this rewrite yet.

    Spectre Variant 2 vulnerability is mostly dangerous in VM environments (Servers hosting virtual machines with remote access connection, allows seeing content on other VMs and executing code on host machine). 

    The Intel ME vulnerability has not been patch by Acer on any device as of yet (that I know of).


    This is what I posted in another thread:

    It does seem like a long time. However, the BIOS patch does not solve it totally. The Spectre Vulnerability's main example seems to be javascript in Web Browsers. However, there are methods to make it impossible for code in web browsers to go outside of their processes and can be enabled. Also, the BIOS patch is not a fix, but a band aid, so it is likely that if this method is taken advantage of, they will find a way around the band aid. 

    For Chrome and its variants, you can enable Site Isolation in Chrome://flags. This flag will automatically be enabled in Chrome 64 that is to be released January 23. The Firefox version 57.0.4+ is already patched for this, as well as Windows Edge and IE, if you are keeping Windows updated.

    The Intel ME vulnerabilities essentially require local access or local network access. So, you would need someone on your network (your personal WIFI should be password protected, stay away from public WIFI) or having access to your computer (password protection for Windows & BIOS will stop this) to be vulnerable. This would include viruses, but if you get certain types of virus, your information can be stolen anyways.

    So really, the best protection against this is yourself. Be careful what you download and web sites you go to, enable the options for Web Browsers and keep them up to date, and keep your Windows up to date.

    Would it be accurate to say then, that the latest VBIOS updates (1.13) for the Predators patched the Spectre 2 Variant since none of them are on the list?

    Skelo
    Please quote me so I get a notification of your reply!
    If I helped you, like my post and/or select my post as 'Solved'.
    Please put your laptop model in your signature so we can know what device you have.

    Product: Acer Predator Helios 300
    Model: G3-571
    "Don't cry because its over, smile because it happened."
    - Dr. Seuss

Answers

  • Raided
    Raided Member Posts: 11

    Tinkerer

    Worthwhile running the intel detection tool just to be sure all set? (Acer 26th December)
    uk.answers.acer.com/app/answers/detail/a_id/51969
    downloadcenter.intel.com/download/27150?v=t


  • Skelomorph
    Skelomorph ACE Posts: 463 Pioneer
    edited January 2018 Answer ✓
    Spectre Variant 1 requires updates to Browsers, Javascript, and OS.

    Spectre Variant 2 requires a BIOS update.

    Spectre Variant 3 (Meltdown) is patched VIA Windows Updates or similar OS patches.

    The Intel ME Vulnerability is patched using a BIOS Update.

    The main ones to really be cautious of are Spectre Variant 1 and Variant 3 Meltdown, which were patched the quickest and require a core rewrite to CPU architecture to resolve the issue, and there are no new Intel CPUs have have this rewrite yet.

    Spectre Variant 2 vulnerability is mostly dangerous in VM environments (Servers hosting virtual machines with remote access connection, allows seeing content on other VMs and executing code on host machine). 

    The Intel ME vulnerability has not been patch by Acer on any device as of yet (that I know of).


    This is what I posted in another thread:

    It does seem like a long time. However, the BIOS patch does not solve it totally. The Spectre Vulnerability's main example seems to be javascript in Web Browsers. However, there are methods to make it impossible for code in web browsers to go outside of their processes and can be enabled. Also, the BIOS patch is not a fix, but a band aid, so it is likely that if this method is taken advantage of, they will find a way around the band aid. 

    For Chrome and its variants, you can enable Site Isolation in Chrome://flags. This flag will automatically be enabled in Chrome 64 that is to be released January 23. The Firefox version 57.0.4+ is already patched for this, as well as Windows Edge and IE, if you are keeping Windows updated.

    The Intel ME vulnerabilities essentially require local access or local network access. So, you would need someone on your network (your personal WIFI should be password protected, stay away from public WIFI) or having access to your computer (password protection for Windows & BIOS will stop this) to be vulnerable. This would include viruses, but if you get certain types of virus, your information can be stolen anyways.

    So really, the best protection against this is yourself. Be careful what you download and web sites you go to, enable the options for Web Browsers and keep them up to date, and keep your Windows up to date.

    Would it be accurate to say then, that the latest VBIOS updates (1.13) for the Predators patched the Spectre 2 Variant since none of them are on the list?

    Skelo
    Please quote me so I get a notification of your reply!
    If I helped you, like my post and/or select my post as 'Solved'.
    Please put your laptop model in your signature so we can know what device you have.

    Product: Acer Predator Helios 300
    Model: G3-571
    "Don't cry because its over, smile because it happened."
    - Dr. Seuss
  • brummyfan2
    brummyfan2 ACE Posts: 28,590 Trailblazer
    edited January 2018
    Would it be accurate to say then, that the latest VBIOS updates (1.13) for the Predators patched the Spectre 2 Variant since none of them are on the list?
    @Skelo
    Yes, as the BIOS says "Updates Intel ME FW version" I thought it was for the previous threat but as you suggested Acer might have included the patch for Spectre2 as well, it's not easy to find the details of the BIOS, so I totally rely on the information provided by Acer.


  • Rares95
    Rares95 Member Posts: 120 Skilled Fixer WiFi Icon
    G9 593 is vulnerable, according to Intel's tool. BIOS 1.13 and all of that jazz
  • Would it be accurate to say then, that the latest VBIOS updates (1.13) for the Predators patched the Spectre 2 Variant since none of them are on the list?
    @Skelo
    Yes, as the BIOS says "Updates Intel ME FW version" I thought it was for the previous threat but as you suggested Acer might have included the patch for Spectre2 as well, it's not easy to find the details of the BIOS, so I totally rely on the information provided by Acer.


    For the G3-571, it only says VBIOS for 1.13, nothing else is specified. Intel had months to prepare the fixes (for Spectre, aka why I said maybe it patched the Spectre 2 Vulnerability) and I am sure they were working on it, and were just lazy to take it seriously until the PR got a lot of negativity. 

    According to the tool by @JordanB, and the Intel Tool, my predator is vulnerable both to Spectre (Kinda misleading, as I stated before there are 2 variants of Spectre (that are not codenamed Meltdown) and Intel's ME. So, coincidentally, Acer's list is incorrect. Now, Meltdown (Spectre 3) is patched via Windows, and I have had Meltdown patched since November as a member of Windows Insider Preview, but Spectre accounts for 3 separate variants. All variants should be patched before a device is excluded from the@Skelomorph

    At least my old 2600k isn't vulnerable to Intel ME, so as it is 2011 hardware it is more secure than my 2017 hardware in my laptop. Alas, it is older so it gets more of a performance impact but it is still an i7, with negligible impact.

    Skelo
    Please quote me so I get a notification of your reply!
    If I helped you, like my post and/or select my post as 'Solved'.
    Please put your laptop model in your signature so we can know what device you have.

    Product: Acer Predator Helios 300
    Model: G3-571
    "Don't cry because its over, smile because it happened."
    - Dr. Seuss