Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
268 posts

Ultimate Geek
+1 received by user: 54


  Reply # 1931132 6-Jan-2018 08:38
One person supports this post
Send private message

Batman:

 

djtOtago:

 

Why is this being blamed on the hardware (Intel/AMD/ARM) when it appears to be a problem with the way the OS is managing memory access?

 

 

Presumably (no I didn't take computer science at uni lol) it's a matter of time before people discover a similar "bug" with other things eg routers, ATMs, bank computers, power companies, traffic management, etc (that may use other CPUs)?

 

 

 

 

Hardware appliances such as routers/firewalls/switches don't usually run 3rd party apps - so even if their CPUs would be vulnerable you could not take advantage of it. ATMs/bank computers usually run a locked down OS like Windows, and traffic management systems usually do the same controlling SCADA devices.

 

For desktop operations antivirus solutions will be the usual line of defense against this vulnerability. And there are already AV signatures out for such code.

 

The real concern is for cloud and virtualized systems. Say you had some services deployed in cloud, and you had a malicious "neighbour" running on the same infrastructure - they may run this code to snoop on your system.


529 posts

Ultimate Geek
+1 received by user: 100


  Reply # 1931596 7-Jan-2018 07:59
Send private message

A good summary of the companies technical responses from Peter Bright at Ars, including white papers etc

https://arstechnica.com/gadgets/2018/01/meltdown-and-spectre-heres-what-intel-apple-microsoft-others-are-doing-about-it/

Clint

606 posts

Ultimate Geek
+1 received by user: 38


  Reply # 1931749 7-Jan-2018 15:08
Send private message

There is quite a good explanation here (although most of this appears to be limited to Meltdown):

 

https://arstechnica.com/gadgets/2018/01/whats-behind-the-intel-design-flaw-forcing-numerous-patches/

 

The solution that both the Windows and Linux developers have picked is substantially the same, and derived from that KAISER work: the kernel page table entries are no longer shared with each process. In Linux, this is called Kernel Page Table Isolation (KPTI).

 

The impact of this will vary depending on the workload. Every time a program makes a call into the kernel—to read from disk, to send data to the network, to open a file, and so on—that call will be a little more expensive, since it will force the TLB to be flushed and the real kernel page table to be loaded. Programs that don't use the kernel much might see a hit of perhaps 2-3 percent—there's still some overhead because the kernel always has to run occasionally, to handle things like multitasking.

 

But workloads that call into the kernel a ton will see much greater performance drop off.

 

While Intel systems are the ones known to have the defect, they may not be the only ones affected. Some platforms, such as SPARC and IBM's S390, are immune to the problem, as their processor memory management doesn't need the split address space and shared kernel page tables; operating systems on those platforms have always isolated their kernel page tables from user mode ones.

 

For people running VMs:

 

https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html

 

Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host. The remediation listed in the table below is for the known variants of the Bounds Check Bypass and Branch Target Injection issues.

 

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2017-5753 (Bounds Check bypass) and CVE-2017-5715 (Branch Target Injection) to these issues.

 

Running a cloud/vm infrastructure without patching would be irresponsible, but if a significant percentage of cloud/vm workloads are databases (perhaps the most likely to be affected), then the total performance degradation on a huge cloud/vm environment might be significant.





#include <standard.disclaimer>

419 posts

Ultimate Geek
+1 received by user: 222


  Reply # 1931953 8-Jan-2018 09:23
Send private message

djtOtago:

 

Just updated my older laptop.

 

Similar result.

 

 

Edit: Just re-encoded one of my test videos.
Took exactly the same time to encode as before the update.  

 

 

As far as I can tell you will not get a 100% positive result on this test without both the windows patch and a BIOS update. You will also need a post-Haswell CPU for PCID optimisation (not required for security, but mitigates the performance loss somewhat).

 

My Haswell laptop is fully protected after a BIOS update.

 


BDFL - Memuneh
60812 posts

Uber Geek
+1 received by user: 11691

Administrator
Trusted
Geekzone
Lifetime subscriber

419 posts

Ultimate Geek
+1 received by user: 222


  Reply # 1932017 8-Jan-2018 10:08
Send private message

freitasm:

 

BIOS or microcode/firmware update?

 

 

Either, I suppose. I should have said you will need updates from both Microsoft and your motherboard/system manufacturer. As I understand it the latter could be either a microcode update (via Windows Update) or a BIOS update.


BDFL - Memuneh
60812 posts

Uber Geek
+1 received by user: 11691

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1932018 8-Jan-2018 10:13
Send private message

Yes, this was expanded in the previous page. AFAIK it is a microcode update. In the case of Surface it will he delivered as a firmware update. Other manufacturers may call it BIOS but really BIOS and firmware are different things.




