computer components & hardware - "Microsoft reveals how Spectre updates can slow your PC down"

Lynn McGuire wrote:

"Microsoft reveals how Spectre updates can slow your PC down"

https://www.theverge.com/2018/1/9/16...es-pc-slowdown

"It¢s bad news for older Windows 7 and Windows 8 machines"

My office PC just got updated and rebooted for the second time this
week. I guess that my Intel I7-2600K cpu is dropping out of the fast lane.

Lynn

Without an intruder to make use of the CPU flaws, there is no hazard.
The flaws assume that you employ nothing to prevent the malicious
intruders from getting on your computer. Rather than incur serious
performance degradation, seems a better solution for older Windows
versions (than 10) is to make sure you have decent anti-malware
protection and practice safe hexing. If you don't let the bull into the
china shop, you don't have to worry about the bull breaking the china.

The flaws are difficult to reproduce in the wild (i.e., on user hosts).
They are very specific. They are quiescent unless you run untrusted
code that happens to contain malicious intent. Seems a highly overblown
scenario. Even in the article you cited, Microsoft is recommending
servers not to employ the firmware and OS updates. It's a "The sky is
falling" scare when the reality is "Meteors smashed a dozen houses (at a
test site with guided meteors doing the damage)." The fixes have caused
more damage than the flaws they are supposed to guard against.

In Google Chrome, you can enable the site isolation experimental option
(in chrome://flags). Mozilla is coming out with their fix in a later
version due in about 2 weeks. The other big infection vector is e-mail
but then are you such a boob that you install and run executable
attachments received via e-mail? Also, users seems to not understand
that being vulnerable does NOT equate to guaranteeing getting attacked.
Security is always in a state of flux. The CPU flaws have existed for
many years and yet no malware exploited them. That something can be
demonstrated under very narrow constraints is not cause for the general
panic that the web or, ahem, users have whipped up.

Thankfully Microsoft never pushed an update to disable the user's choice
on if and when to apply Windows updates in Windows 7 & 8. If they had,
I would have blocked it (just like the Get10 update got blocked). I
have WU configured to *ask* for my permission to install ANY updates. I
review every update before applying it, and any that are vague end up
getting delayed until there is some info about the updates. When I see
any appear for Meltdown, maybe I'll allow it but probably delay its
install by weeks if not months or maybe never. If I see any appear for
Spectre, no thanks.