Games are generally more GPU bound than they are CPU bound and do not make many or any direct kernel calls at all, so even if the fix impacts you, the performance degradation will likely be small and unnoticeable. The main concern revolves around the fix, which is reported to cause a significant slowdown in specific high I/O tasks. If you get a virus on your home PC, it's already compromised, and Meltdown and Spectre don't really make the risk any worse. There are thousands of viruses circulating at any given time, and if you already practice safe computing, you shouldn't be impacted by anything trying to leverage the Meltdown and Spectre vulnerabilities. See more Will Meltdown and Spectre impact my home PC?ĭirectly, both Meltdown and Spectre won’t really impact your PC any more than a random virus. In other words, making our processors faster has come at the cost of security, and the only real fix may end up being to slow things down. As the costs of insecurity rise, these design choices need to be revisited, and in many cases alternate implementations optimized for security will be required." As a result, processors, compilers, device drivers, operating systems, and numerous other critical components have evolved compounding layers of complex optimizations that introduce security risks. The vulnerabilities in this paper, as well as many others, arise from a longstanding focus in the technology industry on maximizing performance. As the whitepaper puts it, "More broadly, there are trade-offs between security and performance. Protecting against Spectre is also more difficult.
Spectre can affect processors from AMD, ARM, Intel, and others-any processor that uses branch prediction, in theory, which is basically every modern processor-but the attack must be tailored somewhat specifically to the hardware, making it more difficult to implement. Up to nearly 200 instructions could be run in some instances.
#THE MELTDOWN CODE#
The attack involves training a branch predictor to take one path, and then after many iterations, using a branch mispredict to cause speculative execution of code that shouldn't be run. Spectre uses a processor's speculative execution capability and branch prediction, combined with similar approaches to those in Meltdown (eg, cache attacks like Evict+Time), to read secrets from a process's memory. The good news is that all the major operating systems should already be patched to mitigate problems. Both industry and the scientific community so far accepted this as a necessary evil for efficient computing." What has changed is that Meltdown is a working attack vector on many Intel CPUs.
#THE MELTDOWN SOFTWARE#
From the whitepaper, "The fact that hardware optimizations can change the state of microarchitectural elements, and thereby imperil secure software implementations, is known since more than 20 years. It's important to note that many of these exploits aren't actually new. The KPTI (and similar) patches that have been deployed for Windows, OS X, and Linux largely mitigate the problem, though there are still some less critical remaining concerns.
#THE MELTDOWN FULL#
While the current full implementation of Meltdown does not work on AMD and ARM CPUs, there are indications that further modification of the code could allow a similar attack to work on AMD and ARM processors.
#THE MELTDOWN PRO#
It may affect many other CPUs as well, basically anything that uses OOOE, which includes all Intel CPUs back to the original Pentium Pro (excluding Itanium and Atom before 2013), and AMD CPUs from a similar time period.
Meltdown is an exploit that affects Intel CPUs at least since 2011, which leverages elements of out-of-order execution to cause a change in the cache state of a CPU, and then use that to dump contents of memory that should normally be inaccessible.
0 kommentar(er)
