Meltdown and Spectre troubleshooting guide
BRAD CHACOS and MICHAEL SIMON explain how the critical CPU flaws affect PCs and Macs
Massive security vulnerabilities in modern CPUs are forcing a redesign of the kernel software at the heart of all major operating systems. Since the issues – dubbed Meltdown and Spectre – exist in the CPU hardware itself, Windows, Linux, Android, macOS, iOS, Chromebooks, and other operating systems all need to protect against it. And worse, plugging the hole can negatively affect your
PC’s performance. Everyday home users shouldn’t panic too much though. Just apply all available updates and keep your antivirus software vigilant, as ever.
Here’s a high-level look at what you need to know about Meltdown and Spectre, in plain language. If you like diving deep into technical details read Google’s post on the CPU vulnerabilities – fave.co/2DoKeKV.
What’s the issue?
Again, the CPU exploits in play here are extremely technical, but in a nutshell, the exploit allows access to your OSes sacrosanct kernel memory because of how the processors handle ‘speculative execution’, which modern chips perform to increase performance. An attacker can exploit these CPU vulnerabilities to expose extremely sensitive data in the protected kernel memory, including passwords, cryptographic keys, personal photos, emails, or any other data on your PC.
Meltdown is the more serious exploit, and the one that operating systems are rushing to fix. It “breaks the most fundamental isolation between user applications and the operating system,” according to Google. This flaw most strongly affects Intel processors because of the aggressive way they handle speculative execution, though a few ARM cores are also susceptible.
Spectre affects AMD and ARM processors as well as Intel CPUs, which means mobile devices are also at risk. There may be no permanent hardware solution to Spectre, which ‘tricks other applications into accessing arbitrary locations in their memory’. Processor firmware updates can mitigate the issue to some degree. Software also needs to be hardened to guard against it.
What’s a kernel?
The kernel inside your operating system is basically an invisible process that facilitates the way apps and functions work on your computer, talking directly to the hardware. It has complete access to your operating system, with the highest possible level of permissions. Standard software has much more limited access.
How do I know if my PC is at risk?
Short answer: It is. Yes, even if it’s a Mac. Google says “effectively every” Intel processor released since 1995
is vulnerable to Meltdown, regardless of the OS you’re running or whether you have a desktop or laptop.
AMD processors aren’t affected by the Meltdown bug. But chips from Intel, AMD, and ARM are susceptible to Spectre attacks. AMD says its hardware has “near zero” risk to one Spectre variant because of the way its chip architecture is designed, but AMD CPUs can still fall prey to another Spectre flaw.
How do I stay safe?
Update all the things. The entire computer industry is moving as quickly as possible to patch in Meltdown and Spectre protections. Right now, you should update your operating system, CPU firmware (if available), and web browser as soon as possible.
Make sure you are running security software as well – advice that Intel also stresses. No known Meltdown and Spectre attacks have been seen in the wild, but that’s sure to change now the details are public. Triggering the attacks requires hackers to have access to your PC. An antivirus suite keeps bad guys off your PC. And as always, only download software and apps from reputable sources to reduce the risk of infection.
What patches are already available?
Microsoft pushed out a Windows update protecting against Meltdown on 3 January, the day that the CPU exploits hit headlines. Updates issued outside of Microsoft’s monthly ‘Patch Tuesdays’ are rare, underlining the severity of this issue. Unfortunately, the emergency patch renders some AMD computers unbootable – mostly ones with older Sempron
and Athlon processors, judging by initial reports. Microsoft halted the roll-out of the patch on affected systems until the fix is fixed.
Intel is also publishing firmware updates for its processors. You’ll need to snag them from your PC, laptop, or motherboard maker (like HP or Gigabyte) rather than Intel itself. At the time of writing, Intel expected to have released firmware updates for 90 percent of processors released in the past five years to its partners, though it will take longer for PC makers to actually push those fixes out for their devices. Firmware updates for all CPUs released in the past five years will roll out by the end of January, at which point Intel “will then focus on issuing updates for older products as prioritized by our customers,” CEO Brian Krzanich said.
Intel revealed on 11 January it had received reports some users who owned Haswell or Broadwell systems were seeing “higher system reboots” after applying firmware updates. Intel’s working to fix the issue.
AMD plans to release firmware updates to protect against Spectre, with patches for Ryzen, Threadripper, and Epyc CPUs coming first, and older architectures later. They’re classified as optional because AMD says its CPU architecture has ‘near-zero’ risk against the Spectre variant that requires a firmware update.
Apple quietly protected against Meltdown in macOS High Sierra 10.13.2, which released on 6 December, as well as in iOS and tvOS 11.2. Kernel patches are also available for Linux.
