How bad is the Intel circuit Zombieload security issue? It depends on who you ask. But the potential is fine, with attackers who can spy on your data. Yes, the fixes are in, but even with the operating system patch's new microcode, to protect your systems completely from potential Zombieload attackers, you must turn off Intel CPU hypertext.
If you don't want your computers running With a foot-in-bucket, you won't turn off the main thread. But are your systems safe without hypertension? Intel think you would be ok. But then, what else would it say? Other companies disagree.
Canonical, the company behind Ubuntu Linux, is recommended to disable hyper-threads – if the system is used to perform insecure or potentially malicious code. Of course, no one means you are running such a code, but if you are clouded, you have no control over what your neighbor in the next virtual machine (VM) is running. Red Hat agreed that Zombieload can be particularly dangerous on clouds.
As a security firm Twistlock CTO John Morello said, "This vulnerability is likely to have the greatest impact on dense, multinational public sledge providers.
Be it As Apple and Google can both warn MacOS and Chrome OS users, you may want to disable hyper-threading to get full protection. In fact, Google now disables hypertension by default by starting with Chrome OS 74.
So, if you really want to protect your systems – virtual or physical – then turn off hyper-threading. It comes to an awful performance course.
Even Intel admitted to disabling hyper-threading will reduce CPU performance by up to 9%. Apple has found that it will slow down your Mac's speed by "as much as a 40% reduction in performance with tests that include multithreaded workloads and public references." The zombie loader researchers agreed. They stated that it would no longer go out of "performance for certain workloads by 30% to 40%."
Other references also show that you are absolutely sure that Zombieload will cost you a significant percentage of your speed.
How much? The Linux Reference Page Phoronix tested the workload on Ubuntu 19.04 using its latest stable release with the patched Linux 5.0 core, and the new Intel CPU microcode images that found Linux – the main television operating system – had serious performance issues. The geometric mean of the tests looked at a "16% lower performance out of the box now with these default deficiencies."
It is often worse when you turn off high wire for maximum security. The PostgreSQL benchmark, for example, found a performance increase of almost 40%. Meanwhile, the Ngnix benchmark saw a painful performance rate of about 34%.
So should you go all the way to protecting your servers? Intel stated: "Practical utilization of MDS [Microarchitectural Data Sampling, aka Zombieload] is a very complicated business. MDS does not in itself provide an attacker with the ability to select data that is leaked."
For me, it may be complicated, but with full details of security already out there, along with proof of concept code, it's just a matter of time before anyone makes an easy-to-use attack program. So, I've already disabled hyper-threading on my cloud-based servers. I suggest you do that too.