How concerned should I be about meltdown and spectre exploits?

rich4721

Junior Member
Jul 31, 2018
6
0
6
#1
I want to build a new PC and normally I would go with an Intel processor because I care mostly about emulation and Intel CPUs have better single threaded performance. However, it doesn't seem like choosing an Intel CPU would be a good idea right now because of the meltdown and spectre exploits with Intel chips. I know AMD CPUs are still vulnerable to the Spectre variant 1 exploit but they are not vulnerable to the other variants and AMD CPUs seem like a safer choice right now. I'm afraid that if I get an Intel CPU, I'll visit the wrong website, click on the wrong link, get the wrong popup and then have malware installed on my PC that takes advantage of the meltdown and spectre exploits. If I did go with AMD, I'd choose the 2600x.

That being said, I'd like to hear what you guys think. How serious of a problem are these exploits?
 

whm1974

Diamond Member
Jul 24, 2016
7,476
498
96
#2
To put simply and generally speaking, most desktop users are not affected. Wikipedia can explain in more detail.
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
17,801
1,451
136
#3
Well, if the BIOS already has the fix, and windows update auto-installs the patches, and you have a SSD or NVME SSD, it will drastically slow down the disc access.
 

epsilon84

Senior member
Aug 29, 2010
943
123
136
#5

epsilon84

Senior member
Aug 29, 2010
943
123
136
#6
Well, if the BIOS already has the fix, and windows update auto-installs the patches, and you have a SSD or NVME SSD, it will drastically slow down the disc access.
Perhaps for server type workloads that hit the IO hard. For desktop workloads? Sorry Mark but gonna have to call that out.

https://www.techspot.com/review/1646-storage-performance-intel-z370-vs-amd-x470/

When using NVME storage, Z370 is generally equal to or slightly faster than X470 when when using 'desktop' type workloads.
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
17,801
1,451
136
#7
Perhaps for server type workloads that hit the IO hard. For desktop workloads? Sorry Mark but gonna have to call that out.

https://www.techspot.com/review/1646-storage-performance-intel-z370-vs-amd-x470/

When using NVME storage, Z370 is generally equal to or slightly faster than X470 when when using 'desktop' type workloads.
They did not say if the systems were patched or not. I can't find the link now, but it had nothing to do with servers, just if it was patched it was a big hit. Its somewhere in the meltdown/spectre thread. I am not looking again.
 

epsilon84

Senior member
Aug 29, 2010
943
123
136
#8
They did not say if the systems were patched or not. I can't find the link now, but it had nothing to do with servers, just if it was patched it was a big hit. Its somewhere in the meltdown/spectre thread. I am not looking again.
Hardware Unbowed / Techspot always runs the latest version of windows and BIOS in their testing. I've followed them for years, I'm sure their software is up to date, though if you really require proof I can always send a message to them on YouTube or Techspot forums.

I'm not saying there is no hit from the Spectre / Meltdown patches, but it's not likely to be noticeable for desktop usage. Using a general wide-ranging statement that 'disk access is drastically slowed' is practically FUD, I'm a 8700K user with an SSD and synthetics aside, I haven't noticed any slowdowns for my apps and games.

If the patches had affected my SSD as much as you seem to believe, I would have got rid of my system in a heartbeat. The reality is that for the average user opening apps or loading a map on a game, SSD performance is largely unaffected.
 
Last edited:

Sable

Golden Member
Jan 7, 2006
1,093
1
91
#9
literally poo your pants right now. you could be hacked at any second.

except you'll be fine. update everything, the performance loss is minimal and I'm fairly sure it requires specific targeting for the hack job. so as long as you're not a berk on the interwebs and dont run every .exe that says it will increase your clockspeed/download inifinity wars/cure cancer you'll be fine.
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
17,801
1,451
136
#10
Hardware Unbowed / Techspot always runs the latest version of windows and BIOS in their testing. I've followed them for years, I'm sure their software is up to date, though if you really require proof I can always send a message to them on YouTube or Techspot forums.

I'm not saying there is no hit from the Spectre / Meltdown patches, but it's not likely to be noticeable for desktop usage. Using a general wide-ranging statement that 'disk access is drastically slowed' is practically FUD, I'm a 8700K user with an SSD and synthetics aside, I haven't noticed any slowdowns for my apps and games.

If the patches had affected my SSD as much as you seem to believe, I would have got rid of my system in a heartbeat. The reality is that for the average user opening apps or loading a map on a game, SSD performance is largely unaffected.
Well, with a quick scan, I only found this so far. But 23% seems pretty significant.:

Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch

By Steven Walton on January 4, 2018

SSD performance for random 4K reads took a hit for 23%. You can skim over the rest of the tests.
 

epsilon84

Senior member
Aug 29, 2010
943
123
136
#11
Well, with a quick scan, I only found this so far. But 23% seems pretty significant.:

Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch

By Steven Walton on January 4, 2018

SSD performance for random 4K reads took a hit for 23%. You can skim over the rest of the tests.
So now you're highlighting a worst case scenario performance hit and then using that as a general statement. Does desktop usage revolve around random 4K read speeds? Is the overall SSD throughout reduced by 23%? Is the actual user experience drastically affected by the patch?

