Announcement: A GOOD Virus

[gcmartin]

New discussion
Good Virus

Original discussion
Affecting Intel CPUs.

These Differs from Operating System bugs of the past.

[8Geee]

So this is affecting on-die caches below 45nm architecture (32 or 22nm).

Interesting.

Diamondville Atoms are presumed less at risk/not at risk.

[solo]

Make Firefox your standard browser.
Install and activate the NoScript add-on.
Edit the whitelist as needed.
Avoid shady websites.

[mcewanw]

The other way of avoiding such an attack seems to be to use an older computer since that article linked in first post says the exploit affects computers built after 2009. For once I am glad most of my own machines were manufactured on or before 2008... my only newer possibly post-2009 machines being atom netbooks I rarely use.

[otropogo]

Affecting Intel CPUs.

Differs from Operating System bugs of the past.

The article refers to a flaw in "Intel DRAM chips". So, other brands of DRAM are not affected, or what? For example, the RAM on my laptop was bought from Kingston...

[8Geee]

[quote=Hence, the only solution for now would be to actually replace millions of DRAM chips which are present in the CPU of the computer.[/quote]

Perhaps this is all FUD, but that language quoted from the article suggests that its the on-die cache memory "in the CPU", not mem-sticks plugged into the board. And the confusing part is that the chips referred to are the CPU's themselves. MHO: poorly written to evoke controversy = FUD /MHO

[gcmartin]

+1. The idea of a "bug" in CPU manufacture is a little over the top by the article's presentation. And, I agree that it serves to garner attention of readers on the internet for that site.

This should be classified by that author as a manufacturing flaw on those models. Typically, this kind of flaws are corrected by firmware but this remains to be seen whether it will.

[Bindee]

http://www.theregister.co.uk/2015/03/10/rowhammer

To test for rowhammer run passmark Memtest.

http://www.memtest86.com

Why am I only getting errors during Test 13 Hammer Test?

http://www.memtest86.com/troubleshooting.htm

[otropogo]

http://www.theregister.co.uk/2015/03/10/rowhammer

To test for rowhammer run passmark Memtest.

http://www.memtest86.com

Why am I only getting errors during Test 13 Hammer Test?

http://www.memtest86.com/troubleshooting.htm

Is this the same memtest that's offered at bootup on Mint or Knoppix? Or do you have to download the versions offered at your link?

[ozsouth]

I have compiled (in Slacko 5.7.0) and run the rowhammer_test from github on 4 family/friends laptops, and also ran memtest86 hammer test on the 2 that have uefi, with NO errors.
(I ran over 300 iterations of the rowhammer_test). Used Slacko 5.7.0 (pae) and/or Raring 3.9.9.2 (non-pae) to test.
Specs:
2010 Toshiba Pentium P6200 cpu 3gb samsung ddr3-1066 ram.
2012 HP Celeron B815 cpu 6gb samsung ddr3-1333 ram.
2013 Acer Celeron 1019Y cpu 2gb hynix ddr3-1600 ram.
2014 HP Celeron 1000M cpu 4gb hynix ddr3-1600 ram.

[Bindee]

@ otropogo

It's different as Passmark now have the rights to develop the orginal memtest and have only just recently added the #13 rowhammer test.

You need to download their ISO and boot from it.

From what i've recently read their test is about the best as it really hammers the ram with the maximum amount of data the channel can handle.

@ ozsouth

Glad to hear yours passed.

The amount of DDR3 ram modules affected seems to vary from a few percent all the way up to 70% , It seems no one actuality knows how many may have it and the Dram manufactures are not saying anything.

So sadly the only way we will ever know is to test for it.

[otropogo]

@ otropogo

It's different as Passmark now have the rights to develop the orginal memtest and have only just recently added the #13 rowhammer test.

You need to download their ISO and boot from it.

From what i've recently read their test is about the best as it really hammers the ram with the maximum amount of data the channel can handle.

...

Thanks. I assume you're referring to the memtest86-usb.iso ? download at:

http://www.memtest86.com/download.htm

Is that correct?

Can one go straight to the Hammer test, or does the app have to run through the entire series of test to get to #13?

Either way, how long does it take to do the test effectively? I've got a fairly fast Haswell CPU, but also 16GB of RAM.

[Bindee]

That's the correct ISO.

You can run test #13 on it's own from test options , just remove the * star next to all the other tests.

They recommend 4 passes

16gb of ram will take 30 mins to 1 hour depending if it runs in single CPU or parallel cores , Not sure what haswell would default to but it can be changed in options to parallel.

[otropogo]

That's the correct ISO.

You can run test #13 on it's own from test options , just remove the * star next to all the other tests.

They recommend 4 passes

16gb of ram will take 30 mins to 1 hour depending if it runs in single CPU or parallel cores , Not sure what haswell would default to but it can be changed in options to parallel.

Thanks very much. Will give it a try.

Update: last night I ran the free UEFI version on my 2.4 MHz Haswell laptop with 16GB of 800MHz low voltage Kingston RAM, with the 8 processors set to run Test #13 Hammer Row only in parallel mode.

I set it for 4 passes, but stopped after 3 because it was taking so long.

Unfortunately, my results were not great.

The test reported 6 errors for each pass.

The fist pass took 28 minutes to complete,
Pass 2 and 3 took 50 minutes each

The cpu temperature climbed from 67C to 71C by the end of Pass 1.

During Pass 2, cpu temp. reached 74C, and I turned on an inclined externally powered dual-fan stand to assist the internal fan of the laptop.

