TECH REPORT
Spectre and Meltdown affect PC gaming, and there’s no easy fix
Intel has had a bad month. A pair of far-reaching CPU security issues dubbed ‘Spectre’ and ‘Meltdown’ (presumably action movie producers were in charge of naming them) have been all over the headlines recently, and their impact is far-reaching: If you have an Intel CPU produced in the last 20 years sitting at the heart of your PC, you’re affected.
The question is: How much? In theory, the Meltdown exploit allows access to all the bits of your CPU that were considered impossible to access, and thus allocated as secure memory storage. That means any and all sensitive data is fair game for potential cyber snoopers. Passwords, photos, documents, off-color Skyrim mods: The lot. Spectre is a similar story, but it doesn’t end with Intel PCs. AMD desktops, smartphones, and tablets of all denominations can be stolen of their most secure information by the latter exploit. It’s a bit of a worry.
Security exploits do appear, of course, and a company as big as Intel shouldn’t be dragged across the coals simply for an exploit being discovered across its decades-wide raft of hardware. It might seem flimsy, considering the scale of the problem, but these things happen. Frequently. That’s why your PC wants to restart itself every five minutes—cyber security is forever changing, and both manufacturers and platform holders need to be agile in their responses.
Feeling the heat
The difference with Meltdown and Spectre is that they were brought to the world’s attention long before Intel, Microsoft, Apple, AMD, etal were ready to roll out any fixes. That’s dangerous. It was discovered by four separate research teams, independently, over just a few months. They informed Intel, and Intel started work on a fix for its two-decades-old security flaw. Yet word about Meltdown and Spectre got out before it was ready.
After the security flaws were made public, news sites reported that Intel’s CEO Brian Krzanich had sold off a huge number of stocks in the company in November 2017—months after Intel had been made aware of the problem. An Intel spokesperson told press that Krzanich’s sale was “unrelated” to the security issues. And as of writing, Intel’s stock is trading at roughly the same price Krzanich sold it for, meaning there was no significant gain from that timing.
Some good news, though: Meltdown hasn’t been as bad as the gloomier industry voices feared, and we’ve yet to see an attack as a result of these flaws. In fact, despite panicked reports about just how bad these exploits could be, Intel and other affected manufacturers were able to roll out their updates before Meltdown lived up to its ominous moniker. We haven’t seen anything on the scale of the 2017 NHS cyber attack, for example, in which over 300,000 computers were affected. Unfortunately, the updates come with an admittedly
less-cataclysmic side effect: They affect CPU performance.
CPUs, like pre-election governments, need to demonstrate strength and stability. Strength is measured in raw datacrunching ability, and stability from the absence of blue screens, system hangs, and alarming pops. It’s been a frenetic 20 years for CPU performance and until recently the industry kept pace with Moore’s Law, which is to say the focus has long been on faster performance, iterating on architecture so that it’s optimized to perfection, then repeating. Fixing a problem that applies to every Intel CPU architecture since the mid-’90s, then, threatens to shake loose those gains. It requires a fundamental change in operation, because the exploit works by accessing the OS kernel, a secret area of virtual memory kept several layers deep in an OS and blocks untrusted programs from accessing it.
Intel’s intel
The bad news? Early reports about the Meltdown fixes suggest they can impact performance by as much as 49%. The good news? Your gaming PC is probably fine. Large-scale server arrays and big data virtual machine-type stuff has been hit hardest. Snoop on one individual machine, and maybe you get a Netflix login, some Steam chat records, and perhaps a folder of holiday snaps. Snoop on a virtual machine that’s connected to many others, and suddenly you’ve got access to the type and volume of data that lets you hold big companies to ransom. That was an example, by the way, not an instruction.
As the Windows patch has been ignominiously rolled out the world over, benchmarkers haven’t noticed much of a drop-off in gaming performance on a single machine. Synthetic benchmarks, like Cinebench, seem more likely to report lower performance, but games themselves? Most benchmarks show a 1fps drop, roughly. That’s frustrating, certainly, if you’ve fine-tuned your CPU and overclocked that extra 1fps through hard graft. But considering the potential ramifications of a security vulnerability this big, it’s a comparatively small price to pay. So if your first instinct upon reading this is to start googling ‘how to roll back meltdown fix’... don’t. Seriously.
The real question is whether major companies, such as Google, Microsoft and its Azure cloud service, and Amazon, can implement a fix without their whole infrastructure falling over. Ultimately, yes, these security breaches are a big deal. Yes, they affect PC gaming, but no, not by any meaningful measure. Let Windows or Linux do their thing, and enjoy that private data of yours. Phil Iwaniuk