Chromebooks received protection in Chrome OS 63, which released on December 15. You can find a detailed list of how individual Chromebooks
are affected at fave.co/2Drr8Uo. Furthermore, the Chrome web browser itself was updated to include an opt-in experimental feature called “site isolation” that can help guard against Spectre attacks. Site isolation is trickier on mobile devices; Google warns that it can create “functionality and performance issues” in Android, and since Chrome on iOS is forced to use Apple’s WKWebView, Spectre protections on that platform need to come from Apple itself. Chrome 64 will include more mitigations.
Other browsers are battening down the hatches against Spectre as well. Firefox 57 released in November with some initial safeguards, and Edge and Internet Explorer received an update alongside Windows 10. On 8 January, Apple pushed out updates
to iOS 11 and macOS with ‘security improvements to Safari and WebKit to mitigate the effects of Spectre’.
Nvidia swiftly released graphics card drivers containing initial protection against Spectre as well – a crucial fix since GPU display drivers sink deep hooks into your kernel. Grab the latest Nvidia drivers here.
Will these fixes slow down my PC or Mac?
It’s complicated, and highly dependent on your hardware, operating system, and workloads.
More recent Intel processors from the Skylake (6thgen Core 6xxx series) era onward have a technology called PCID (Process-Context Identifiers) enabled and suffer less of a performance impact, according to Microsoft. Your version of Windows makes a difference as well. Plus, some applications – most notably virtualization and data centre/cloud workloads – are
affected more than others. Intel confirmed that the performance loss will be dependent on workload, and ‘should not be significant’ for average PC users.
Microsoft offers a slightly different and more nuanced opinion. Windows chief Terry Myerson says they “don’t expect most users to notice a change” on Windows 10 systems running Intel 6th, 7th, or 8thgeneration Intel processors.
Intel published some post-patch benchmark results on best-case PCs like this on its blog (fave.co/2Dte3tJ). The tests showed an average performance loss of between 2- and 7 percent in the SYSMark 2014 SE benchmark, which simulates productivity tasks and media creation. Its responsiveness score – which Intel says measures “‘pain points’ in the user experience when performing common activities” – plummeted by a whopping 14 percent, though. In web applications that use heavy amounts of JavaScript, Intel saw a 7- to 10 percent performance loss post-patch. These tests were performed on SSD-equipped systems; Intel reports the performance loss is less noticeable if you’re using a traditional hard drive. Those are the best-case scenarios, though. If you’re running older processors, including 5thgen Haswell chips, “some benchmarks show more significant slowdowns, and we expect that some users will notice a decrease in system performance,” Microsoft reports. Finally, Microsoft says for PCs running one of those older Intel CPUs and the older Windows 7 or 8 operating systems, “we expect most users to notice a decrease in system performance.” As far a business use cases, Windows Server “shows a
more significant performance impact when you enable the mitigations to isolate untrusted code within a Windows Server instance.”
Early consumer benchmarks conducted using the Windows patch alone showed the most performance impact in storage speeds, but Microsoft’s Myerson stresses, “many of the benchmarks published so far do not include both OS and silicon updates,” which he deems a crucial part of the performance puzzle. Intel’s benchmarks include both OS and firmware updates.
“Obviously it depends on just exactly what you do,” Linux creator Linus Torvalds wrote in the Linux Kernel
Mailing List. “Some loads will hardly be affected at all, if they just spend all their time in user space. And if you do a lot of small system calls, you might see double-digit slowdown.”
Will my games get slower?
Not according to the limited testing performed so far, though these sources didn’t test the Meltdown and Spectre patches with updated CPU firmware.
Phoronix tested Dota 2, Counter-Strike: Global Offensive, Deus Ex: Mankind Divided, Dawn of War III, F1 2017, and The Talos Principle on a Linux 4.15-rc6 machine with a Core i7-8700K and Radeon Vega 64. None saw a frame rate change outside the margin of error range.
Hardware Unboxed tested a handful of DirectXbased Windows games in the video linked above. With DirectX hooking so deeply into Windows, gamers were worried about a potential performance degradation there. Fortunately, Hardware Unboxed observed virtually no frame rate loss in Ashes of the Singularity, Assassin’s Creed: Origins, or Battlefield 1.
Are AMD processors affected?
Much, much less than Intel chips. All modern CPUs are vulnerable to Spectre attacks, but AMD says that its CPUs have “near zero” risk to the variant causing performance slowdowns in Windows PC due to the way they’re constructed. Nevertheless, AMD is releasing CPU firmware updates to protect against it, though they’re classified as optional. Operating system and software updates will protect against the other
Spectre variant. There is “zero AMD vulnerability” to Meltdown thanks to chip design, AMD says. If operating system patches exclude AMD CPUs from the new Meltdown-related performance restrictions – and Linux definitely is – the performance war between Intel’s chips and AMD’s new Ryzen CPUs may get even tighter.
Unfortunately, the emergency Windows patch renders some AMD PCs unbootable, which prompted Microsoft to halt its installation on potentially impacted systems. It appears mostly older Sempron and Athlon CPUs are affected. The security patches will resume once AMD and Microsoft correct the issue.