1. Betriebssysteme >
  2. Linux Tipps >
  3. The performance benefits of Not protecting against Zombieload, Spectre, Meltdown.


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

The performance benefits of Not protecting against Zombieload, Spectre, Meltdown.

RSS Kategorie Pfeil Linux Tipps vom | Quelle: reddit.com Direktlink öffnen

With the news about MDS (Zombieload) I've seen a few paranoid posts and sensational headlines about intel CPU's with HT. Looking at you Wired.

From the reading I've done about these exploits they all share a few traits - they are all pretty difficult to pull off, they are all patched, and all of the patches reduce performance by some percentage.

For a critical system these things should of course be patched i.e., my ESXi server that runs my network with pfSense gets all security patches.

However, for a home user running linux as a desktop for work or play - I have a feeling that patching these things is pretty pointless in terms of security. Security is always a compromise with practicality, and most home users (even [probably most] advanced users) do use known insecure things (that Android phone) and mitigate (maybe) those known vulnerabilities with network segregation or something along those lines.

And lets be real, people do this for good reason - it's practical and you are almost certainly not a focused target. There are no governments trying to Stuxnet the WD Raptors in your home Plex server.

So my thought is, the fixes for these vulnerabilities might even be an actively bad idea for your average home user. Each one reduces performance by a little bit and protects you from an attack that isn't coming.

Not applying these updates is pretty easy - just don't update the BIOS, or modify the BIOS so that theese microcode updates aren't applied.

Then on the OS level you either disable or rollback your version of linux's microcode update package such as intel-microcode

The same process could re-enable TSX-NI on some CPU's - which doesn't work in some specific cases, but some users might have a use for it and be able to accept it's instabilities.

So my question is - how much performance could be re-gained by not protecting against these threats that almost certainly aren't worth thinking about to a home user?

submitted by /u/californiaCabotage
[link] [comments] ...

Webseite öffnen Komplette Webseite öffnen

Newsbewertung

Kommentiere zu The performance benefits of Not protecting against Zombieload, Spectre, Meltdown.






Ähnliche Beiträge

  • 1. Intel Shares Details on New CPUs With Spectre, Meltdown Protections vom 218.64 Punkte ic_school_black_18dp
    Intel announced on Thursday that patches designed to address the Spectre vulnerability are now available for all the affected CPUs released in the past five years, and shared more details on the future processors that will include protections against the
  • 2. Intel Shares Details on New CPUs With Spectre, Meltdown Protections vom 218.64 Punkte ic_school_black_18dp
    Intel announced on Thursday that patches designed to address the Spectre vulnerability are now available for all the affected CPUs released in the past five years, and shared more details on the future processors that will include protections against the
  • 3. More Chrome OS Devices Receive Meltdown, Spectre Patches vom 199.32 Punkte ic_school_black_18dp
    The latest stable channel update for Google’s Chrome OS operating system includes mitigations for devices with Intel processors affected by the Spectre and Meltdown vulnerabilities. Meltdown and Spectre attacks exploit design flaws in Intel, AMD, ARM and o
  • 4. More Chrome OS Devices Receive Meltdown, Spectre Patches vom 199.32 Punkte ic_school_black_18dp
    The latest stable channel update for Google’s Chrome OS operating system includes mitigations for devices with Intel processors affected by the Spectre and Meltdown vulnerabilities. Meltdown and Spectre attacks exploit design flaws in Intel, AMD, ARM and o
  • 5. Intel Will Not Patch Spectre in Some CPUs vom 175.74 Punkte ic_school_black_18dp
    Intel has informed customers that some of the processors affected by the Meltdown and Spectre vulnerabilities will not receive microcode updates due to issues related to implementation and other factors. Two weeks after announcing that microcode updates have been made avai
  • 6. Intel CPUs Vulnerable to New 'BranchScope' Attack vom 151.23 Punkte ic_school_black_18dp
    Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks. The new att
  • 7. Intel CPUs Released in Last 8 Years Impacted by New Zombieload Side-Channel Attack vom 139.37 Punkte ic_school_black_18dp
    Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. From a report: The leading attack in this new vulnerability class is a security flaw named Zombieload,
  • 8. Intel CPUs Released in Last 8 Years Impacted by New Zombieload Side-Channel Attack vom 139.37 Punkte ic_school_black_18dp
    Academics have discovered a new class of vulnerabilities in Intel processors that can allow attackers to retrieve data being processed inside a CPU. From a report: The leading attack in this new vulnerability class is a security flaw named Zombieload,
  • 9. TA18-004A: Meltdown and Spectre Side-Channel Vulnerability Guidance vom 135.98 Punkte ic_school_black_18dp
    Original release date: January 04, 2018 | Last revised: February 10, 2018Systems Affected CPU hardware implementations Overview On January 3, 2018, the National Cybersecurity and Communications Integration Center (NCCIC) became aware of a set of
  • 10. Microsoft Releases More Patches for Meltdown, Spectre vom 134.09 Punkte ic_school_black_18dp
    Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10. Meltdown and Spectre allow malicious applications to bypass memory isolati
  • 11. Microsoft Releases More Patches for Meltdown, Spectre vom 134.09 Punkte ic_school_black_18dp
    Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10. Meltdown and Spectre allow malicious applications to bypass memory isolati
  • 12. Key causes of performance differences between SQL managed instance and SQL Server vom 115.08 Punkte ic_school_black_18dp
    Migrating to a Microsoft Azure SQL Database managed instance provides a host of operational and financial benefits you can only get from a fully managed and intelligent cloud database service. Some of these benefits come from features that optimize or i