Joined: 29 Sep 2005
|Posted: Mon 11 Mar, 2019 3:38 pm Post subject: Hardware Spectre bug and Microsoft Slowdowns
|What is Spectre
Spectre is a vulnerability that affects modern microprocessors that perform branch prediction.
n most processors, the speculative execution resulting from a branch misprediction may leave observable side effects that may reveal private data to attackers.
For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.
Most computer processes from the eighties onwards have a flaw which makes them vulnerable to an outisde attack which could allow outsiders access to your data.
Microsoft Efforts to Combat the Flaw and Software Slowdowns
Recent Microsoft patches to Windows 10 and Windows 8.1 contained changes to combat the Sprectre flaw.
The downside is that these patches can cause software to take much longer to load and run up to ten times slower.
So if you recently updated Windows 10 or Windows 8.1, you may have seen significant performance hits.
Recent Microsoft Efforts to Help the Slowdown Problem
(a) there is information available on how to turn off the Windows modifications.
This may leave uou vulnerable to a Spectre exploiting attack.
(b) More Microsoft Upgrades
Retpoline has significantly improved the performance of the Spectre variant 2 mitigations on Windows. When all relevant kernel-mode binaries are compiled with retpoline, we've measured ~25% speedup in Office app launch times and up to 1.5-2x improved throughput in the Diskspd (storage) and NTttcp (networking) benchmarks on Broadwell CPUs in our lab.
It is enabled by default in the latest Windows Client Insider Fast builds (for builds 18272 and higher on machines exposing compatible speculation control capabilities) and is targeted to ship with 19H1.
In Plain English
Computer chips have a flaw that allows outside attacks.
I believe computer chips may soon be available that don't have that flaw.
So you may be able to replace all your computers with new ones that don't have the Spectre flaw.
In Windows, turn off the Spectre fix.
This may leave you vulnerable to attack (as you have been for the past 30 or so years.
Keep upgrading Windows 10 and Windows 8.1 as Microsoft adds fixes to overcome to slowdowns.
From 12d Solutions
We are constantly looking at ways to refactor our 12d Model 14 code to mitigate slowdowns caused by Microsoft's fixes for Spectre.
This will be an on going task.