How concerned should I be about meltdown and spectre exploits?

rich4721

Junior Member
Jul 31, 2018
6
0
6
I want to build a new PC and normally I would go with an Intel processor because I care mostly about emulation and Intel CPUs have better single threaded performance. However, it doesn't seem like choosing an Intel CPU would be a good idea right now because of the meltdown and spectre exploits with Intel chips. I know AMD CPUs are still vulnerable to the Spectre variant 1 exploit but they are not vulnerable to the other variants and AMD CPUs seem like a safer choice right now. I'm afraid that if I get an Intel CPU, I'll visit the wrong website, click on the wrong link, get the wrong popup and then have malware installed on my PC that takes advantage of the meltdown and spectre exploits. If I did go with AMD, I'd choose the 2600x.

That being said, I'd like to hear what you guys think. How serious of a problem are these exploits?
 

whm1974

Diamond Member
Jul 24, 2016
9,460
1,570
96
To put simply and generally speaking, most desktop users are not affected. Wikipedia can explain in more detail.
 
  • Like
Reactions: ViRGE

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,478
14,434
136
Well, if the BIOS already has the fix, and windows update auto-installs the patches, and you have a SSD or NVME SSD, it will drastically slow down the disc access.
 
  • Like
Reactions: Jimzz and Drazick

epsilon84

Golden Member
Aug 29, 2010
1,142
927
136
Well, if the BIOS already has the fix, and windows update auto-installs the patches, and you have a SSD or NVME SSD, it will drastically slow down the disc access.

Perhaps for server type workloads that hit the IO hard. For desktop workloads? Sorry Mark but gonna have to call that out.

https://www.techspot.com/review/1646-storage-performance-intel-z370-vs-amd-x470/

When using NVME storage, Z370 is generally equal to or slightly faster than X470 when when using 'desktop' type workloads.
 

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,478
14,434
136
Perhaps for server type workloads that hit the IO hard. For desktop workloads? Sorry Mark but gonna have to call that out.

https://www.techspot.com/review/1646-storage-performance-intel-z370-vs-amd-x470/

When using NVME storage, Z370 is generally equal to or slightly faster than X470 when when using 'desktop' type workloads.
They did not say if the systems were patched or not. I can't find the link now, but it had nothing to do with servers, just if it was patched it was a big hit. Its somewhere in the meltdown/spectre thread. I am not looking again.
 
  • Like
Reactions: Jimzz and Drazick

epsilon84

Golden Member
Aug 29, 2010
1,142
927
136
They did not say if the systems were patched or not. I can't find the link now, but it had nothing to do with servers, just if it was patched it was a big hit. Its somewhere in the meltdown/spectre thread. I am not looking again.
Hardware Unbowed / Techspot always runs the latest version of windows and BIOS in their testing. I've followed them for years, I'm sure their software is up to date, though if you really require proof I can always send a message to them on YouTube or Techspot forums.

I'm not saying there is no hit from the Spectre / Meltdown patches, but it's not likely to be noticeable for desktop usage. Using a general wide-ranging statement that 'disk access is drastically slowed' is practically FUD, I'm a 8700K user with an SSD and synthetics aside, I haven't noticed any slowdowns for my apps and games.

If the patches had affected my SSD as much as you seem to believe, I would have got rid of my system in a heartbeat. The reality is that for the average user opening apps or loading a map on a game, SSD performance is largely unaffected.
 
Last edited:
  • Like
Reactions: PeterScott

Sable

Golden Member
Jan 7, 2006
1,127
97
91
literally poo your pants right now. you could be hacked at any second.

except you'll be fine. update everything, the performance loss is minimal and I'm fairly sure it requires specific targeting for the hack job. so as long as you're not a berk on the interwebs and dont run every .exe that says it will increase your clockspeed/download inifinity wars/cure cancer you'll be fine.
 
  • Like
Reactions: whm1974

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,478
14,434
136
Hardware Unbowed / Techspot always runs the latest version of windows and BIOS in their testing. I've followed them for years, I'm sure their software is up to date, though if you really require proof I can always send a message to them on YouTube or Techspot forums.

I'm not saying there is no hit from the Spectre / Meltdown patches, but it's not likely to be noticeable for desktop usage. Using a general wide-ranging statement that 'disk access is drastically slowed' is practically FUD, I'm a 8700K user with an SSD and synthetics aside, I haven't noticed any slowdowns for my apps and games.

If the patches had affected my SSD as much as you seem to believe, I would have got rid of my system in a heartbeat. The reality is that for the average user opening apps or loading a map on a game, SSD performance is largely unaffected.

