Theme

Welcome · log in · join

Forums → Software and Operating Systems →

Security → Re: PC >2 yrs. old=slowdown from MS patch

uniqs
9

« Tinder, apparently not designed with security in mind • Congressional watchdog to investigate fraud during net neutrality rule draft »

This is a sub-selection from PC >2 yrs. old=slowdown from MS patch

Frodo join:2006-05-05	Frodo to altermatt Member 2018-Jan-14 12:56 am to altermatt Re: PC >2 yrs. old=slowdown from MS patch Taking a hit for the team, I added the registry settings indicated in the Microsoft advisory and disabled the mitigations. Since I have `Windows OS support for branch target injection mitigation is disabled by absence of hardware support: True` there was no difference for Spectre. I would need a BIOS update to test that. For Meltdown it changed `Windows OS support for kernel VA shadow is enabled:` to false. I'm not uninstalling the update to find out if the installing of the update, followed by the subsequent disabling of the update through the registry setting is the same as not installing the update at all, but, my best guess is, it would be the same. So, there is 3 choices: • Don't install the update • Install the update and disable it in the registry. • Install the update and leave it enabled. The potential problem in not installing the update is, it might prevent further security updates from being offered to the user. The potential problem in installing the update, and disabling it in the registry is that it doesn't completely disable all ill effects from installing the update. The potential problem in installing the update and leaving it enabled is a performance hit. Addressing the issue of "This community has a reputation to uphold" I feel I would be remiss if I withheld a material fact, namely, the ability to install the update, but disable it as an alternative to not installing it at all. For this box, I have it installed and enabled. I have a Win7 starter to update. I'll install it and depending on the performance hit, decide whether to leave it enabled or not when I get around to running this months updates on it.
	· actions · 2018-Jan-14 12:56 am ·
altermatt Premium Member join:2004-01-22 White Plains, NY	altermatt Premium Member 2018-Jan-14 4:59 am Frodo, thanks; your note brings up two points: First, would installing the patch and then disabling it in the registry also prevent further security updates (I'm guessing MS checks the registry to determine if the patch is in place)? and Second, why even bother installing if you're going to disable it? The answer of course to that is contingent on the answer to #1. silbaco, I understand your post, but the issue here may be that we (at least me) are unclear exactly how much of slowdown we're talking about, which would help making an intelligent decision. Hence, my later post asking for real-world experiences. Although everyone is vulnerable to some extent, those here who are very security savvy and generally follow good practices might possibly feel a tad safer not installing a patch temporarily until bugs are worked out, although the idea that I might be prevented from further patches would of course for me be a no-win.
	· actions · 2018-Jan-14 4:59 am ·
therube join:2004-11-11 Randallstown, MD	therube Member 2018-Jan-14 8:15 am quote: intelligent decision If you're making an intelligent decision, how then is "speed" even a consideration? Do you use an antivirus?
	· actions · 2018-Jan-14 8:15 am ·
trparky CYA! I'm gone! Premium Member join:2000-05-24 Cleveland, OH	trparky to altermatt Premium Member 2018-Jan-14 9:53 am to altermatt Um... »www.youtube.com/watch?v= ··· KUjPRk5Q
	· actions · 2018-Jan-14 9:53 am ·
trparky	trparky Premium Member 2018-Jan-14 9:56 am He has done the tests and it shows that aside from a 30% reduction in raw I/O hard disk/SSD performance you aren't going to be seeing any kind of real world performance drops. And hell, if you don't like the performance hit, there's always AMD chips. Oh and look... AMD is going to be coming out with a new series of Ryzen chips soon so we can all give Intel the middle finger. And not only that but AMD has slashed the prices on many of their current Ryzen chips so if you want to build a new system on the cheap then there's no better time than now to do so. So get out there and start building your new PC with an AMD chip and give Intel the middle finger that they so richly deserve!!!
	· actions · 2018-Jan-14 9:56 am ·
El Quintron Fully Magnetized Premium Member join:2008-04-28 Tronna	El Quintron Premium Member 2018-Jan-14 10:34 am I'm fine with wanting to give Intel the middle finger (there are plenty of reasons) but it seems counter-intuitive to be giving them the middle finger over acting responsibly.
	· actions · 2018-Jan-14 10:34 am ·
StuartMW Premium Member join:2000-08-06	StuartMW to Frodo Premium Member 2018-Jan-14 11:13 am to Frodo said by Frodo: ...and disabled the mitigations. Thanks for posting this again. I've created disable & enable mitigation batch files from the M$ article. When I get around to installing KB4056894 on my Win7 box (waiting for any fallout to appear as per »Re: Microsoft Security Bulletin(s) for January 2018) I'll make a decision then to disable/enable.
	· actions · 2018-Jan-14 11:13 am ·
sivran Vive Vivaldi Premium Member join:2003-09-15 Irving, TX	sivran Premium Member 2018-Jan-15 8:30 pm I think I might do some before and after benchmarks on my Thinkpad X220T. It's got a pretty old i5, Win7 (wonder if I could find some place still selling 8? hmm..), and an SSD, so it could suffer. I have two Atom-powered Windows 8.1 tablets as well, but given their general use case and lack of sensitive data I'm thinking of just not patching them.
	· actions · 2018-Jan-15 8:30 pm ·

Forums → Software and Operating Systems → Security	« Tinder, apparently not designed with security in mind • Congressional watchdog to investigate fraud during net neutrality rule draft »
This is a sub-selection from PC >2 yrs. old=slowdown from MS patch