At the completion of Pass 3, the reported cpu temp. had lowered to 73C.

The RAM was the fastest I could find for this Asus N550 when I bought it two years ago.

Obviously, it's most convenient to run this memtest when the system is not required for use (at night, for instance).


OTOH, the free version report doesn't provide the information you obtain by reading the stats for cpu temp changes, or changes in test speed displayed in real time, so it's worth checking the temperature and process speeds periodically, if possible.

Having a camera for screen shots is also worthwhile, as none of the above can be saved without buying the pro version (at least, that's the message when you click on the "save report" button).

It would be interesting to see whether cpu temperature affects test speed (as the results above suggest), and whether testing the cpus singly instead of in parallel would produce less errors.

But perhaps this is already established knowledge?

PS. no time right now, but will post screen shots later.

[Bindee]

You don't need to run single core or run more passes as it's already showing the hammer bug.

You need to either contact support of the place you bought the ram or directly to the Manufacture.

From reading about it seems hit or miss how they will treat you.

You'll either be offered a replacement , depending on the brand some have been told to change one of the bios memory refresh settings to reduce it and others have been rudely told it's not a problem or simply just ignored.

I can't find the link but one chap was offered a replacement but couldn't be guaranteed that the replacements wouldn't have it again as it's not something they test for and was told he couldn't keep asking for replacements.

Highly annoying for people as these are expensive items.

[otropogo]

You don't need to run single core or run more passes as it's already showing the hammer bug.

You need to either contact support of the place you bought the ram or directly to the Manufacture.

From reading about it seems hit or miss how they will treat you.

You'll either be offered a replacement , depending on the brand some have been told to change one of the bios memory refresh settings to reduce it and others have been rudely told it's not a problem or simply just ignored.

I can't find the link but one chap was offered a replacement but couldn't be guaranteed that the replacements wouldn't have it again as it's not something they test for and was told he couldn't keep asking for replacements.

Highly annoying for people as these are expensive items.

Thanks for the advice. However, I thought the test only proved vulnerability to the exploit. That's why I wonder whether the vulnerability could be lowered or removed if the system weren't running all out - ie. whether less current, less heat might reduce the test errors to zero?

Have I got that completely wrong?

[Bindee]

The bug is caused by the capacitors between the memory cells leaking.

Apparently the only way to reduce it is to change one of the refresh values of the ram but it just means it would take more passes of hammering before they started to leak again.

Ok on a desktop but it will use more power on a laptop and run your battery down quicker.

You'll need to google rowhammer and your brand and model of ram to see what settings other people are using , otherwise we will not see you for weeks for the amount of time it takes to retest for every refresh value.

[otropogo]

The bug is caused by the capacitors between the memory cells leaking.

Apparently the only way to reduce it is to change one of the refresh values of the ram but it just means it would take more passes of hammering before they started to leak again.

Ok on a desktop but it will use more power on a laptop and run your battery down quicker.

You'll need to google rowhammer and your brand and model of ram to see what settings other people are using , otherwise we will not see you for weeks for the amount of time it takes to retest for every refresh value.

Thanks for the heads up Bindee. Will rattle Kingston's cage to see if they'll replace the RAM.

[Bindee]

I know it's a pain in the ass but i would test each module on it's own to see if it's just one module that has it.

Then obviously just change the one with the bug and reduce the chances of them sending you another set with it , cause at least you know you already have a good one that can be used while the other is exchanged.

[otropogo]

I know it's a pain in the ass but i would test each module on it's own to see if it's just one module that has it.

Then obviously just change the one with the bug and reduce the chances of them sending you another set with it , cause at least you know you already have a good one that can be used while the other is exchanged.

Not a good solution, because it's a matched pair.

I did contact both the vendor's tech support and Kingston today. The vendor, who I hoped would be able to help me immediately, as they're located here in Montreal, no longer services any consumer products, only corporate clients. The tech referred me to the Kingston chat line, and so I chatted with tech support in California. For immediate help, he could only suggest BestBuy and Microbytes here in Montreal.

I learned that the Kingston first line of support hasn't heard of the Row Hammer Bug (nor had the tech at Metafore.ca, where I bought the RAM), and that they support Canadian buyers only from their California location.

I had to produce a copy of an invoice or a confirmation of order (luckily I had the latter saved in my mail client), and a photo of the back of one of the two modules, to establish where it was manufactured (Taiwan). So we had to break off the chat while I shut down, unscrewed the 10#5 torx screws holding the bottom of the laptop, and removed the RAM to take a photo.

I'm told I may hear back from them in two business days (ie. in four days or so), then I'll get instructions from their customer service department (perhaps to send the RAM back and go without a computer for a week or two?). We'll see.

Meanwhile, I googled "row hammer attack" , and learned that this bug was documented early in March, so five months ago. The article is quite technical, and many of the comments are even more lengthy and just as technical, but there's a quite interesting and vigorous debate as to whether ECC RAM is impervious to this type of attack.

There's also a suggestion that this is not a defect, but normal wear and tear in the RAM, also vigorously contested.

The google search: row hammer attack

the hit referenced:

http://googleprojectzero.blogspot.ca/20 ... -gain.html

A link within the article (slightly corrupted, so use the repaired one below) to what looks like a worthwhile read:

http://www.intelligentmemory.com/filead ... C_DRAM.pdf

I do almost all of my banking online, so this bug concerns me greatly. It particularly bothers me that none of my banks (four of them) have alerted their online clients to this danger five months after it was made public.