Do you disable hyperthreading? (poll)

[Voluman]

While those good policies and all but the problem is XSS. Numbers suggest up to one in three sites are vulnerable to XSS attacks which means perfectly trust worthy sites get taken advantage of by bad actors. Your firewall and router likely won't help you either unless they have great packet inspection abilities which I would not bet money on.

Yeah, i use a sriptblocker which is prepared for xss, generally block everything just enabling the most necessary (custom whitelist)

 

[MrGRiMv25]

Nope. The whole thing is pretty leaky as far as WHERE data can be pulled.

The good news is mitigation seems way less harmful than turning HT off.

Cool, I'll have to read about the vulnerability a bit more, I've not spent much time looking at the problems since the spectre/meltdown stuff happened. I suppose mitigation and safe browsing etc all adds up to being less prone to suffer from it.

 

[arbiter]

I have no intent to disable HT on my cpu, its 6 years old and needs every bit of performance it can put out at this point as its starting to show its age in a lot of current games.

 

[R-T-B]

Cool, I'll have to read about the vulnerability a bit more, I've not spent much time looking at the problems since the spectre/meltdown stuff happened. I suppose mitigation and safe browsing etc all adds up to being less prone to suffer from it.

Not a bad idea. Beware though: It's easy to get lost in all the terminology. People assume we all know all this CPU internals like the back of our hand in the whitepapers, etc. Most people don't.

I should write up a "laymans guide" to this sometime... if only I'd stop being lazy.

 

[Easy Rhino]

Why are people disabling hyperthreading? Are you not keeping your OS up to date? Are you not running virus and malware scans? Are you not using javascript blocker and ublock on sites you do not trust? The only way these "bugs" can impact you is if your system already contains a vulnerability that allows for remote code execution and if that is the case the attackers already have root access to your system. They don't need fancy CPU hacks at that point to steal your identity or lock your system.

 

[aQi]

Half of the planet doesn’t even know whats HT.
Its a noob world Ms. Intel why dont you understand

 

[lexluthermiester]

Are you not keeping your OS up to date?

Keeping up to date involves accepting reduced performance. To some, that is not acceptable given that the actual risk of attack is extremely minimal at best and mitigating the problem through alternate methods is easier to do.

 

[metalfiber]

I haven't updated my bios since before this whole meltdown stuff started and i'm not going to disable hyper. I may get shot but i'm but going to shoot myself...unless not doing those things is actually shooting myself...Ah, damit

 

[MrGRiMv25]

Not a bad idea. Beware though: It's easy to get lost in all the terminology. People assume we all know all this CPU internals like the back of our hand in the whitepapers, etc. Most people don't.

I should write up a "laymans guide" to this sometime... if only I'd stop being lazy.

I've read a few of the whitepapers at times and some of them can make the eyes glaze over.

Nothing wrong with being lazy, it works being lazy if it saves yourself from er, working... that's for sure.

 

[john_]

Obviously no one would disable hyperthreading just for typical home use.

The only way hyperthreading and Intel would be in deep, extremely deep sh...t, is if a ransomware of some kind take advantage of those vulnerabilities and we end up with thousands of users mourning their precious files.

In the.... ancient time of 2003, I had no idea why I had just installed a firewall in my computer. My system was a single core Athlon XP, so, why waste CPU resources on something useless? Then blaster happened and I was reading about others having their machines infected, while mine was running fine. After that I always had some kind of firewall in my PC.


P.S. There should have been a double poll. One for people running home systems and one for those professionals who are responsible for systems with sensitive corporation data.

 

[freeagent]

I have it enabled, but I ran with it off for about a week.. not because of this, but watching tv through my browser.. HT made it stutter for whatever reason. Probably an edge, or ie problem, since my provider no longer supports those two browsers for viewing..

Anyways.. looking at some of these comments.. I doubt half of you would notice if HT was on or off, especially if all you do is game. I actually picked up a little performance with HT off in some games, and regular day to day stuff. If you stare at numbers in Aida64, and other programs then yeah.. you'll notice.

