*>>If I’m a IT director, CTO, etc., who’s looking at a refresh cycle on some chunk of my machines in 12 months or 24 months*
Maybe 12 months, but not 24 months -- especially if your competitors are moving ahead with their projects and mitigating their risk as best as they can in the meantime. Regards, *ASB* On Wed, Jan 10, 2018 at 2:21 PM, Melvin Backus <melvin.bac...@byers.com> wrote: > If I’m a IT director, CTO, etc., who’s looking at a refresh cycle on some > chunk of my machines in 12 months or 24 months, that might make me hold off > ordering 50K vulnerable PCs until the 24 month period instead. Skip one > cycle, double up on the next. Even if I only shift one refresh cycle, > that’s a huge chunk of my inventory that is no longer vulnerable for > whatever my cycle time is. If you do 20% per year, that means those new > unprotected PCs are in your system for 4 years. > > > > Maybe it won’t matter for those who need to add hardware, but it’s the > ones with options that would be in the mix. > > > > While they aren’t a determining factor from a numbers perspective, home > users who’ve been thinking about an upgrade, might put it off for a year or > so hoping there will be a fix. I suppose if they can actually fix the whole > issue with a microcode update it wouldn’t matter. > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > ¯\_(ツ)_/¯ > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Jonathan Link > *Sent:* Wednesday, January 10, 2018 1:57 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for > workstations? > > > > Seems unlikely... I mean, if you need a computer, you need a cpu, right? > > > > On Wed, Jan 10, 2018 at 1:24 PM, Melvin Backus <melvin.bac...@byers.com> > wrote: > > That’s going to put a real dent in chip sales I suspect. I know I’d > personally be holding off any purchases until new non-vulnerable chips are > available if I have any choice. > > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > > ¯\_(ツ)_/¯ > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com] *On Behalf Of *Michael B. Smith > *Sent:* Wednesday, January 10, 2018 1:10 PM > > > *To:* ntsysadm@lists.myitforum.com > *Subject:* RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for > workstations? > > > > If they have, I’m not aware of it. I expect it’s too late even for the > next-gen chips, given how long it takes to design a new chip and fab it. > > > > Maybe some time in 2019? > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Heaton, > Joseph@Wildlife > *Sent:* Wednesday, January 10, 2018 11:11 AM > *To:* ntsysadm@lists.myitforum.com > *Subject:* RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for > workstations? > > > > My question to that statement, is: Have any of the chip manufacturers > given a timeframe of when new, fixed, processors will be released? > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Michael B. > Smith > *Sent:* Tuesday, January 9, 2018 6:26 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* RE: [NTSysADM] Are the Meltdown/Spectre reg keys needed for > workstations? > > > > Not going to happen. It’s going to require new processors. > > > > Everything being released is a mitigation, not a “fix”. > > > > *From:* listsad...@lists.myitforum.com [mailto:listsadmin@lists. > myitforum.com <listsad...@lists.myitforum.com>] *On Behalf Of *Ed Ziots > *Sent:* Tuesday, January 9, 2018 4:27 PM > *To:* ntsysadm@lists.myitforum.com > *Subject:* Re: [NTSysADM] Are the Meltdown/Spectre reg keys needed for > workstations? > > > > It would be nice if intel and amd released.processor or bios.firmware > update to.fix the flaw.once and all. > > > > On Jan 9, 2018 2:24 PM, "Michael Leone" <oozerd...@gmail.com> wrote: > > Here's something (more) I am confused about. Suppose I have Win 7 and Win > 10 workstations, and I have properly patched the OS. Do I *also* need to > issue the 2 (or is it 3) registry entries? > > > > I *thought* the registry entries were only for servers, but I have seen > other statements that say that the Meltdown/Spectre fixes are *not* enabled > until you issue the registry entries. > > > > So without the reg entries, you are effectively unpatched? The patches are > there, but dormant? > > > > (neither of my home PCs have BIOS updates issued - one is for a very old > Dell Optiplex 755 that I only use to connect to a NAS, and the other is one > I assembled from parts back in 2011. Neither has has had a BIOS upgrade > released in years. Ah, the joy ....) > > > > >