Skip to the end of navigation

Welcome to the Community!

VAIO - Windows 10

Showing results for 
Search instead for 
Do you mean 
Reply
Apprentice
Posts: 15
Registered: ‎01-10-2017
Message 11 of 28 (795 Views)

Re: URGENT - BIOS Upgrades for Meltdown & Spectre from Jeff

Do not know. No evidence of forum monitors.
Apprentice
Posts: 15
Registered: ‎01-10-2017
Message 12 of 28 (793 Views)

Re: URGENT - BIOS Upgrades for Meltdown & Spectre from Jeff

There are similar posts on other community boards here, but nothing - yet - from Sony

Specialist
Posts: 29
Registered: ‎12-15-2013
Message 13 of 28 (777 Views)

Re: URGENT - BIOS Upgrades for Meltdown & Spectre from Jeff

While Sony may not be in the laptop business anymore their VAIO customers are watching how they handle this BIOS issue to determine whether we will EVER buy ANY Sony products again in the future (e.g., TVs). 

 

Sony, we are all waiting and watching. What say you?

 

 

Enthusiast
Posts: 5
Registered: ‎01-09-2018
Message 14 of 28 (377 Views)

Message sent to Sony Communications Department

[ Edited ]

Just a follow up, I sent the following e-mail message to ********************************. I doubt that it will do any good, but it was worth the try.  I'll share any response if I receive one.

Dear Ms. Gephardt:

I am contacting you because I was unable to identify any other person to contact regarding this issue, and since it is, first and foremost, a question of communications between Sony and its customers.  You may have learned through public sources that Intel Corporation has disclosed certain defects in it's CPU designs that pose security threats to products using their processors.  These threats have been named "Meltdown" and "Spectre".

There are (at least) two sets of patches required to try to remediate the Meltdown/Spectre defects: software patches and firmware (BIOS or microcode) patches.  Microsoft and other software providers are rolling out software patches directly to end users, however firmware patches are released by Intel Corp. to computer manufacturers such as Sony to be passed on to their customers typically in the form of BIOS updates.  There are many, many thousands of owners of Sony computers whose only source of firmware updates to these serious security threats will be your company.  To date, there has been utter silence from Sony on this matter anywhere that I can find, including in response to messages left by myself and others on your support site's community message boards.


Please understand that this matter is CRITICALLY IMPORTANT to us, and it is not acceptable that Sony ignore our requests for information about Sony's intentions regarding the matter.  We understand that Sony has sold off it's Vaio computer line and is no longer in the business of producing and selling these machines, however that does not absolve Sony from it's responsibility for the security of the products that it did produce and sell in the past, just as Intel is accepting its responsibility for the processors that it produced and sold in the past. 


There are three questions that your company needs to answer for us, your loyal customer base:

  1. Does Sony intend to pass along Intel patches to it's computer customers, as so many other hardware brands (e.g. H.P., Dell, IBM, Microsoft, VIAO, etc.) are already doing?  By the way, while you may not be aware of it, Sony has been fully responsive and is doing so for it's Mobile (Xperia) customers, but has been disturbingly silent for it's computing customers.
  2. Assuming that the answer to question 1 above is yes, will you be addressing all of the Sony computers for which Intel is releasing patches, and if not, which models will be addressed?
  3. When do you plan to begin making the patches (presumably in the form of BIOS updates) available to your end user customers?

While it is not relevant to these general questions, my particular interest is in my Sony VAIO laptop model VPCF23EFX, with an Intel i7-2670QM CPU and running with the factory installed American Megatrends BIOS version R2150V3 dated 7/22/2011.  I am hoping that you will be offering a patch update for this BIOS.


Looking forward to a prompt reply to this message and to your customers' needs.

Enthusiast
Posts: 7
Registered: ‎01-17-2018
Message 15 of 28 (361 Views)

Re: Message sent to Sony Communications Department

I bet all their engineering resources left with the Vaio corp spinoff, so now if they wanted to make BIOS updates for our machines, they would need to contract with them to do it.