Those are rhetorical questions by the way, I already know the answer to them, as I use my system on a daily basis.

To the OP, I honestly wouldn't worry about Spectre / Meltdown as long as your OS and BIOS are up to date, as all the vulnerabilities would have been patched.

Yes, there is a slight performance penalty to applying those updates, but nothing really noticeable to your average desktop usage
 
Last edited:

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
17,801
1,451
136
#12
So now you're highlighting a worst case scenario performance hit and then using that as a general statement. Does desktop usage revolve around random 4K read speeds? Is the overall SSD throughout reduced by 23%? Is the actual user experience drastically affected by the patch?

Those are rhetorical questions by the way, I already know the answer to them, as I use my system on a daily basis.

To the OP, I honestly wouldn't worry about Spectre / Meltdown as long as your OS and BIOS are up to date, as all the vulnerabilities would have been patched.

Yes, there is a slight performance penalty to applying those updates, but nothing really noticeable to your average desktop usage
I said this was a quick search. There were WORSE hits in other benchmarks, but whatever... I am done here.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,818
557
136
#13
Here's a nice little summary on what to expect:

https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4

I patched my Intel system, and what I've personally noticed is my CPU uses a little bit more resources doing various tasks, and my Samsung 960 EVO synthetic benchmark scores dropped some, but I never cared enough to run "real world" storage tests.

Personally though, if I were buying a new system right now, that 2600X is one heck of a "bang for the buck" CPU. 6 cores + 6 threads will treat you well for a while.
 

JoeRambo

Senior member
Jun 13, 2013
668
54
136
#14
For desktop user i would not care about those at all. There are probably much better privilege elevation exploits for code running locally and same goes for browsers - much easier exploits are around. And CIA/NSA types - they probably use those "special" exploits in ME, routers and so on.
So i run with those patches disabled, and enjoying full performance. There is a hidden gotcha, that by disabling Meltdown fixes on Windows, You also disable PCID optimizations, that were implemented to reduce impact of Meltdown, and You end up running OS code path that is ancient, but no longer developed for and tested, so things could spectacularly blow up ( like next next Windows 10 2021 Spring upgrade refusing to boot etc).

But to my best research there are no downsides to disabling Spectre fixes, as those avoid "calling" new MSRs etc implemented in CPU firmware and avoid the costs.
 

beginner99

Diamond Member
Jun 2, 2009
4,127
197
126
#15
I want to build a new PC and normally I would go with an Intel processor because I care mostly about emulation and Intel CPUs have better single threaded performance. However, it doesn't seem like choosing an Intel CPU would be a good idea right now because of the meltdown and spectre exploits with Intel chips. I know AMD CPUs are still vulnerable to the Spectre variant 1 exploit but they are not vulnerable to the other variants and AMD CPUs seem like a safer choice right now. I'm afraid that if I get an Intel CPU, I'll visit the wrong website, click on the wrong link, get the wrong popup and then have malware installed on my PC that takes advantage of the meltdown and spectre exploits. If I did go with AMD, I'd choose the 2600x.

That being said, I'd like to hear what you guys think. How serious of a problem are these exploits?
Current replies IMHO complete miss his questions.

1. All browsers were patched for meltdown / spectre so a website can't use the attack even if you don't have the windows patches installed
2. Most likely you will have windows patches installed

BUT: IMHO besides the browser patches (which simply reduce timer accuracy) as a desktop user no other patches are really needed. This issue is a problem for data centers that run virtual machines. The problem in a data center like amazon is, that I rent my machine, install my malware that uses meltdown/spectre and then I can read data from memory from other virtual machines running on the same physical system. Of course this is a huge issue.
On a desktop you don't need such a complicated scheme. If a hacker can install software on your pc, you already lost and if he can't install software he can't attack you through meltdown/spectre. So again, these are almost non-issues for desktop users after browsers were patched.
 

naukkis

Senior member
Jun 5, 2002
207
38
101
#16
Thank god , they dont work on the iPhone and other iOS devices. I cant live with the knowledge that my phone is exploitable.
But they do, Iphone and IOS devices are vulnerable to both Spectre and Meltdown. Is software is up to date most exploits have already been patched.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,818
557
136
#17
Thank god , they dont work on the iPhone and other iOS devices. I cant live with the knowledge that my phone is exploitable.
Phone operating systems, especially Android, have a lot more security concerns than desktops with properly patched operating systems.

Factor in that many phones don't get any new OS updates after they are a certain age is of major concern as well for people who keep their phones for years.
 