Well, with a quick scan, I only found this so far. But 23% seems pretty significant.:

Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch

By Steven Walton on January 4, 2018

SSD performance for random 4K reads took a hit for 23%. You can skim over the rest of the tests.
 

epsilon84

Golden Member
Aug 29, 2010
1,142
927
136
Well, with a quick scan, I only found this so far. But 23% seems pretty significant.:

Testing Windows 10 Performance Before and After the Meltdown Flaw Emergency Patch

By Steven Walton on January 4, 2018

SSD performance for random 4K reads took a hit for 23%. You can skim over the rest of the tests.
So now you're highlighting a worst case scenario performance hit and then using that as a general statement. Does desktop usage revolve around random 4K read speeds? Is the overall SSD throughout reduced by 23%? Is the actual user experience drastically affected by the patch?

Those are rhetorical questions by the way, I already know the answer to them, as I use my system on a daily basis.

To the OP, I honestly wouldn't worry about Spectre / Meltdown as long as your OS and BIOS are up to date, as all the vulnerabilities would have been patched.

Yes, there is a slight performance penalty to applying those updates, but nothing really noticeable to your average desktop usage
 
Last edited:

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,478
14,434
136
So now you're highlighting a worst case scenario performance hit and then using that as a general statement. Does desktop usage revolve around random 4K read speeds? Is the overall SSD throughout reduced by 23%? Is the actual user experience drastically affected by the patch?

Those are rhetorical questions by the way, I already know the answer to them, as I use my system on a daily basis.

To the OP, I honestly wouldn't worry about Spectre / Meltdown as long as your OS and BIOS are up to date, as all the vulnerabilities would have been patched.

Yes, there is a slight performance penalty to applying those updates, but nothing really noticeable to your average desktop usage
I said this was a quick search. There were WORSE hits in other benchmarks, but whatever... I am done here.
 
  • Like
Reactions: Jimzz and Drazick

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
Here's a nice little summary on what to expect:

https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4

I patched my Intel system, and what I've personally noticed is my CPU uses a little bit more resources doing various tasks, and my Samsung 960 EVO synthetic benchmark scores dropped some, but I never cared enough to run "real world" storage tests.

Personally though, if I were buying a new system right now, that 2600X is one heck of a "bang for the buck" CPU. 6 cores + 6 threads will treat you well for a while.
 

JoeRambo

Golden Member
Jun 13, 2013
1,814
2,105
136
For desktop user i would not care about those at all. There are probably much better privilege elevation exploits for code running locally and same goes for browsers - much easier exploits are around. And CIA/NSA types - they probably use those "special" exploits in ME, routers and so on.
So i run with those patches disabled, and enjoying full performance. There is a hidden gotcha, that by disabling Meltdown fixes on Windows, You also disable PCID optimizations, that were implemented to reduce impact of Meltdown, and You end up running OS code path that is ancient, but no longer developed for and tested, so things could spectacularly blow up ( like next next Windows 10 2021 Spring upgrade refusing to boot etc).

But to my best research there are no downsides to disabling Spectre fixes, as those avoid "calling" new MSRs etc implemented in CPU firmware and avoid the costs.
 

beginner99

Diamond Member
Jun 2, 2009
5,208
1,580
136
I want to build a new PC and normally I would go with an Intel processor because I care mostly about emulation and Intel CPUs have better single threaded performance. However, it doesn't seem like choosing an Intel CPU would be a good idea right now because of the meltdown and spectre exploits with Intel chips. I know AMD CPUs are still vulnerable to the Spectre variant 1 exploit but they are not vulnerable to the other variants and AMD CPUs seem like a safer choice right now. I'm afraid that if I get an Intel CPU, I'll visit the wrong website, click on the wrong link, get the wrong popup and then have malware installed on my PC that takes advantage of the meltdown and spectre exploits. If I did go with AMD, I'd choose the 2600x.

That being said, I'd like to hear what you guys think. How serious of a problem are these exploits?

Current replies IMHO complete miss his questions.

1. All browsers were patched for meltdown / spectre so a website can't use the attack even if you don't have the windows patches installed
2. Most likely you will have windows patches installed

BUT: IMHO besides the browser patches (which simply reduce timer accuracy) as a desktop user no other patches are really needed. This issue is a problem for data centers that run virtual machines. The problem in a data center like amazon is, that I rent my machine, install my malware that uses meltdown/spectre and then I can read data from memory from other virtual machines running on the same physical system. Of course this is a huge issue.
On a desktop you don't need such a complicated scheme. If a hacker can install software on your pc, you already lost and if he can't install software he can't attack you through meltdown/spectre. So again, these are almost non-issues for desktop users after browsers were patched.
 

naukkis

Senior member
Jun 5, 2002
701
569
136
Thank god , they dont work on the iPhone and other iOS devices. I cant live with the knowledge that my phone is exploitable.

But they do, Iphone and IOS devices are vulnerable to both Spectre and Meltdown. Is software is up to date most exploits have already been patched.
 

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
Thank god , they dont work on the iPhone and other iOS devices. I cant live with the knowledge that my phone is exploitable.

