How are Meltdown and Spectre flaws going to affect your PC?

-

Earlier we talked about whether you are safe from Meltdown and Spectre flaws. Now it's time that you know what exactly are these flaws, are both of them Intel specific or is there more and how powerful are they in affecting your PC.

What Exactly Are Meltdown and Spectre?

Spectre is nothing less than a fundamental design flaw that exists in every CPU available in the market—be it AMD, ARM or Intel. There is presently no software fix, and it will likely require a complete hardware redesign for CPUs across the board—though thankfully it is fairly difficult to exploit, as far as security researchers have to say. It’s possible to protect against specific Spectre attacks, and developers are working on it, but seriously, the best possible solution will be a complete CPU hardware redesign for all future chips.
Meltdown basically worsens Spectre by making the core underlying flaw much easier to exploit. It’s essentially an additional flaw that affects all Intel processors made in the past few decades. It also affects some high-end ARM Cortex-A processors, but luckily it doesn’t affect AMD chips. Meltdown is being patched in operating systems today.
But how exactly do these flaws work?
Programs running on your computer run with different levels of security permissions. The operating system kernel let's say for example, the LINUX Kernel, has the highest level of permissions because it runs the show. Desktop programs have relatively fewer permissions and the kernel restricts what they can do. The kernel uses the processor’s hardware features to help enforce some of these restrictions, because it’s faster to do it with hardware than software.
The problem here is with speculative execution. For the sake of performance, modern CPUs automatically run instructions they deem necessary and, if they don’t, they can simply rewind and restore the system to its previous state. However, a flaw in Intel and some ARM processors allows processes to run operations that they wouldn’t normally be able to run, as the operation is performed before the processor bothers to check whether it should have permission to run it or not. This is the Meltdown bug.
The core problem with both Meltdown and Spectre lies within the CPU’s cache. An application can attempt to read memory and, if it reads something in the cache, the operation will complete faster. If it tries to read something not in the cache, it will take some more time. The application can see whether a task is completed fast or slow and, while everything else during speculative execution is cleaned up and erased, the time it took to perform the operation can’t be hidden. It can then use this information to build a map of anything in the computer’s memory, one bit at a time. Caching speeds things up, but these attacks take advantage of that optimization and turns it into a security flaw.
So, in worst of cases, JavaScript code running in your web browser could effectively read memory it shouldn’t have access to, such as private information held in other applications. Cloud providers like Microsoft Azure or Amazon Web Services, who host different company’s software in different virtual machines on the same hardware are particularly at risk. One person’s software could, theoretically speaking, spy on things in some other company’s virtual machine. It’s a breakdown in the separation between applications. The patches for Meltdown means this attack won’t be as easy to pull off. Unfortunately, putting these extra checks into place means eventually slowing down some operations on affected hardware.
Developers are working on software patches that make Spectre attacks more difficult to execute. For example, Google’s Chrome’s new Site Isolation feature helps protect against this, and Mozilla has already made some quick changes to Firefox. Microsoft also made some changes to help protect Edge and Internet Explorer in the Windows Update that’s now available.
If you’re interested in reading in depth details about both Meltdown and Spectre, read the technical explanation from Google’s Project Zero team, who discovered the bugs last year. More information is available on the MeltdownAttack.com website.

How Much Slower Will My PC Be?

Update: On 9th January, Microsoft released some information about the performance of the patch. According to Microsoft, Windows 10 on 2016-era PCs with Skylake, Kabylake or newer Intel processors show single-digit slowdowns most users shouldn’t notice. Windows 10 on 2015-era PCs with Haswell or an older CPU may see much greater slowdowns, and Microsoft "expects that some users will notice a decrease in system performance”.
Unfortunately, Windows 7 and 8 users aren’t so lucky. Microsoft says they “expect most users to notice a decrease in system performance” when using Windows 7 or 8 on a 2015-era PC with Haswell or an older CPU. Not only do Windows 7 and 8 use older CPUs that can’t run the patch as efficiently, but “Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel”, and this also slows things down.
Microsoft plans to perform its own benchmarks and release more details in the future, but it isn't exactly known that how much Meltdown’s patch will affect day-to-day PC use yet. Dave Hansen, a Linux kernel developer who works at Intel, originally wrote that the changes being made in the Linux kernel will affect everything. According to him, most workloads are seeing a single digit slowdown, with a roughly 5% slowdown being typical. The worst case scenario was a 30% slowdown on a networking test!! Though, it varies as per the task. These are numbers for Linux, however, so they don’t necessarily apply to Windows. The fix slows down system calls, so tasks with a lot of system calls, such as compiling software and running virtual machines, will likely slow down the most. But every piece of software uses some system calls.
Update: As of 5th January, TechSpot and Guru3D have performed some benchmarks for Windows. Both sites concluded that desktop users don’t have much to worry about. Some PC games see a meager 2% slowdown with the patch, which is within the margin of error, while others appear to perform identically. 3D rendering, productivity software, file compression tools, and encryption utilities appear unaffected. However, file read and write benchmarks do show noticeable differences. The speed of quickly reading a large amount of small files dropped about 23% in Techspot’s benchmarks, and Guru3D found something similar. On the other hand, Tom’s Hardware found only a 3.21% average drop in performance with a consumer application storage test, and argued that the “synthetic benchmarks” showing more significant drops in speed don’t represent real-world usage.
Computers with an Intel Haswell processor or newer have a PCID (Process-Context Identifiers) feature that will help the patch perform well. Computers with older Intel CPUs may see a greater decrease in speed. The above benchmarks were performed on modern Intel CPUs with PCID, so it’s unclear how older Intel CPUs will perform.
Intel says the slowdown “should not be significant” for the average computer user, and so far that looks true, but certain operations do see a slowdown. For the cloud, GoogleAmazon, and Microsoft all basically said the same thing: For most workloads, they haven’t seen a meaningful performance impact after rolling out the patches. Microsoft did say that “a small set of [Microsoft Azure] customers may experience some networking performance impact.” Those statements do leave room for some workloads to see significant slowdowns. Epic Games blamed the Meltdown patch for causing server problems with its game Fortnite and posted a graph showing a huge increase in CPU usage on its cloud servers after the patch was installed.
But one thing is clear: Your computer is definitely not getting any faster with this patch. If you have an Intel CPU, it can only get slower—even if it is by a small amount.