 

Already, the first generation of microcode fixes are causing issues, so we should be expecting 2nd and 3rd versions of those.  Given the costs of multiple BIOS updates per machine in the next few months/years, my bet is that Sony won't spend the cash.  They figure that the overlap between the folks in the know about this issue and those folks that are rabbid Sony loyalists regularly purchasing their wares is rather small, so the costs of providing and supporting the updates is greater than lost sales.

 

This is what being an orphan looks like.

 

On the other hand, Dell is updating back to ivy Bridge on the consumer/business side:

 

http://www.dell.com/support/article/us/en/19/sln308587/microprocessor-side-channel-vulnerabilities-c...

 

On the server side, they are updating all the way back to Nehalem (from the year 2010), which is phenomenal:

 

http://www.dell.com/support/article/us/en/19/sln308588/microprocessor-side-channel-vulnerabilities-c...

 

 

Apprentice
Posts: 15
Registered: ‎01-10-2017
Message 16 of 28 (357 Views)

Re: Message sent to Sony Communications Department

[ Edited ]

Plenty of Sandy Bridge still out there - mine among them! And the BIOS is AMI; Sony in-house tech resource requirement might be minimal.

Enthusiast
Posts: 7
Registered: ‎01-17-2018
Message 17 of 28 (351 Views)

Re: Message sent to Sony Communications Department

Even if Intel ends up footing the bill for the work, there are still plenty of resources to marshall to get this done.  Also consider what happens if the update bricks an unusually large number of machines.... Being that Sony is out of this business, it's not like it's worth the risk and/or the goodwill feeling for future computer sales, which is exactly zero.

 

I got an one Ivy Bridge (1st gen Duo 11) and one Haswell (Tap 21) Sony machines myself, so consider me dissapointed too.  I also have a Vaio Canvas Z, but it looks like it's getting the update, but not from the US Vaio site, oh no, it's from the parent Japanese site.

 

Everything else I own is Dell.  Let's just say that I don't regret that now.

 

 

Specialist
Posts: 29
Registered: ‎12-15-2013
Message 18 of 28 (314 Views)

Re: Message sent to Sony Communications Department

All I can say is that if Sony doesn't step up and do the right thing they will be DEAD to me and many other consumers. They should know that Consumers that have been burned by a vendor tend to have VERY long memory.

And by DEAD it means I'll NEVER EVER buy another Sony product (e.g., TV, Xperia, or anything else they sell). And I will be a SERIOUS detractor for anything Sony. I'll tell everyone I know to NOT buy Sony anything Sony based on my experience.

What can I say I hold a grudge and I'm quite vocal on Social Media. I'll get my pound of flesh one way or another if they don't step up and do the right thing.

Cheers
Enthusiast
Posts: 5
Registered: ‎01-09-2018
Message 19 of 28 (294 Views)

Re: Message sent to Sony Communications Department

[ Edited ]

Since we're not sure that anyone from Sony monitors this board, I'd like to encourage everyone to send e-mail to Ms. ************ at ******************************** in addition to posting here.  If enough people contact their communications office, it might do some good.

Enthusiast
Posts: 7
Registered: ‎01-17-2018
Message 20 of 28 (239 Views)

Re: Message sent to Sony Communications Department

You have to realize that hushed talk about these vulnerabilities started in early 2017 between the researchers, the CPU manufacturers, the large OEMs, and the OS makers, spanning the x86 world, ARM, RISC, etc.  Sony knew about this a year ago.  The fact that they didn't put out an advisory or any notice at all should be telling you that they decided months ago to stay quiet and let all this blow by.

 

The current estimates are that we are a few weeks to 2-3 months max away from attacks utilizing these techniques in the wild.  I suggest that if you already fancy a new computer, go ahead and pull the trigger.  Get something Intel 7th or 8th gen, or AMD.  Dump your machine on craigslist or eBay before everyone else does the same.

Get Social

Share your ideas Watch YouTube Support Videos follow us on Twitter Visit us on Facebook