Phone operating systems, especially Android, have a lot more security concerns than desktops with properly patched operating systems.

Factor in that many phones don't get any new OS updates after they are a certain age is of major concern as well for people who keep their phones for years.
 

Jimzz

Diamond Member
Oct 23, 2012
4,399
190
106
I'd have no problem with a Zen+ system with the 470/450 chipset. I have a Intel system now that will be replaced with a new AMD system in the next year.
 

PeterScott

Platinum Member
Jul 7, 2017
2,605
1,540
136
They did not say if the systems were patched or not. I can't find the link now, but it had nothing to do with servers, just if it was patched it was a big hit. Its somewhere in the meltdown/spectre thread. I am not looking again.

Their systems were patched back in January when they did their specific meltdown/Specter testing. They mentioned in a couple of reviews comparison after that point, that previous test didn't have the patches, and these newer reviews did. After a while they just stopped mentioning it as an obvious given.

It isn't reasonable to argue that they removed patches from their system in the interim.

The reality is that Intel may have lost some disk performance vs their own prior levels in a few niche cases, but their storage performance is still just as good as AMD does at this point with patches applied.

To put it fewer words. Specter/Meltdown are utterly irrelevant for home users.

Mainly it gets dredged up to use as FUD against Intel products by AMD partisans.
 
  • Like
Reactions: Zucker2k

DaveSimmons

Elite Member
Aug 12, 2001
40,730
670
126
Spectre / meltdown are not a valid reason for normal home users of gaming and productivity apps to choose AMD.

If you want value, overclocked AMD is a good choice. If you want power efficiency and better gaming performance at stock speed then intel is a good choice. Either choice will work well, and most of the difference will only be noticeable when playing the popular game "Benchmark."
 

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,478
14,434
136
Their systems were patched back in January when they did their specific meltdown/Specter testing. They mentioned in a couple of reviews comparison after that point, that previous test didn't have the patches, and these newer reviews did. After a while they just stopped mentioning it as an obvious given.

It isn't reasonable to argue that they removed patches from their system in the interim.

The reality is that Intel may have lost some disk performance vs their own prior levels in a few niche cases, but their storage performance is still just as good as AMD does at this point with patches applied.

To put it fewer words. Specter/Meltdown are utterly irrelevant for home users.

Mainly it gets dredged up to use as FUD against Intel products by AMD partisans.
From the Anandtech review :
"On the whole, we see that the patches for Meltdown and Spectre affect real-world application benchmarks, but, synthetic ones are largely unaffected. The common factor among most of these benchmarks in turn is storage and I/O; the greater the number of operations, the more likely a program will feel the impact of the patches."

Key words are "relevant" and "IO". So the more IO, the worse the performance hit.

Article link: https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4 dated March 23rd, 2018
 
  • Like
Reactions: Drazick and Jimzz

PeterScott

Platinum Member
Jul 7, 2017
2,605
1,540
136
From the Anandtech review :
"On the whole, we see that the patches for Meltdown and Spectre affect real-world application benchmarks, but, synthetic ones are largely unaffected. The common factor among most of these benchmarks in turn is storage and I/O; the greater the number of operations, the more likely a program will feel the impact of the patches."

Key words are "relevant" and "IO". So the more IO, the worse the performance hit.

Article link: https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4 dated March 23rd, 2018

So? Most of the benchmarks were in the +/- 3%.

And even that "worse performance" on storage related items is only related to prior Intel performance.

If you compare those storage related benchmarks between AMD and Intel. Intel is not showing any kind of serious deficit.

As much as some partisans like to use it as FUD against Intel, Specter/Meltdown is not a determinant in choosing between Intel/AMD.
 

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
From the Anandtech review :
"On the whole, we see that the patches for Meltdown and Spectre affect real-world application benchmarks, but, synthetic ones are largely unaffected. The common factor among most of these benchmarks in turn is storage and I/O; the greater the number of operations, the more likely a program will feel the impact of the patches."

Key words are "relevant" and "IO". So the more IO, the worse the performance hit.

Article link: https://www.anandtech.com/show/12566/analyzing-meltdown-spectre-perf-impact-on-intel-nuc7i7bnh/4 dated March 23rd, 2018

Don't forget:
Though there is a certain irony to the fact that taken to its logical conclusion, patching a CPU instead renders storage performance slower, with the most impacted systems having the fastest storage.
 

Markfw

Moderator Emeritus, Elite Member
May 16, 2002
25,478
14,434
136
Don't forget:
Right, so the fastest IO systems get the greatest performance hit if I read your reply correctly. That my point. So someone is doing DC (very high IO) then their hit may be 20-30% like I saw in other benchmarks. Thats my point, and I get it since I do DC, and I see the biggest hit on my Intel systems. The IO light for the HD is constantly flashing.
 
  • Like
Reactions: Drazick and Jimzz