All the answers at [this Stack Exchange post](https://security.stackexchange.com/q/177100) are too abstruse and complex. Can someone please by relying on, but variating, u/zoox101’s [excellent analogy](https://old.reddit.com/r/explainlikeimfive/comments/7o0kb4/eli5_what_is_this_major_security_flaw_in_the/ds67a99/)?
In: Technology
OK, here is my shot at a ELI5.
You have two cars. One made by Chevy, one made by Ford. Both cars are 4 door sedans, blue, have tires, same size engine, etc.
The Chevy one gets a recall because of a flaw in the computer that can cause you to get bad gas mileage, but the Ford doesn’t. Why? Because two different teams of engineers made the two different cars and programmed the two different computers.
AMD has it’s set of engineers that work on it’s processors and the microcode. Intel has it’s set of engineers that work on it’s processors and the microcode. For Meltdown and Spectre, Intel’s engineers made a really bad boo boo. AMD’s engineers didn’t do as bad. AMD’s code is better and not as vulnerable.
AMD CPUs were just as vulnerable to Spectre as Intel CPUs were. AMD’s initial denial was an attempt at damage control by their PR department. Once their legal department realized what the PR department said they retracted their claim.
Meltdown is a specific vulnerability in Intel CPUs. To use a similar analogy:
You ask a teacher to hold onto a book for you. An Intel teacher takes the book from you and says that she is putting it on her desk. Except she doesn’t necessarily put your book on her desk – she walks back to her desk and checks to see if she has an identical book already there. If she does, then she secretly dumps your book in the trash.
After she’s done this she realizes that she doesn’t know if you’re allowed to even be in the classroom and, as it turns out, you’re not allowed to be in the classroom at all. So she tells you to get out without giving you your book back.
But the thing is that it takes her slightly longer to place your book on her desk than it does to throw your book out. So if she kicks you out of the classroom quickly then you know that she had an exact copy of your book on her desk to begin with. Conversely, if it takes her a bit to kick you out then you know that she didn’t.
The AMD teacher checks to see if you’re allowed in the classroom before taking your book back to the desk.
Intel chose to use its method because your teacher doesn’t have to be holding onto your book while she checks to see if you’re allowed in the classroom. That frees her hands up to be doing something else during that time. The AMD teacher, on the other hand, has to hold onto your book while she’s checking to see if you’re allowing in there. That means that the AMD teacher needs bigger hands (which is expensive) if she wants to continue to use her hands during that time.
Latest Answers