Google: Our Meltdown and Spectre Patches Don’t Slow Down Devices

[Bot]

While both Microsoft and Intel confirmed that their Meltdown and Spectre updates cause a more or less noticeable slowdown on devices, Google says no performance impact is being experienced following its own security patches.

Google says it started patching the three variants of the discovered vulnerabilities in September when the first mitigations for Variants 1 and 3 were released (Variants 1 and Variant 2 are generally referred to as Spectre, while Variant 3 is called Meltdown).

“Thanks to extensive performance tuning work, these protections caused no perceptible impact in our cloud and required no customer downtime in part due to Google Cloud Platform’s Live Migration technology. No GCP customer or internal team has reported any performance degradation,” Google says.

Variant 2 was the hardest to patch, and Google said that the first mitigation it considered would have caused a substantial performance impact because it all came down to disabling the vulnerable CPU features. Early implementations of this workaround in closed environments led to “considerable” slowdowns for many applications and inconsistent performance.

“Rolling out these mitigations would have negatively impacted many customers,” Google explains.

Read more: Google: Our Meltdown and Spectre Patches Don’t Slow Down Devices

 

[Deleted member 65228]

I did the update but if I thought it would have truly slowed down my system, then no, I wouldn't have updated. I would have just locked down the machine to vising only websites I know are 100% safe and regularly access and bought a non-Intel based Chromebook which has patched for various vulnerabilities to use for general tasks which the main system doesn't need to perform.

Win win either way. I keep the performance but the system is better protected from an attack using such vulnerabilities being performed, and I have another system to do the average tasks in which the original could be vulnerable doing.

If this wasn't an option, then I'd just do the update and have to live with the performance decreases. Thankfully, no performance issues occurred anyway.

If the update did cause issues and I ended up doing this and it led to me being infected due to exploitation of either vulnerabilities then that would be no one's fault but my own.

 

[RejZoR]

Yes. I have security above performance on the priority list. Security is just something where you can't make compromises, especially not with vulnerability like this one where such vulnerability can bypass everything we use on top.

 

[Windows Defender Shill]

I voted no

*Maybe I'm not aware of the extent of the vulnerability.

But if the performance impact is too great I will rely on conventional malware protection and a updated browser.

 

[frogboy]

I voted no

*Maybe I'm not aware of the extent of the vulnerability.

But if the performance impact is too great I will rely on conventional malware protection and a updated browser.

Same here I think, this all a disaster from Intel.

 

[bribon77]

patch yes;
I'm not a player. I just look at information and a little bit more.

 

[tonibalas]

I also voted no.
My laptop is already slow. So i don't want to do something that will affect it's performance in a negative way.
If i had a newer system then i would have done the update because from what i have been reading so far the performance drop
isn't so big as expected.

 

[RejZoR]

I voted no

*Maybe I'm not aware of the extent of the vulnerability.

But if the performance impact is too great I will rely on conventional malware protection and a updated browser.

That's the problem. No matter what software you place on top, you're not really protecting yourself unless you plug the actual security hole...

 

[plat1098]

I'm all for addressing vulnerabilities at once but... performance reduction is a consideration but I'm reading reports about WHEA logger warnings and blue screens of death following initial microcode application for Spectre variant (s). Seeing as this is the more challenging of threats to both exploit and patch, no, I'm going to hold off. The Meltdown fix didn't really affect anything on here. "No." For now. Things can change, though, really fast.

 

[DX22]

I voted no

*Maybe I'm not aware of the extent of the vulnerability.

But if the performance impact is too great I will rely on conventional malware protection and a updated browser.

Exactly what I'm doing..

 

[DeepWeb]

I really hope that Intel or Microsoft are looking at Google's patch and adopt it before they distribute their own Variant 2 patches... Last thing I want is a crappy patch. Google's patch is not a long term fix either. It's literally the definition of a patch. The real solution is to redesign the architecture lol good luck with that.

 

[eonline]

I don't know where you get those patches.

 

[_CyberGhosT_]

You haven't really seen me comment on this and the crap surrounding this, and that has been by design. To me, something stinks about this, and as we all know we rarely get the truth till much later on such subject matter. I took the route of " wait & see" for quite a while in combo with Opcode in that I did not, nor will I patch (for now).
What I am doing is employing (for now) Emsisoft with what I run full time on my system, yes you guessed it DeepArmor and VoodooShield. I am using Emsioft because of the added net protection and that it imports from my custom HostFile.
This is weird to watch playout, but mark my words I feel something is missing even now, watching intently.
Stay frosty MT.