Re: Is it safe not to install intel-microcode (or amd-microcode)?
On Fri, May 09, 2014 at 02:16:21AM +0800, A Debian User wrote:
> Hello, all!
>
> I want to have a completely Free install of Debian, which means I will only
> be using software packages from the main repo, and will be excluding contrib
> and non-free from my sources file.
>
> By doing so, I won't be able to install the microcode updates for my
> computer's CPU. Is this safe, given that these microcode updates reportedly
> patch up vulnerabilities in the these processors?
>
> Even the Debian wiki (https://wiki.debian.org/Microcode) says that these
> microcode updates are "not safe to ignore".
It is dilemma. From one side is non-patched CPU, from another - suspect
binaries from Intel.
>From my point of view _today_ is more preferable do not install microcode
for security and privacy conscious people. There is, as far as I know, no
really working exploits, viruses or even prototypes that exploits bugs
in CPUs (but attempts were, google "Kris Kaspersky Intel Blackhat". Very
suspicious story. The presentation was withdrawn at the request of Intel).
But from another side we all know about NSA, GCHQ and other shit that
_today_ is more real. Intel is US company, with all the consequences.
Reply to: