Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
188 posts

Master Geek
+1 received by user: 25


  Reply # 1931132 6-Jan-2018 08:38
One person supports this post
Send private message quote this post

Batman:

 

djtOtago:

 

Why is this being blamed on the hardware (Intel/AMD/ARM) when it appears to be a problem with the way the OS is managing memory access?

 

 

Presumably (no I didn't take computer science at uni lol) it's a matter of time before people discover a similar "bug" with other things eg routers, ATMs, bank computers, power companies, traffic management, etc (that may use other CPUs)?

 

 

 

 

Hardware appliances such as routers/firewalls/switches don't usually run 3rd party apps - so even if their CPUs would be vulnerable you could not take advantage of it. ATMs/bank computers usually run a locked down OS like Windows, and traffic management systems usually do the same controlling SCADA devices.

 

For desktop operations antivirus solutions will be the usual line of defense against this vulnerability. And there are already AV signatures out for such code.

 

The real concern is for cloud and virtualized systems. Say you had some services deployed in cloud, and you had a malicious "neighbour" running on the same infrastructure - they may run this code to snoop on your system.


497 posts

Ultimate Geek
+1 received by user: 93


  Reply # 1931596 7-Jan-2018 07:59
Send private message quote this post

A good summary of the companies technical responses from Peter Bright at Ars, including white papers etc

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

Clint

 
 
 
 


604 posts

Ultimate Geek
+1 received by user: 38


  Reply # 1931749 7-Jan-2018 15:08
Send private message quote this post

There is quite a good explanation here (although most of this appears to be limited to Meltdown):

 

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

 

The solution that both the Windows and Linux developers have picked is substantially the same, and derived from that KAISER work: the kernel page table entries are no longer shared with each process. In Linux, this is called Kernel Page Table Isolation (KPTI).

 

The impact of this will vary depending on the workload. Every time a program makes a call into the kernel—to read from disk, to send data to the network, to open a file, and so on—that call will be a little more expensive, since it will force the TLB to be flushed and the real kernel page table to be loaded. Programs that don't use the kernel much might see a hit of perhaps 2-3 percent—there's still some overhead because the kernel always has to run occasionally, to handle things like multitasking.

 

But workloads that call into the kernel a ton will see much greater performance drop off.

 

While Intel systems are the ones known to have the defect, they may not be the only ones affected. Some platforms, such as SPARC and IBM's S390, are immune to the problem, as their processor memory management doesn't need the split address space and shared kernel page tables; operating systems on those platforms have always isolated their kernel page tables from user mode ones.

 

For people running VMs:

 

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

 

Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.

 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.

 

Running a cloud/vm infrastructure without patching would be irresponsible, but if a significant percentage of cloud/vm workloads are databases (perhaps the most likely to be affected), then the total performance degradation on a huge cloud/vm environment might be significant.





#include <standard.disclaimer>

389 posts

Ultimate Geek
+1 received by user: 203


  Reply # 1931953 8-Jan-2018 09:23
Send private message quote this post

djtOtago:

 

Just updated my older laptop.

 

Similar result.

 

 

Edit: Just re-encoded one of my test videos.
Took exactly the same time to encode as before the update.  

 

 

As far as I can tell you will not get a 100% positive result on this test without both the windows patch and a BIOS update. You will also need a post-Haswell CPU for PCID optimisation (not required for security, but mitigates the performance loss somewhat).

 

My Haswell laptop is fully protected after a BIOS update.

 


BDFL - Memuneh
59434 posts

Uber Geek
+1 received by user: 10647

Administrator
Trusted
Geekzone
Lifetime subscriber

389 posts

Ultimate Geek
+1 received by user: 203


  Reply # 1932017 8-Jan-2018 10:08
Send private message quote this post

freitasm:

 

BIOS or microcode/firmware update?

 

 

Either, I suppose. I should have said you will need updates from both Microsoft and your motherboard/system manufacturer. As I understand it the latter could be either a microcode update (via Windows Update) or a BIOS update.


BDFL - Memuneh
59434 posts

Uber Geek
+1 received by user: 10647

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1932018 8-Jan-2018 10:13
Send private message quote this post

Yes, this was expanded in the previous page. AFAIK it is a microcode update. In the case of Surface it will he delivered as a firmware update. Other manufacturers may call it BIOS but really BIOS and firmware are different things.




301 posts

Ultimate Geek
+1 received by user: 61


  Reply # 1932990 9-Jan-2018 17:15
Send private message quote this post

Apple has today released their security supplemental updates to High Sierra 10.13.2 & El Capitan and iOS to address this issue. Though on my iMac High Sierra the size was  only 148Mb but it took approx ½ hour, after download , to install with 3 restarts.





Make Our Planet Great Again

 

iMac 27" (2013), Airport Time Capsule + Airport Express, iPhone7, iPad2, iPad Mini2

 

Panasonic Blu-ray PVR DMR-BWT835 + Panasonic Viera TH-L50E6Z, Chromecast Ultra


BDFL - Memuneh
59434 posts

Uber Geek
+1 received by user: 10647

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1935371 10-Jan-2018 10:18
Send private message quote this post

Microsoft has posted "Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems".

 

From the blog:

 

 

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead.

 

 

 





TLD

604 posts

Ultimate Geek
+1 received by user: 123


  Reply # 1935671 10-Jan-2018 15:28
Send private message quote this post

Toms put this up ten minutes ago.  It's sounding like a double hit for older systems.  They will inherently have less performance than newer systems to start with, and will suffer the greater slow down.

 

http://www.tomshardware.com/news/microsoft-intel-slowdown-old-chips,36293.html

 

So for my wife who has a elderly two core AMD system, and just uses it for Internet and Office, can she ignore the updates/patches?  It only has to hold together till my 7900X system arrives, after which she will use my old 3930K system.

 

[EDIT]  In fact it's even worse than a slow down, because Toms also put this up at lunch time which says the patch are making some old AMD systems unbootable!  Methinks I'll turn off auto updates on her old system.

 

http://www.tomshardware.com/news/meltdown-spectre-update-amd-unbootable,36291.html

 

 

 

 

 

 





Trevor Dennis
Rapaura (near Blenheim)

1201 posts

Uber Geek
+1 received by user: 110


  Reply # 1935687 10-Jan-2018 15:41
Send private message quote this post


allio:

freitasm:


BIOS or microcode/firmware update?



Either, I suppose. I should have said you will need updates from both Microsoft and your motherboard/system manufacturer. As I understand it the latter could be either a microcode update (via Windows Update) or a BIOS update.



From memory, an errata (the name for a change to the CPU spec) is loaded into the CPU during startup (during the init phase I think) and is stored in non-volatile memory (NVM) - I think your bios.

For an update to the OS kernel itself, this would I think be a normal windows update.

As I understand it, although not really following the issue, I think two of the three Meltdown fixes are OS updates and the third requires both an OS and Microcode update. I suspect there will be more updates at some stage as part of the usual update process.





Software Engineer

 


1321 posts

Uber Geek
+1 received by user: 294

Subscriber

  Reply # 1935698 10-Jan-2018 16:00
Send private message quote this post

Is there a simple way for your average pc user to test for the vulnerability?

 

I had a go at the powershell thing mentioned earlier but it was bit beyond my capability.





Life is too short to remove USB safely.


BDFL - Memuneh
59434 posts

Uber Geek
+1 received by user: 10647

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1935699 10-Jan-2018 16:03
Send private message quote this post

Updated my Windows 7 dev VM today with latest security patches... And this happened:

 

 

Remember, as per above "Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel."

 

Damn.





UHD

539 posts

Ultimate Geek
+1 received by user: 226


  Reply # 1936097 11-Jan-2018 11:33
Send private message quote this post

So what are the chances of microcode updates for hardware from Intel that is 6+ years old? I think the last BIOS updates they offer are from 2014 am I right in betting engineers won't be bothering?


5446 posts

Uber Geek
+1 received by user: 1549

Trusted

  Reply # 1936141 11-Jan-2018 11:58
Send private message quote this post

Should I do it or should I not?
Anyone got any idea on the performance hit?

Cheers

 

 

 


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

New Zealand's IT industry in 2018 and beyond
Posted 22-Jan-2018 12:50


Introducing your new workplace headache: Gen Z
Posted 22-Jan-2018 12:45


Jucy set to introduce electric campervan fleet
Posted 22-Jan-2018 12:41


Hawaiki cable system will be ready for service in June 2018
Posted 22-Jan-2018 12:32


New Zealand hits peak broadband data
Posted 18-Jan-2018 12:21


Amazon Echo devices coming to New Zealand early February 2018
Posted 18-Jan-2018 10:53


$3.74 million for new electric vehicles in New Zealand
Posted 17-Jan-2018 11:27


Nova 2i: Value, not excitement from Huawei
Posted 17-Jan-2018 09:02


Less news in Facebook News Feed revamp
Posted 15-Jan-2018 13:15


Australian Government contract awarded to Datacom Connect
Posted 11-Jan-2018 08:37


Why New Zealand needs a chief technology officer
Posted 6-Jan-2018 13:59


Amazon release Silk Browser and Firefox for Fire TV
Posted 21-Dec-2017 13:42


New Chief Technology Officer role created
Posted 19-Dec-2017 22:18


All I want for Christmas is a new EV
Posted 19-Dec-2017 19:54


How clever is this: AI will create 2.3 million jobs by 2020
Posted 19-Dec-2017 19:52



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.