• AnyStream is having some DRM issues currently, Netflix is not available in HD for the time being.
    Situations like this will always happen with AnyStream: streaming providers are continuously improving their countermeasures while we try to catch up, it's an ongoing cat-and-mouse game. Please be patient and don't flood our support or forum with requests, we are working on it 24/7 to get it resolved. Thank you.

Meltdown & Spectre potpourri

DrinkLyeAndDie

Retired Moderator
Thread Starter
Joined
Jan 28, 2007
Messages
11,822
Likes
468
Microsoft Support: January 3, 2018—KB4056892 (OS Build 16299.192) (https://support.microsoft.com/en-us/help/4056892/windows-10-update-kb4056892)

Meltdown is not specifically mentioned but it would fall under the security updates for the Windows Kernel.

Windows Central: Microsoft pushing out emergency fix for newly disclosed processor exploit

NOTE: Both listing indicate workarounds for an issue during install. Make sure to read them.

Microsoft pushed out the update on January 3rd but it still was not available to me as of an hour ago. Some AV programs are apparently not compatible which will lead to a very ugly BSOD if the patch is installed. Windows update checks for compatibility before offering the update. Since I was not seeing the update available via WU I checked my ESET and Malwarebytes info to make sure both were compatible. They were.

ESET: https://forum.eset.com/topic/14256-eset-product-compatibility-with-meltdown-fix/

Hello, this issue has been addressed by a module update, which was released today at 7:45 CET.

Search for "Antivirus & Antispyware module 1533.3" within your product (help and support / about eset endpoint security / installed components).

MichalJ - ESET Staff

Malwarebytes: https://blog.malwarebytes.com/security-world/2018/01/meltdown-and-spectre-what-you-need-to-know/

[...]

UPDATE (as of 1/04/18):

  • Since the Malwarebytes Database Update 1.0.3624, all Malwarebytes users are able to receive the Microsoft Patch to mitigate Meltdown.
[...]

I checked to see if both were up-to-date on my system. Both were. I decided to reboot and after doing so the update became available and installed without issue. Now to see if I take any performance hits over time.

NOTE: I recommend making sure your AV software is compatible. If it shows up in WU then it should be. Just don't blindly try to force it to install if it doesn't show up in WU.
 
Last edited:
@DrinkLyeAndDie Thanks for your update advice. I see that you are using Malwarebytes and ESET do you experience any compatability problems using both these programmes?
 
@DrinkLyeAndDie Thanks for your update advice. I see that you are using Malwarebytes and ESET do you experience any compatability problems using both these programmes?

I've never run into an issue using ESET & Malwarebytes at the same time and ESET does check for possibly problematic third-party products when it installs and has never said anything negative about Malwarebytes.
 
My patch went fine though ASUS Ui Suite thew an error about not being able to address memory (it's now uninstalled)
 
Mine did the same thing.
I don't have that installed. Definitely something I am sure ASUS will be hearing about... loudly... from users.

Thus far I haven't noticed anything other than my Plex server database seemingly vanishing. I had to manually initiate a database update and then everything reappeared.
 
Interesting info.

Just this moment I checked my Windows update log and it hasn't done anything since 16 December 2017. Certainly not this screw-up.

The update log indicates it checked for updates less than an hour ago and found no updates.
 
Tom's Hardware: Understanding The Meltdown And Spectre Exploits: Intel, AMD, ARM, And Nvidia

Performance First

Before we dive into the nuts and bolts, recent tests indicate the patch does not impart a cataclysmic performance loss in most workloads. Phoronix tested the Linux patch, and Computerbase.de tested a patched Windows Insider build.

The good news? Most desktop applications appear to be safe in both Windows 10 and Linux. That includes most workloads that are largely confined to the user space, such as gaming and normal productivity applications. There does appear to be a slowdown to storage I/O operations (2-7%), but for now it's hard to ascertain if that is due to the patch or other kernel updates. The Windows 10 patch was rolled out to the Windows Insider builds in November, and there haven't been reports of performance issues.

The bad news? The patch does incur a performance overhead to some enterprise applications. Phoronix recorded significant performance regressions in the object-relational PostgreSQL database. Redis also suffers a performance loss. Many industry analysts feel the real impacts will come in virtualized environments, but we have yet to see benchmarks. Google has already updated all its cloud infrastructure, which includes its cloud computing services, and we haven't yet heard of significant user backlash due to reduced performance.

[...]

Good read, in general. Enterprises will definitely have some issues and it'll be interesting to watch how it all plays out.

The initial reports were cataclysmic with doom and gloom and how performance was going to be destroyed, period, and AMD had absolutely zero exposure. Well, all of those statements aren't entirely accurate. Due to the early leak of information on all of this we have seen updates moved up. As more time passes we'll get to see a better picture of everything and likely more logical and well thought out analysis rather than click-bait with fireworks.

NOTE: I am not downplaying the severity of the situation. I'm merely saying that with time and better analysis and level-headed people actually dealing in facts we're going to see how things are really going to play out based on real-world data rather than speculation. I'm unsure how the whole NDA situation is working since the updates weren't supposed to drop until next week. As such many people may still be unable to discuss things.
 
Last edited:
@DrinkLyeAndDie Thanks I asked because when I had a problem with Malwarebytes their technician suggested I make some exclusions for ESET but the problem resolved itself before I could do that.Otherwise my experience has been the same as yours.
 
he initial reports were cataclysmic with doom and gloom and how performance was going to be destroyed, period...

"Y2K! We're all gonna DIE!"

Yes, there is cause for concern, the initial over-the-top hysterics don't help the situation.

Neither does this:

Major chip flaws affect billions of devices

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.
 
Included in the cumulative update were updates for IE & Edge to mitigate the vulnerabilities.

Mozilla pushed out Firefox 57.0.4 yesterday, as well, which I assume was their response although I believe all versions of 57.0 have been targeting closing the holes. Google is pushing Chrome 64.0 on January 23rd.

Dealing with all of this is going to involve a multi-faceted concerted and coordinated response.

Yet another good read:

Gizmodo: https://gizmodo.com/check-this-list-to-see-if-you-re-still-vulnerable-to-me-1821780843
 
Last edited:
Included in the cumulative update were updates for IE & Edge to mitigate the vulnerabilities.

Mozilla pushed out 57.0.4 yesterday, as well, which I assume was their response although I believe all versions of 57.0 have been targeting closing the holes. Google is pushing Chrome 64.0 on January 23rd.

Dealing with all of this is going to involve a multi-faceted concerted and coordinated response.

Yet another good read:

Gizmodo: https://gizmodo.com/check-this-list-to-see-if-you-re-still-vulnerable-to-me-1821780843
I updated all my computers in the shop and notified all others that have rigs I built to update immeditely, although I am pretty sure they knew about it before I did, I was not aware of this until you told me about it yesterday.
 
Back
Top