391 posts

Ultimate Geek
+1 received by user: 83


  Reply # 1932990 9-Jan-2018 17:15
Send private message

Apple has today released their security supplemental updates to High Sierra 10.13.2 & El Capitan and iOS to address this issue. Though on my iMac High Sierra the size was  only 148Mb but it took approx ½ hour, after download , to install with 3 restarts.





iMac 27" (late 2013), Airport Time Capsule + Airport Express, iPhone7, iPad6, iPad Mini2

 

Panasonic Blu-ray PVR DMR-BWT835 + Panasonic Viera TH-L50E6Z, Chromecast Ultra


BDFL - Memuneh
60812 posts

Uber Geek
+1 received by user: 11691

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1935371 10-Jan-2018 10:18
Send private message

Microsoft has posted "Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems".

 

From the blog:

 

 

  • With Windows 10 on newer silicon (2016-era PCs with Skylake, Kabylake or newer CPU), benchmarks show single-digit slowdowns, but we don’t expect most users to notice a change because these percentages are reflected in milliseconds.
  • With Windows 10 on older silicon (2015-era PCs with Haswell or older CPU), some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance.
  • With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.
  • Windows Server on any silicon, especially in any IO-intensive application, shows a more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance. This is why you want to be careful to evaluate the risk of untrusted code for each Windows Server instance, and balance the security versus performance tradeoff for your environment.

For context, on newer CPUs such as on Skylake and beyond, Intel has refined the instructions used to disable branch speculation to be more specific to indirect branches, reducing the overall performance penalty of the Spectre mitigation. Older versions of Windows have a larger performance impact because Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel. We will publish data on benchmark performance in the weeks ahead.

 

 

 





TLD

660 posts

Ultimate Geek
+1 received by user: 148


  Reply # 1935671 10-Jan-2018 15:28
Send private message

Toms put this up ten minutes ago.  It's sounding like a double hit for older systems.  They will inherently have less performance than newer systems to start with, and will suffer the greater slow down.

 

http://www.tomshardware.com/news/microsoft-intel-slowdown-old-chips,36293.html

 

So for my wife who has a elderly two core AMD system, and just uses it for Internet and Office, can she ignore the updates/patches?  It only has to hold together till my 7900X system arrives, after which she will use my old 3930K system.

 

[EDIT]  In fact it's even worse than a slow down, because Toms also put this up at lunch time which says the patch are making some old AMD systems unbootable!  Methinks I'll turn off auto updates on her old system.

 

http://www.tomshardware.com/news/meltdown-spectre-update-amd-unbootable,36291.html

 

 

 

 

 

 





Trevor Dennis
Rapaura (near Blenheim)

1221 posts

Uber Geek
+1 received by user: 123


  Reply # 1935687 10-Jan-2018 15:41
Send private message


allio:

freitasm:


BIOS or microcode/firmware update?



Either, I suppose. I should have said you will need updates from both Microsoft and your motherboard/system manufacturer. As I understand it the latter could be either a microcode update (via Windows Update) or a BIOS update.



From memory, an errata (the name for a change to the CPU spec) is loaded into the CPU during startup (during the init phase I think) and is stored in non-volatile memory (NVM) - I think your bios.

For an update to the OS kernel itself, this would I think be a normal windows update.

As I understand it, although not really following the issue, I think two of the three Meltdown fixes are OS updates and the third requires both an OS and Microcode update. I suspect there will be more updates at some stage as part of the usual update process.





Software Engineer

 


1424 posts

Uber Geek
+1 received by user: 315

Subscriber

  Reply # 1935698 10-Jan-2018 16:00
Send private message

Is there a simple way for your average pc user to test for the vulnerability?

 

I had a go at the powershell thing mentioned earlier but it was bit beyond my capability.





Life is too short to remove USB safely.


BDFL - Memuneh
60812 posts

Uber Geek
+1 received by user: 11691

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1935699 10-Jan-2018 16:03
Send private message

Updated my Windows 7 dev VM today with latest security patches... And this happened:

 

 

Remember, as per above "Windows 7 and Windows 8 have more user-kernel transitions because of legacy design decisions, such as all font rendering taking place in the kernel."

 

Damn.





UHD

622 posts

Ultimate Geek
+1 received by user: 280


  Reply # 1936097 11-Jan-2018 11:33
Send private message

So what are the chances of microcode updates for hardware from Intel that is 6+ years old? I think the last BIOS updates they offer are from 2014 am I right in betting engineers won't be bothering?


5795 posts

Uber Geek
+1 received by user: 1729

Trusted

  Reply # 1936141 11-Jan-2018 11:58
Send private message

Should I do it or should I not?
Anyone got any idea on the performance hit?

Cheers

 

 

 





Steam: Coil (Same photos as profile here)
Origin: Scranax
Currently playing on PC: Rust, Subnautica, CS:GO, AOE2 HD, BeamNG Drive, BF1.


1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Hawaiki Transpacific cable ready-for-service
Posted 20-Jul-2018 11:29


Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.