Tom Ford Spectre

  • Techies are going crazy after “Meltdown” and “Spectre,” two new methods for stealing passwords, were revealed by Google on Wednesday.
  • One worry was that the fix for the problems could come with a major negative impact on performance.
  • Google and Amazon say they’re not seeing any major slowdowns.

On Wednesday, Google revealed that there’s a big security hole in pretty much every processor, including the one in your phone, the one in your laptop, and the processors running servers “in the cloud.”

The two vulnerabilities, “Spectre” and “Meltdown,” could even allow an attacker to steal passwords as a user typed them. Even worse, early speculation suggested that the fix for the two related but separate problems, “Spectre” and “Meltdown,” could cause a major performance hit as the CPU would have had to do lots of extra work just to stay secure — maybe even reducing performance by 30%, according to The Register, which first reported the flaw.

Google now says all of that gloom and doom is overstated.

In a technical blog post published on Thursday, Google says the software it built to fix the issue — it calls it KPTI — causes “negligible impact on performance.”

Here’s the key passage:

There has been speculation that the deployment of KPTI causes significant performance slowdowns. Performance can vary, as the impact of the KPTI mitigations depends on the rate of system calls made by an application. On most of our workloads, including our cloud infrastructure, we see negligible impact on performance.

In our own testing, we have found that microbenchmarks can show an exaggerated impact. Of course, Google recommends thorough testing in your environment before deployment; we cannot guarantee any particular performance or operational impact.

Basically: Google’s not stressing about any impact to performance, and it believes that the performance hits that other analysts Read More Here