I have two Core 2 Duo machines, one running pf-sense E6550 cpu Lenovo business machine , and the other running Manjaro Linux E8400 cpu HP business machine .
I have done a few searches and can not find if they are affected by Spectre or meltdown.
I think OS and browser patches did an important part to begin with. Remember, the malicious code needs to run on your machine - but since JavaScript is enough to exploit it your OS and browser should prevent such an activity. (NoScript is also an additional help).
But the ramifications of Spectre are still unknown, and both vulnerabilities can’t be entirely closed without a microcode update or even new hardware.
That being said, I think MS’ update did an important part.
Thanks this is the info I was looking for
The pfsense box should be safe. no java scripts run on it, from what I know.
The manjaro machine has no java script and the OS and browser are updated
The browser is firefox.
I mean safe as in someone would have to go to extra work to exploited them.
The manjaro machine only opens one web pages, gets the needed data and then closes.
They are definitely affected. I have run tests on Pre-C2D XEONS that are the last of the last of the last of the netburst architecture, the first C2D xeons (5150’s), CD, CS, C2D T and P series from 2000’s to 8000’s, and the desktop chips are the same chips as the laptop chips. Theres no way your chips aren’t affected.
Then they should be on a list some where.
Intel does such a bad job of this.
I am leaning towards the thought that all computers connected to the internet are all in some way compromised, from hardware to software, all in the name of all mighty dollar.
This is an already hard to use exploit because you need physical access to a machine. If people were really worried about this everyone would be on baytrail atoms and atom N270’s with SPARC based desktops.
I think in the Spectre paper itself the developers used JavaScript and C samples. Given the fact that ads run JavaScript it is straightforward to assume that Spectre can be exploited by ads.
@RissViss This depends on whether or not code can be run on this machine. Unfortunately, I don’t have pfSense running, but I assume that traffic is analysed for certain patterns and then passed along. Which means that even though the malicious JavaScript code might be looked at, pfSense won’t run said code. Therefore, I assume your pfSense box should be “safe”.
And being Core 2 Duo’s they’re even more broken than most other CPU’s due to numerous other CPU bugs.
TLDR: If you’re only running your own trusted code (as opposed to web browser or shared host) on them then spectre and meltdown are the least of your worries.
Honestly it’s not something most people should or have to worry about.
It requires very specialized exploits to target something based on this and I just dont see that happening.
System stability and old age are your main concern right now with those old machines.
Some of these bugs have been worked around. Many are still unpatched, but they’re just too low yield to bother with exploiting en mass. You would have to make yourself a target to worry about this and then I’d be more worried about the $5 hammer attack.
An article from the time when Linux was being adapted for Core 2.
Regarding the subtitle question:
As we well know, it was the former.
TLDR:
Core 2 is broke and nobody will fix it. It’s also not helpful to worry about.
Your CPU’s will die before the CPU bugs they have get exploited.
Web JS & phishing borne exploits are a more valid concern.