Note that the list of affected CPUs is longer than the usually claimed "only Haswel and Broadwell" clai. Actually, almost ALL Intel CPUs are hit by this. That includes Ivy Bridge, Sandy Bridge, as well as Coffee Lake, Sky Lake, Kaby Lake. Originally, also most of the AMD processor got hit, too, not just, as many claim now, very old ones.
Oh yeah, I'm just saying Haswell got hit a bit harder than Coffee Lake for example, also comes down to ASUS not really giving a shit about support for those old motherboards either. I wonder if AMDs hard stance that they're not going to be affected by Spectre 1 will come back to bite'em but right now even if that's the case the Ryzen refresh is looking mighty tempting if I'm to get a new CPU in the somewhat short term. Either way holding off until we know the prices and benchmarks of'em will give some time to iron out the kinks/see the full effects of the meltdown patches effect on Coffee Lake CPUs.
https://www.theregister.co.uk/2018/01/22/intel_spectre_fix_linux/ He is angry. He is loud. And he is right. What Intel plans to make of this, it unacceptable. But what to expect of a company that praqctically is in bed with another unscrupulous company like Microschrott.
Just in case: Performance hit seems to depend on CPU microcode update, which requires a BIOS update first, and the corresponding OS update. BIOS updates have been cancelled from Intel and nearly every big manufacturer. We are using HP / HPE at work and all BIOS updates regarding Spectre/Meltdown have been pulled back due to spontaneous reboots (thank God we are not affected right now, we have already updated the BIOS on over 60 ZBooks). There are some vulnerabilities regarding this bullsh*t, but with the exception of one single attack they will all be closed by OS updates. Just this one little tiny hole needs a CPU microcode update to be fixed. If you have an UEFI BIOS - do not update the BIOS at the moment without knowing if Your system will be stable and how much performance hit you will suffer. And keep in mind: UEFI BIOS updates are mostly not downgradable - when it has been installed, it can not be removed afterwards. As BIOS updates will take time - CPU manufacturer -> board manufacturer -> tests -> download availability -> tests -> distribution I believe this will be the attack vector most used in the next year. Regarding Windows and Microsoft Updates - we did not have a single problem in the last 5 years with them in our company, and our delay is only 3-4 weeks after release for all clients and server. If You have a separate fixed system especially for gaming (you won't work in a simulator seat with a wheel in front of you or carry your sim racing equipment around every day...) you can delay updates without big risks. Upgrades (not updates!) should be delayed if you expect them to break your running system (special software or hardware in use - usually the case with sim racing; advanced update options, switch from Semi-Annual Channel (Targeted) to Semi-Annual Channel). Delaying security updates depends on the exposition and mobility - you should never delay these without specific reason on a production work place, delaying these on a roadwarriors notebook which will be connected via VPN or DirectAccess could be one of your biggest faults. Same goes for unprovisioned AMT systems, disabled firewalls or malware scanners and also for non-existent backups. Just a bit of mathematic probability calculation - the more things you disable, the more risk you take. Just my 2 cents and 19 years experience working in IT
Current status "as is". https://www.computerworld.com/artic...t-slowdowns-and-antivirus-proves-crucial.html
Intel says new Skylake fixes are out to brick more BIOS and UEFI , eh - I mean they said the first part and skipped the latter. Before you now jump up and run to get these firmware updates done, read this and see if you cannot find reason for some reasonable caution in it: https://www.askwoody.com/2018/intel-says-its-new-spectre-busting-skylake-firmware-patch-is-ready/
I do not know what's Your occupation, but I doubt there is no know malware and as stated before I believe that every malware developer will jump onto the Bios-dependant security issue this year... and it looks as at least heise.de is proving I was right: https://www.heise.de/newsticker/mel...hr-Malware-echte-Angriffe-unklar-3959499.html or one link deeper and english: https://twitter.com/avtestorg/status/959015892997861376 Just to clarify: If you are using an exposed system - tagged road warrior - YOU WILL NEED TO PATCH AS SOON AS SECURELY POSSIBLE !
Yeah I don't get Skybird, he seems the most concerned about this here, but yet his advice is 'ignore the problem exsists and don't even trust in your own providers'. It's quite a contradiction, isn't it?
Attacks based on Meltdown and Spectre are no easy tasks to accomplish, these attacka are diifucklt tu run, and you need to infiltrate the attacked system with malware code that you ned to geta board that system, in any way. While I said berfore that automatization may make such attacks running easie rint ehzftuure, right now this is not in sight. What Heise points at and what I linked earlier to myself, too, eithger in thosofuzrm or Ac forum, are so.called oproives-of-concepot studies. Yes, many ways of how to use Spectre and Meltdown for issuing attacks have noe be demonstrated - but these are studies, so to speak, designed and thought about in idela conditions to show how it could be used to form an attack. In the wild, none of these have been sighted so far. It is like with concept cars. You can see them at trade shows, you can read about the latest design in magazines, but you do not see them beign sold, or ont he street, in the wild. We also know of many chemical substance sused for war, stored in military laboratories, deiosgned to be use din war. But you do nto see them in the wild, you do not see a need to get immunisation right now, if that is possible. Considering that the real CPU-threatening "patches" that threaten to limit CPU speed signficiantly have not even been released so far, and considering the immense negative consequences of the last wave of Intel BIOS/UEFI firmware updates - MIND YOU : iNTEL THEMSLEVES TOLD PEOPLE NOT TO USE THESE AND HAS WARNED OF THEIR OWN PATCHES !!! - I recommend to be cautious with taking the risk of againserving as Intel'S beta testers att he risk of cirppoling your system and the speed of your CPU that yo hzave paid hard cash for - you cannot reverse these firmware updates for the most part. Its like Woody said: they worked 6 moinths on trying to get things fixed, and the result was a mess, and now they claim to have worked another twpo weeks and all should be in order? Go and gamble - but at your own risk, if you think you must. I question the widsom to accept this risk to fight a a malware threat that so far is only theory, and knows no known manifestation in the wild real wild. Provers-of-concept, are no incidents in the wild. They are academic demonstrations. Again, thewre seems to be no incident so far where Spectre and Malware has been used for an attack int he widl, word-wide. Not a single one. The patching frenzy so far has caused far, far more troubles. This both maybe changes in the future. And then I will recommend something different. But for the time being, I adress thigns as they are. Malware: no threat in thwe wild, only demosntrated in the laboratory. Pqatches: mor ewor less slow downd of CPU pitency, real risks of bricking your BIOS and UEFI. Is it worth it for you? Then go and do it, but do not complain if you get hit. For myself, my answer is "currently, not yet".
Just for information: HP has published the final patches, I am currently testing and can already say that SSD IOPS are cut by around 50%; Samsung RapidMode transfer rates will suffer around 30-40%. Direct transfer rates of SSDs are still the same. Time will show if there's more performance loss. In an office system I doubt someone will notice the performance loss - perhaps when installing big software packages, updates or reinstalling windows. I am still testing in parallel on my gaming rig, but on my workstation notebook on normal use case I can not see a difference - perhaps if you are go mass-editing files for mp3 tagging or photo tagging...