The Meltdown and Spectre vulnerabilities disclosed this week affect millions of PCs, servers, and mobile devices. The good news is that companies have been busy rolling out software updates that should make it less likely that someone will exploit one of these vulnerabilities to steal your personal data.
Some of those patches affect your personal devices like your phone, laptop, or desktop computers. Others are rolling out to servers, where the risk is even greater since multiple users log into the same server simultaneously and an unpatched server could leak your data to an attacker.
The Meltdown-related security updates are expected to offer pretty strong protection against that exploit variant, and while there seems to be some disagreement over whether it’s entirely possible to prevent Spectre-based attacks via software updates alone, Intel claims that it’s rolling out updates that will make its chips “immune” to both form of attack.
But at what cost? Early reports had suggested that the “fix” for Meltdown would take a toll on performance since it’s basically a workaround that could make certain tasks take longer to complete. Intel says the impact is negligible for most users. But it turns out that it all depends on what it is you’re trying to do with a computer.
Phoronix has been running benchmarks to see how computers perform before and after updating to the patched Linux kernel 4.15. It looks like the difference really is unnoticeable for some tasks such as gaming. But for others, such as Wine, virtual machines, Redis, and PostgreSQL, it can be pretty significant.
CNX-Software ran some before-and-after benchmarks on a computer with an Intel Pentium N4200 Apollo Lake processor and Windows 10 and found almost no difference in PCMark 10 and 3DMark scores, and only modest differences in CrystalDiskMark read/write scores.
Google says it’s rolled out updates on its own systems and found the impact on performance to be negligible. Meanwhile, Epic games says it’s seen a huge spike in CPU usage on its servers since implementing updates to protect against Meltdown attacks, and that’s resulting in “unexpected issues” affecting stability and logins for the Fortnite video game.
Epic isn’t the only company that’s seen an impact on its cloud servers.
So were those early reports suggesting that the security updates could slow computers by as much as 30 percent overblown? Yes and no. It’s entirely possible that casual PC users won’t notice any difference at all, depending on what they use their PC for. And some cloud services aren’t feeling the heat too much either. But others are seeing a serious spike in CPU usage, which could be expensive both in terms of processing power and money.
There may be additional software updates that could help mitigate the performance impact of this vulnerability mitigation. But simply applying the patches and continuing to run existing software seems to lead to mixed results.
via Hacker News