If after about ZombieLoad, if you're in a panic figuring out how to disable Intel's Hyper-Threading feature to prevent a new vulnerability similar to Specter and Meltdown being exploited, then take a deep breath - Intel's official guidance actually doesn't recommend doing this for most cases.
ZombieLoad is similar to previous side-channel attacks that force Intel processors to expose potentially sensitive information that is normally isolated and accessible only to applications that use it. Security researchers reported earlier that this vulnerability is present in most Intel chips and can be exploited on Windows, MacOS and Linux.
Intel, for its part, does not agree with how serious the ZombieLoad risk is. The company even decided to give ZombieLoad another name - Microarchitectural Data Sampling (MDS) or Microarchitectural Data Sampling. Agree, this sounds much less scary than a reference to some zombies.
“The MDS vulnerability is based on data sampling leaking from small structures into the CPU using a locally executed speculative execution side channel,” the company explains. “Practical operation of MDS is very difficult. By itself, the vulnerability does not provide an attacker with a way to select the data that he wants to receive.
“MDS has already been eliminated at the hardware level in many of our latest 8th and 9th generation Intel Core processors, as well as the XNUMXnd generation Intel Xeon Scalable processor family,” the company said in a statement. “For other affected products, mitigation measures are available through a firmware update in combination with the appropriate operating system and hypervisor software updates that are available starting today. We provided on our website and continue to encourage everyone to keep their systems up to date as this is one of the best ways to stay safe.”
Intel also indicated that the ZombieLoad research team was working with the company and others in the PC industry to fix the vulnerability before it became publicly known. "We would like to express our gratitude to the researchers who have worked with us and to our industry partners for their contributions to a coordinated solution to this problem."
So what about Hyper-Threading?
Intel has stated that disabling Hyper-Threading is neither mandatory nor the only option for PC users. In fact, according to Intel, each client decides for himself what to do. If you can't guarantee the security of the software you have installed, then yes, it's probably a good idea to disable Hyper-Threading. If the software only comes from the Microsoft store, from the IT department, or just installed from sources you think you trust, you can probably leave Hyper-Threading enabled. It really depends on how much you care about your safety.
"Because factors vary widely between clients, Intel does not recommend disabling Hyper-Threading as it is important to understand that this is not the only way to provide protection against MDS and does not provide protection on its own," the company said in a statement.
At the same time, the reactions of operating system manufacturers differ from each other.
Google has released a fix for Chrome OS that disables Hyper-Threading for Chromebooks by default. People who want to enable multi-threading technology back can do it themselves, the company believes.
Apple has released an update for macOS Mojave and said that the company's customers, especially security-conscious ones, can disable Hyper-Threading on their own.
Microsoft said it released patches for its software to reduce the chance of using MDS, but also noted that customers should additionally obtain firmware updates from their PC manufacturers.
Due to the fact that for the most part operating system vendors have decided to leave Hyper-Threading enabled, the ZombieLoad threat is obviously not as serious as it seemed a day ago. In addition, there is still no known case of exploitation of the vulnerability in a real attack.
At the same time, the use of patches without disabling Hyper-Threading technology almost does not reduce the performance of Intel processors.
But you won't believe it if you look at Intel security patch impact on performance when Hyper-Threading is disabled. The company claims that the security patches, along with disabling Hyper-Threading, have a suspiciously small impact on performance.
Портал I strongly disagree with Intel's view that disabling Hyper-Threading isn't much of a problem, although Intel does show in their paper that performance hasn't changed much. The problem is the artificiality of Intel's tests when disabling Hyper-Threading, since the company did not test specific multi-threaded workloads. If Intel had taken Blender, Cinebench, or other tests designed for multi-core and multi-threaded processors, we would have immediately seen a huge dip in performance.
To emphasize how important Hyper-Threading technology is, you can simply look at the $9 Intel i9900-500K and $7 i9700-375K processors, the main difference between which is precisely the support for Hyper-Threading. Disabling Hyper-Threading on Intel processors is an incredible blow to anyone who cares about multi-threaded performance.
But there is good news for those using the latest Intel processors. As the company said, many of its latest 8th and 9th generation processors already have hardware microcode fixes, so there is no reason for i9-9900K owners to disable Hyper-Threading. The danger of ZombieLoad is obviously higher for older processors. Owners of these systems will need to rely on operating system and software updates, as well as the performance of their antivirus solutions, to reduce the risk of receiving malicious code. And also once again we recall the fact that so far not a single attack using ZombieLoad is known.
Source: 3dnews.ru