Jan 11 2018

Spectre/Meltdown bugs in Intel and AMD chips – welcome to 2018 everyone!!


Happy new year! And we thought 2018 would be different, in a nightmare that could be straight out Blofeld’s playbook IT departments around the world come back from a Christmas break to the same old same old, another set of security flaws to tackle!

I’m sure we’re all well aware of the new vulnerabilities found in the processors inside pretty much every device from the iPhone in your pocket, through the PC on your desk to the server in your data centre. Meltdown (specific to Intel) and Spectre (affecting Intel and AMD chips) are the latest bugs we need to race to mitigate before a wave of malware exploiting them appears. However this time it’s not that easy as the issue is in the hardware and not so it’s not just software that can be simply patched. So although it’s looking like a combination of BIOS/microcode updates, OS patches and software patches will mitigate the issues, the underlying hardware flaw will undoubtedly be with us for some time!

If you want to read about the ins and outs of the bugs then this page is a great place to start.

However in this post I wanted to pull out some specific articles and pointers on the likely impact on the desktop PC’s. Pretty much every article on the fixes indicate there will be a performance impact, whether negligible or not from a users perspective there will still be degradation. If you read the technical articles on what the patches are having to do to address the flaw there clearly has to be an affect.

First off let’s cover off the Intel chipset names, indicative years and example PC’s (I’m using Dell business models purely as an example). Just so there’s a reference for the subsequent articles.

Intel generation Intel name Indicative year Example Dell device
1st Nehalem 2008/09
2nd Sandy bridge 2011 Latitude 6220
3rd Ivy bridge 2012/13
4th Haswell 2013 Latitude 6240
5th Broadwell 2014/15
6th Skylake 2015/16
7th Kaby Lake 2016/17 Latitude 7270
8th Kaby Lake R, Coffee Lake, Cannon Lake 2018

There are a couple of articles that have been released by Microsoft and Intel giving an indication on the likely impact you’ll see.

The Microsoft article indicates if you’re running Skylake, Kabylake (ie end 2015 on) processors in your PCs and running Windows 10, then the impact should be pretty much unnoticeable to your users. BUT in reality I suspect a lot of law firms (and other large firms) unless they have recently refreshed will still be running some older kit, possibly 3rd to 5th generation and to be fair as far back as Sandy bridge will probably be still performing OKish. In the words of Microsoft “With Windows 8 and Windows 7 on older silicon (2015-era PCs with Haswell or older CPU), we expect most users to notice a decrease in system performance.”

The article from Intel plays out a similar story for 6th, 7th and 8th gen processors, in that users should not see an impact.

“Today we are sharing data on several 6th, 7th and 8th Generation Intel® Core™ processor platforms using Windows 10. We previously said that we expected our performance impact should not be significant for average computer users, and the data we are sharing today support that expectation on these platforms.”

They also have some tests on Windows 7 that show a similar result. Intel have not published details on the affect on pre-6th gen processors in the article.

Interestingly all the tests I’ve see seem to show that SSD’s are impacted much more than traditional mechanical HDD’s. Kind of ironic given we all moved to SSD’s to improve performance!

Some independent technology sites have produced more comprehensive tests for many different scenarios and broadly the results are similar to the above, on new processors there is a negligible impact on perceived performance. And that SSD’s seem to be affected more, but there is hope in this article that further updates could tune this performance.

It’ll be interesting over the coming days to see some real benchmarks against 2nd, 3rd, 4th and 5th generation processors. The additional challenge here of course here is that although you can patch meltdown with an OS patch, spectre requires some bios level mitigation, which therefore relies on the manufacturer releasing these for the older models (for example Dell has fixes back to some Ivy bridge models but none that I can see for Sandy bridge yet).

There is of course no choice really. We can’t not patch this issue, but in this case there is a risk of performance impact that we need to balance.

I won’t go into servers at the moment, but this tweet shows the challenges we may have here for some systems!

So, if any legal supplier or legal IT team has bench-marked kit that has 2nd, 3rd, 4th and 5th generation processors in, it would be great if you could post results in the comments? After all the whole industry is in this one together and the sooner we can all get patched the better!!


Aug 15 2017

Too busy to blog, I wonder why?


It’s been a bit of a hectic few months, too hectic to blog (read this for the why or this). However it’s been a month that I will look back on at some point in the future and realise a huge amount has been learnt (as a firm, as a dept, as teams and for me personally).

In the coming months I am sure I will blog about some of it, maybe something on the poor reporting by legal press that implied simple lax security (this wasn’t your average script kiddie attachment on an email attack), or something on future disaster recovery planning for firms in general (we’ve potentially being planning for the wrong thing for decades), maybe lessons learnt from the recovery (because I’m now sure this will happen to many more firms) or how it’s essential to have a fantastic dedicated team around you to keep things going and really deliver under huge pressure. But that’s for another time.

This week is ILTACON and it’ll be interesting to see what comes out during the week on the shakeup of the organisation or whether there is anything new that comes out other than the usual commentary on how bad law firms are at things (we’re not innovative, we aren’t changing, we’re the weak link in security etc etc). I kind of think the open letter written by Rick Hellers is spot on, there needs to be a shift to the educational and a move from just commentary in a lot of legal conferences. My aim therefore this year at any talk I do at a conference is to talk more to this, how we can do things rather than pick holes in what we might not be doing.