What Do I Need to Do?

Some updates to fix the Meltdown issue are already available. Microsoft has issued an emergency update to supported versions of Windows via Windows Update on January 3, 2018, but it hasn’t made it to all PCs yet. The Windows Update that solves the Meltdown and adds some protections against Spectre is named KB4056892.
Apple already patched the issue with macOS 10.13.2, released on December 6, 2017. Chromebooks with Chrome OS 63, which was released in mid-December, are already protected. Patches are also available for the Linux kernel.
In addition, check to see if your PC has BIOS/UEFI updates available. While the Windows update fixed the Meltdown problem, CPU microcode updates from Intel delivered via a UEFI or BIOS update are needed to fully enable protection against one of the Spectre attacks. You should also update your web browser—as usual—as browsers are adding some protections against Spectre, as well.
While a performance hit sounds bad, we strongly recommend installing these patches anyway. Operating system developers wouldn’t be making such massive changes unless this was a very bad bug with serious consequences.
The software patch in question will fix the Meltdown flaw, and some software patches can help mitigate the Spectre flaw. But Spectre will likely continue to affect all modern CPUs—at least in some form—until new hardware is released to fix it. It’s unclear how manufacturers will handle this, but in the meantime, all you can do is continue using your computer—and take solace in the fact that Spectre is more difficult to exploit, and somewhat more of a concern for cloud computing than end users with desktop PCs.

Comments

Post a Comment

Popular posts from this blog

The Windows 10 Fall Creator's Update: What's new?

-
Image
It's available to download now, the Fall Creator's Update from Microsoft for Windows 10, codenamed Redstone 3. Earlier we talked about the Creator's update but this is something big. There's a bunch of new features so let us now see what new has been included and what are the upgrades from it's predecessor. If you want to update right away before the update rolls out for your computer, follow this link . OneDrive Now Shows Files in the Cloud and downloads them on Demand Microsoft has announced OneDrive Files on Demand , which allows files to be stored in the cloud and made available without the need of getting synced on your local device. Quite interestingly, this new eature works with files in the Desktop and Documents folder, so it isn’t just limited to your files in the OneDrive folder as said earlier, no need to sync. When you try to open a file that isn’t stored on your PC, Windows will download it and open it for you. This is implemented
Read more

Matrix Falling Code Effect

-
Image
Inspired by the movie series The Matrix (which I personally like a lot), this falling code trick is extremely popular on social networking websites. Copy and paste the code given below in Notepad and save the file as "Matrix.bat" or *.bat.    @echo off color 02 :tricks echo %random%%random%%random%%random%%random%%random%%random%%random% goto tricks  
Read more

Why should you Disable 2.4 GHz Wi-Fi on your Network and How

-
Image
In less than twenty years, Wi-Fi has grown from being an amazing and quite expensive luxury to a common inclusion in every device you own. After all this, there’s still plenty of room for improvement…which is why you should consider disabling the old 2.4GHz band on your home’s Wi-Fi network and using the newer, faster, less crowded 5GHz band exclusively. The Standard is now 5 GHz Most modern routers are dual band , which means that they contain the ability to broadcast on both of these bands. It's quite possible that if you purchased your Wi-Fi router or compatible device in the last five years, it will support 5GHz networks—and in fact, if it’s an  802.11ac router , the 5GHz band is a must for that super-fast connection. Only super-cheap gadgets released in the last few years, like some of the e-ink Amazon Kindles or budget Android tablets, lack support for N or AC 5GHz connections. Not only are 5GHz and 802.11ac devices easy to come by, they’re getting af
Read more