Intel Kernel Flaw: Will this effect GW2?

[Malediktus.9250]

You cannot say you will notice a 1-3% difference (power consumption of the CPU will also go up since more CPU cycles are wasted for security instead of being idle). The amount of difference will vary greatly based on the game/application and the hardware used. Each application is different and we dont know how specific code problems were solved and hardware exists in thousands of different combinations. Even two chips of the same SKU can be in worst case 20% apart in power consumption, voltages required and max clockspeeds (for OC), that is why some people buy pre tested hardware for a premium price.

The problem is multi player games are very hard to benchmark since the contents on your screen will change all the time even without your input due to other players. And benchmarking in an empty story instance is worthless since that barely stresses your computer compared to open world or wvw zergs.

 

[Dawdler.8521]

> @"uncomfortably energetic.9153" said:

> > @"Malediktus.9250" said:

> > No slowdown at all is bs, there will be one, just a question of how much. That will vary greatly from application to application and your hardware.

> >

> > I saw this on reddit:

> > just too bad he did not post anything about his hardware and how much fps he believes to have lost

> >

> >

> > people who say this will have no impact on gaming are most likely wrong. Just 5 games benchmarked there and upto 13% performance loss. Granted it is on a 4 core without hyperthreading, but this is what the average person is probably using.

>

> You will notice a difference of about 1-3% while playing games, the software patch relates to how sys calls are handled wich most games do little to none of, server side however will notice performance hits upto the 30% wich we are already seeing.

Well the judge is still out on whether it impacts servers either.

 

Apple, Google, Microsoft and Amazon are saying they're not seeing any noticable negative performance impacts and I hope they know both OS and server behaviour. Of course it could be good PR in support of Intel, but still, thats what they say.

 

[Rennie.6750]

Yes, but you'll only notice minimal drops in performance if your CPU was the bottleneck before the update.

 

> @"Malediktus.9250" said:

> It will affect everything, just a question how much. Personally I deactivated Windows Update already. I lived 10 years with this security risk and I am not willing to sacrifice even 1% performance to fix one out of hundreds of security issues.

 

The flaw was unknown until very recently. Expect new malware taking advantage of it very soon. The best part: they will leave no trace as they're all going to be kernel level. They could turn your computer into a zombie bot for DDOS or sell your CPU time and you wouldn't know because the kernel wouldn't report use. All it takes is some malicious JS code so any webpage will do. Fun times ahead for you!

[mercury ranique.2170]

As promised the instructions how to uninstall the update that was released this week.

Instructions are (for windows 10):

 

Right click start menu

pick control panel

go to programs (check if the category view is on)

click 'view installed updates'

uninstall the update that causes the performancedrop. Listed as KB4056892

[BillC.4521]

> @"Rennie.6750" said:

 

> The flaw was unknown until very recently. Expect new malware taking advantage of it very soon. The best part: they will leave no trace as they're all going to be kernel level. They could turn your computer into a zombie bot for DDOS or sell your CPU time and you wouldn't know because the kernel wouldn't report use. All it takes is some malicious JS code so any webpage will do. Fun times ahead for you!

 

Where do you read that these flaw can turn your computer into bot for DDOS? Every article i read only said that these flaw make malware, malicious app, hacker, and javascript to have access to your private data that leftover in kernel or saved in app. And 1 article even said that for malware to have access to your kernel it need specific situation, the malware need to be already inside your computer, as for the javascript firefox already implement update to mitigate those and other browser will be soon.

So in the end good safe browsing practices is the best way to avoid this

 

I know its not good to ignore windows update, but even windows update alone dont really mitigate these flaws, you need firmware update and i doubt intel will give it to older cpu.

 

If you can share the link where it said these flaw can turn your pc into bot then it will be helpful

 

 

[Cobrakon.3108]

"programs can access your system at the kernel level"

UMMMMM.... What are you downloading brah?

 

Security has got to have a holistic approach. Everything From Physical access to the internet.

 

A lot of cubical dudes will suggest u get this update. But if your not the type to open up dancing teddybear emails, and u actually have multiple layers of security, and you have safe web browsing habits, then chances are you will never get harmed. however if your the "have to do absolutely everything i can to be secure" type then you'll download it anyways.

 

Your system will never be 100 percent safe and thats before this security flaw.

 

 

[Malediktus.9250]

https://www.epicgames.com/fortnite/forums/news/announcements/132642-epic-services-stability-update

the effect on MMO servers might be huge, almost double the load than before in this specific game. Does not look well for WvW where servers are already choking in huge fights.

 

> @"Cobrakon.3108" said:

> "programs can access your system at the kernel level"

> UMMMMM.... What are you downloading brah?

>

> Security has got to have a holistic approach. Everything From Physical access to the internet.

>

> A lot of cubical dudes will suggest u get this update. But if your not the type to open up dancing teddybear emails, and u actually have multiple layers of security, and you have safe web browsing habits, then chances are you will never get harmed. however if your the "have to do absolutely everything i can to be secure" type then you'll download it anyways.

>

> Your system will never be 100 percent safe and thats before this security flaw.

>

>

Pretty much this. Security updates and anti virus software just give a false sense of security. Fix one thing, leave a thousand other exploits/backdoors to go. It is better to assume everything is unsafe. Do not visit shady website, do not click on weird links, do not open emails from people you do not know, use noscript and adblockers and carefully whitelist things.

[Crinn.7864]

> @"Cobrakon.3108" said:

> "programs can access your system at the kernel level"

> UMMMMM.... What are you downloading brah?

>

> Security has got to have a holistic approach. Everything From Physical access to the internet.

>

> A lot of cubical dudes will suggest u get this update. But if your not the type to open up dancing teddybear emails, and u actually have multiple layers of security, and you have safe web browsing habits, then chances are you will never get harmed. however if your the "have to do absolutely everything i can to be secure" type then you'll download it anyways.

>

> Your system will never be 100 percent safe and thats before this security flaw.

>

>

 

You realize this exploit could be done by something as simple as a java applet running on a webpage? You don't need to download anything to be hit by this, which is what makes this exploit so scary. It literally bypasses all conventional security checks.

 

Also the performance hit of windows patch is negligible for the vast majority of applications.

[Deadly Moonshiner.1354]

I got my Win 10 system updated, I see no performance issues for now.

[BillC.4521]

so far this is all we know, whether you want to update or not its up to you

 

https://www.anandtech.com/show/12214/understanding-meltdown-and-spectre

the exploit can only be done locally (means you need to visit shady website, installing untrusted app, opening suspicious attachment) safe browing habit is needed

 

https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/

the remote attack so far only from javascript, already mitigated by some browser