Directive Blogs
Reexamining Meltdown and Spectre
It’s been about a year and a half since the Meltdown and Spectre exploits became publicly known. While patches and updates were administered to reduce their threat, they continue to linger on in a less serious capacity. Of course, this doesn’t mean that the threat has entirely been neutered--you still want to know what these threats do and whether or not you’re safe from them.
What They Do
The Meltdown and Spectre threats both target the system processor, though in different ways. Meltdown essentially melts away the barrier between the processor and application processes and the system memory. On the other hand, Spectre can fool the processor into accessing parts of the system memory that it’s not supposed to. Both of these threats allow unauthorized access to a user’s system, creating more opportunities for further threat influence.
The biggest problem with Spectre and Meltdown is how widespread they are. They could potentially cause problems for every computer chip created over the past 20 years. Consequently, any data stored by technology utilizing these chips is also at risk.
How These Issues Were Resolved
Meltdown and Spectre have no definitive fix at the current moment, even though patches and updates have been frequently released in order to combat the latest updates to this threat. When the patches were first developed against Meltdown and Spectre, developers foresaw a major decrease in performance on the user’s end--as high as thirty percent, in fact.
Even though these patches do influence performance, the difference isn’t nearly as much as it was initially predicted to be. Depending on the individual circumstances (outlined below), the average user encountered much smaller effects that didn’t exceed five percent. Of course, this could change with future patch releases, but it’s important to keep in mind that the initial patches are generally going to have the biggest effects, as the primary concern is resolving the security issues rather than improving performance right off the bat.
What Influences Performance?
There are several factors that can influence the performance of your system following the patches of Meltdown and Spectre.
Use
Depending on what you use your system for, Meltdown and Spectre will have different effects on your system performance. It’s reasonable to assume that applications and uses that need more processing power will be affected more than other processes. If you take advantage of virtualization, or are investing in cryptocurrency mining, chances are that you’ll see a performance drop as a result of these patches.
Patch Used
Several companies have issued patches for these threats, so naturally you’ll have various effects from them.
Device Configuration
Your hardware and software configurations are going to change how much your technology will be affected by these patches. A perfect example is that a newer processor won’t be influenced as much by these patches. A more up-to-date operating system will also be more resilient to the effects of these patches as well.
A Word of Advice
The best way to take the fight to Meltdown and Spectre is by following simple best practices that help you maintain network security in the long run. For one, you should always install the latest patches and security updates so that you are always up-to-date against the latest threat definitions. You can also consider a hardware refresh, as more recent hardware won’t be as influenced as much as legacy hardware that has been around the block a time or two. There are various attempts to create processors resistant to these threats, but there is no timetable as to when they will be available. In the meantime, you can work with Directive to make sure that your systems are running as efficiently as possible. To learn more, reach out to us at 607.433.2200.