Jimzz

Diamond Member
Oct 23, 2012
4,251
44
91
#18
I'd have no problem with a Zen+ system with the 470/450 chipset. I have a Intel system now that will be replaced with a new AMD system in the next year.
 

maddie

Platinum Member
Jul 18, 2010
2,605
512
136
#19
Thank god , they dont work on the iPhone and other iOS devices. I cant live with the knowledge that my phone is exploitable.
Unfortunately, not everyone gets it. Nice 1st post.
 

PeterScott

Platinum Member
Jul 7, 2017
2,605
227
96
#20
They did not say if the systems were patched or not. I can't find the link now, but it had nothing to do with servers, just if it was patched it was a big hit. Its somewhere in the meltdown/spectre thread. I am not looking again.
Their systems were patched back in January when they did their specific meltdown/Specter testing. They mentioned in a couple of reviews comparison after that point, that previous test didn't have the patches, and these newer reviews did. After a while they just stopped mentioning it as an obvious given.

It isn't reasonable to argue that they removed patches from their system in the interim.

The reality is that Intel may have lost some disk performance vs their own prior levels in a few niche cases, but their storage performance is still just as good as AMD does at this point with patches applied.

To put it fewer words. Specter/Meltdown are utterly irrelevant for home users.

Mainly it gets dredged up to use as FUD against Intel products by AMD partisans.
 

DaveSimmons

Elite Member
Aug 12, 2001
40,741
0
126
#21
Spectre / meltdown are not a valid reason for normal home users of gaming and productivity apps to choose AMD.

If you want value, overclocked AMD is a good choice. If you want power efficiency and better gaming performance at stock speed then intel is a good choice. Either choice will work well, and most of the difference will only be noticeable when playing the popular game "Benchmark."
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
17,801
1,451
136
#22
Their systems were patched back in January when they did their specific meltdown/Specter testing. They mentioned in a couple of reviews comparison after that point, that previous test didn't have the patches, and these newer reviews did. After a while they just stopped mentioning it as an obvious given.

It isn't reasonable to argue that they removed patches from their system in the interim.

The reality is that Intel may have lost some disk performance vs their own prior levels in a few niche cases, but their storage performance is still just as good as AMD does at this point with patches applied.

To put it fewer words. Specter/Meltdown are utterly irrelevant for home users.

Mainly it gets dredged up to use as FUD against Intel products by AMD partisans.
From the Anandtech review :
"On the whole, we see that the patches for Meltdown and Spectre affect real-world application benchmarks, but, synthetic ones are largely unaffected. The common factor among most of these benchmarks in turn is storage and I/O; the greater the number of operations, the more likely a program will feel the impact of the patches."

Key words are "relevant" and "IO". So the more IO, the worse the performance hit.

Article link: https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4 dated March 23rd, 2018
 

PeterScott

Platinum Member
Jul 7, 2017
2,605
227
96
#23
From the Anandtech review :
"On the whole, we see that the patches for Meltdown and Spectre affect real-world application benchmarks, but, synthetic ones are largely unaffected. The common factor among most of these benchmarks in turn is storage and I/O; the greater the number of operations, the more likely a program will feel the impact of the patches."

Key words are "relevant" and "IO". So the more IO, the worse the performance hit.

Article link: https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4 dated March 23rd, 2018
So? Most of the benchmarks were in the +/- 3%.

And even that "worse performance" on storage related items is only related to prior Intel performance.

If you compare those storage related benchmarks between AMD and Intel. Intel is not showing any kind of serious deficit.

As much as some partisans like to use it as FUD against Intel, Specter/Meltdown is not a determinant in choosing between Intel/AMD.
 

UsandThem

Super Moderator
Super Moderator
May 4, 2000
10,818
557
136
#24
From the Anandtech review :
"On the whole, we see that the patches for Meltdown and Spectre affect real-world application benchmarks, but, synthetic ones are largely unaffected. The common factor among most of these benchmarks in turn is storage and I/O; the greater the number of operations, the more likely a program will feel the impact of the patches."

Key words are "relevant" and "IO". So the more IO, the worse the performance hit.

Article link: https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4 dated March 23rd, 2018
Don't forget:
Though there is a certain irony to the fact that taken to its logical conclusion, patching a CPU instead renders storage performance slower, with the most impacted systems having the fastest storage.
 

Markfw

CPU Moderator, VC&G Moderator, Elite Member
Super Moderator
May 16, 2002
17,801
1,451
136
#25
Right, so the fastest IO systems get the greatest performance hit if I read your reply correctly. That my point. So someone is doing DC (very high IO) then their hit may be 20-30% like I saw in other benchmarks. Thats my point, and I get it since I do DC, and I see the biggest hit on my Intel systems. The IO light for the HD is constantly flashing.
 


ASK THE COMMUNITY

TRENDING THREADS