EZPC Indy Blog
Surveying the Damage of Meltdown and Spectre
At the time of this writing, it has only been about a half a year since the Meltdown and Spectre exploits became public knowledge. Fortunately, patches were swiftly rolled out to mitigate the problems that these exploits could cause, but that doesn’t mean that these exploits are dead and buried. Let’s look back at Meltdown and Spectre to help us establish where we stand today.
What Do They Do?
Both Meltdown and Spectre affect the processor of the targeted system. The accurately-named Meltdown virtually melts away the barriers that a processor has between application processes and the system memory, which is not a good thing. Spectre works differently, in that it can ‘fool’ the processor into accessing parts of a system’s memory that it shouldn’t. Either of these results could quite easily allow a greater threat to access a user’s system.
The worst thing about Spectre and Meltdown is that they are so widespread, with the capability to influence almost every computer chip manufactured in the past 20 years. This could potentially put any data at risk, regardless of how well it was otherwise protected.
How They Were “Fixed”
Unfortunately, there is no singular, magic bullet fix for Meltdown and Spectre. However, patches were quickly released and have continued to roll out, as these exploits are repeatedly updated. When first discovered and mitigated, developers warned that patching against Meltdown and Spectre may cause a dip in performance as high as thirty percent.
While these patches do influence performance, the influence they have is currently much less significant than initially advertised. While the actual numbers vary based on a few circumstances that can be found below, the average use case showed much smaller affects, topping out at around five percent. This may change as later patches are released. However, it is also important to remember that in these kinds of situations, the initial patches usually have the greatest effects.
What Influences Performance
As mentioned above, there are other circumstances that will make the patches for Meltdown and Spectre more of a burden on your system, thereby causing a slight dip in your performance.
Depending on your intended usage of your system, Meltdown and Spectre could have greater or lesser effect. A good rule of thumb to keep in mind is that applications and uses that lean more heavily on processing power will be more affected than others. So, if you rely heavily on virtualization, or have made investments into cryptocurrency mining, you may be disappointed to find your performance suffer.
A variety of companies have put out patches, which means that different patches are going to have different effects on the systems that they are applied to.
Both your system’s hardware and software are going to influence how you may find your technology to be impacted by these patches. For instance, a newer processor will most likely be more resilient against the adverse effects of the patches, and a more up-to-date operating system, like Windows 10, will be impacted less than 7 or 8.
Our Best Advice
In order to fend off Meltdown and Spectre, we recommend that you follow a few basic best practices, including regularly installing updates to your software and being generally more security-minded as you utilize your technology. Additionally, it is probably also in your best interest, if you were considering a hardware refresh/update, to wait a while. There are currently efforts being made to develop processors that are resistant to these threats, but there is still no indication of when this hardware will be made available.
In the meantime, keep checking back to our blog for IT best practices, tips, and more.