Disable Spectre & Meltdown Mitigations to improve performance
Posted: Wed Feb 27, 2019 10:14 am
I revisited this a couple of weeks ago, when Steve Gibson mentioned on his podcast that studies show the performance hit from Spectre & Meltdown mitigations is even worse than Intel first thought, and that so far no one has seen any of these exploits used in the wild.
Moreover, as I said when this first came to light, these mitigations are really pointless on a home PC: if some malware gets into your PC, it would be wasting it's time going through the trouble of using a Spectre based attack to steal data from you, when there's so many other easier ways to do so.
Spectre and Meltdown are really only an attack that's useful on a server running multiple Virtual Machines (VMs). So for example, if I got some malware into one VM on a server because the owner was careless, I could use a Spectre attack to steal data from another VM on the same server, owned by someone else.
That's a data center issue, but it really isn't a threat model for a home PC, a gaming PC, or even a small business office PC.
By now, Microsoft has installed updates that mitigate Spectre and Meltdown on Windows PCs, so we're all taking some kind of performance hit (how much depends on your CPU generation).
I have decided that I don't need or want these mitigations, so this week I used Steve Gibson's InSpectre utility to disable them on all my PCs: https://www.grc.com/inspectre.htm
At this point I can comfortably recommend this for anyone who is a regular user. Let the data center admins worry about this.
Moreover, as I said when this first came to light, these mitigations are really pointless on a home PC: if some malware gets into your PC, it would be wasting it's time going through the trouble of using a Spectre based attack to steal data from you, when there's so many other easier ways to do so.
Spectre and Meltdown are really only an attack that's useful on a server running multiple Virtual Machines (VMs). So for example, if I got some malware into one VM on a server because the owner was careless, I could use a Spectre attack to steal data from another VM on the same server, owned by someone else.
That's a data center issue, but it really isn't a threat model for a home PC, a gaming PC, or even a small business office PC.
By now, Microsoft has installed updates that mitigate Spectre and Meltdown on Windows PCs, so we're all taking some kind of performance hit (how much depends on your CPU generation).
I have decided that I don't need or want these mitigations, so this week I used Steve Gibson's InSpectre utility to disable them on all my PCs: https://www.grc.com/inspectre.htm
At this point I can comfortably recommend this for anyone who is a regular user. Let the data center admins worry about this.