www. O S N E W S .com
News Features Interviews
BlogContact Editorials
.
Performance impact of Spectre, Meltdown patches on Windows
By Thom Holwerda on 2018-01-09 18:03:36

From Microsoft's blog:

Last week the technology industry and many of our customers learned of new vulnerabilities in the hardware chips that power phones, PCs and servers. We (and others in the industry) had learned of this vulnerability under nondisclosure agreement several months ago and immediately began developing engineering mitigations and updating our cloud infrastructure. In this blog, I'll describe the discovered vulnerabilities as clearly as I can, discuss what customers can do to help keep themselves safe, and share what we've learned so far about performance impacts.

The basic gist here is this: the older your processor and the older your Windows version, the bigger the performance impact will be. Windows 10 users will experience a smaller performance impact than Windows 7 and 8 users, and anyone running Haswell or older processors will experience a bigger impact than users of newer processors.

 Email a friend - Printer friendly - Related stories
.
Read Comments: 1-10 -- 11-20 -- 21-30 -- 31-39
.
RE[3]: Disable KPTI
By richarson on 2018-01-10 18:27:19
JavaScript in your browser can be xploited, so I wouldn't advise to disable this option on a Desktop, be it Windows o Linux.

That said, some servers could benefit from the performance so it'd be god to know how to disable it.

No need to call anyone an idiot, BTW. It only reflects poorly on you.

Edited 2018-01-10 18:28 UTC
Permalink - Score: 3
.
RE[3]: Disable KPTI
By xenolith on 2018-01-10 18:40:55
One could ask u the same question...
Permalink - Score: 1
.
RE[2]: Disable KPTI
By jasutton on 2018-01-10 18:55:38
Your analogy doesn't really pan out in this instance. At least in the USA, your home most likely has at most 2 locks on each external door: one on the knob and a dead bolt. The one on the knob is much less secure than the dead bolt, as it is relatively easy to use a plastic card to bypass, making the deadbolt the only real thing preventing most people from entering your house.

In computer security, we have layers upon layers of different security controls, but none of them are treated like the ineffectual "knob lock" I mentioned on a typical US home. Once a security control has been compromised to the point of having an easily-used bypass, it's just not considered a security control anymore.

What I think the OP was saying was that these kinds of attacks assume that the attacker already had the ability to execute code on the victim's system. Many systems which will be unquestioningly patched simply aren't in a position to need the patch. For instance, if you have a large cluster of servers on the interior of a closed network with many security controls ("dead bolts" in the house analogy) governing access to said network, then you might reasonably be willing to forego these patches in order to retain the computational abilities of your cluster.

If, however, you run a system in which there are fewer controls governing access, and the likelihood of someone being able to gain user-level access to the system is higher, then these patches are much more valuable. As we've seen, they've already demonstrated attacks orchestrated via JavaScript, so desktop users are among those that should be deploying these patches regardless.
Permalink - Score: 3
.
RE[4]: More data
By leech on 2018-01-10 20:44:05
I 'discovered' something terrible the other day. As anyone here is probably aware, with Windows 10 Pro or higher, you can set a registry setting to allow the group policy to switch off automatic updates.

The terrible thing is that things like Windows Defender is also tied to Windows Updates, so if you want newer definitions, you have to run your updates anyhow...
Permalink - Score: 0
.
Are those Lists exhaustive?
By dionicio on 2018-01-10 21:58:38
Internet filed with lists of affected with at least one variant.

AnySoul has a list of those non affected?

:/

Was about to buy a new laptop, but this keep me waiting...

Edited 2018-01-10 21:59 UTC
Permalink - Score: 1
.
RE: Disable KPTI
By Undomiel on 2018-01-10 22:02:49
To answer the question, yes, it is possible to disable on Windows as well. Here's a KB article on it. https://support.microsoft.com/en-...

While the article only talks about Windows Server 2016 the registry entries are applicable to Windows 10 as well.
Permalink - Score: 3
.
Quick and Dirty...
By dionicio on 2018-01-10 22:31:31
For Emergency Digital Banking:

Disable all cpu's except the first. Always been AMD don't know if Intel should disable hyper-treading too.

Boot live from Debian, preferably x86. [don't forget to change default root password].

Download fresh bios, update from bios itself, or from free-dos if not.

Of Course, this doesn't cover your bank security measures.

Edited 2018-01-10 22:39 UTC
Permalink - Score: 1
.
RE[4]: Interesting...
By CaptainN- on 2018-01-11 17:40:22
Given AMD's track record for documentation and updates, this is easy to understand. They (AMD) probably aren't even aware of all the combinations of hardware versions and microcode updates, and runtime drivers, and whatever else can effect compatibility. It's AMD after all.
Permalink - Score: 0
.
The Hidden Toll of Fixing Meltdown and Spectre
By dionicio on 2018-01-13 02:02:08
A good worded article on the first after shocks of Meltdown and Spectre mitigation:

https://www.wired.com/story/meltd...

The Fixing will take the original recomendation: Eventual MB replacement.
Permalink - Score: 2

Read Comments 1-10 -- 11-20 -- 21-30 -- 31-39

No new comments are allowed for stories older than 10 days.
This story is now archived.

.
News Features Interviews
BlogContact Editorials
.
WAP site - RSS feed
© OSNews LLC 1997-2007. All Rights Reserved.
The readers' comments are owned and a responsibility of whoever posted them.
Prefer the desktop version of OSNews?