 

[lexluthermiester]

I have it enabled, but I ran with it off for about a week.. not because of this, but watching tv through my browser.. HT made it stutter for whatever reason. Probably an edge, or ie problem, since my provider no longer supports those two browsers for viewing..

Anyways.. looking at some of these comments.. I doubt half of you would notice if HT was on or off, especially if all you do is game. I actually picked up a little performance with HT off in some games, and regular day to day stuff. If you stare at numbers in Aida64, and other programs then yeah.. you'll notice.

Challenge accepted. Let's give it a try...

EDIT;
After a settings change and reboot, now running with HT disabled. Will try it for a week and see how it goes.

 

[freeagent]

Sorry, I didn't mean that towards anyone in particular

But if all you do is game, and menial tasks, you don't need HT and wont benefit from it..

Looking back in the thread, it seems there maybe a few guys who may benefit from it.. though its hard to say, I am still fairly fresh to these parts.

I didn't mean any offence, so no need to take any!

 

[lexluthermiester]

Sorry, I didn't mean that towards anyone in particular

But if all you do is game, and menial tasks, you don't need HT and wont benefit from it..

Looking back in the thread, it seems there maybe a few guys who may benefit from it.. though its hard to say, I am still fairly fresh to these parts.

I didn't mean any offence, so no need to take any!

I like challenges. The whole point of using a T3500 was a challenge from a friend. And ya know, he's right. This system and it's X5680 have held up very well against my previous i7-5820 that had an OC.

 

[R-T-B]

The only way these "bugs" can impact you is if your system already contains a vulnerability that allows for remote code execution and if that is the case the attackers already have root access to your system.

Not before. But with these vulnerabilities, yes.

I also have never run a javascript blocker but given these vulnerabilities I'd defintely do so if running around unmitigated. Keep in mind that's hardly the only way to remotely execute code though. Ever run a scriptable game with a server?

 

[Aquinus]

The funny thing is that if malware already has root access on your machine, you're already screwed. Most of these vulnerabilities mean nothing for typical users. The real fear is: what if someone in a virtual machine on a multi-tenant server gets compromised. Each tenant easily has root access to their VMs and their ethics and security precautions makes this of particular concern. That is where the fear comes from. Any fear for consumers is vastly overstated in my opinion because if your system is already compromised to that degree, there are far lower hanging fruit that malware can go after. It's not like your tower has this extra level of VM isolation to keep the other things you care about safe.

 

[lexluthermiester]

Most of these vulnerabilities mean nothing for typical users.

This latest one is a bit scarier. Been reading into it in more detail and the JS vulnerability is a real threat for common users. However, the assesment by the original researchers makes a few assumptions that are not common in most browsers. By adding a javascript-blocker plugin to most browsers and being very careful what to allow(enable) these vulnerabilities can be avoided. However, I have also concluded that disabling Hyper-Threading will completely remove these latest vulnerabilities ability to render an attack vector. This is why I accepted the challenge offered by @freeagent, even though it wasn't a deliberate challenge. So far, he's right, I'm not noticing a difference in common usage scenario's. I've run a few CPU intensive programs and the differences are about what Intel stated they were, 7%ish, but that's only in programs that make good use of HT.

 

[rtwjunkie]

I have no intent to disable HT on my cpu, its 6 years old and needs every bit of performance it can put out at this point as its starting to show its age in a lot of current games.

How do you mean “starting to show it’s age?” I’m only a quarter gen ahead of you and still have no game issues because of mine.

 

[lexluthermiester]

How do you mean “starting to show it’s age?” I’m only a quarter gen ahead of you and still have no game issues because of mine.

I have to agree, I'm a couple gens behind and am only just starting to see some CPU bottlenecking with my RTX2080, and that is with no OC.

 

[R-T-B]

The funny thing is that if malware already has root access on your machine, you're already screwed.

The whole point of this thing is that it does not need root, to get root.

It's not like your tower has this extra level of VM isolation

Sort of, actually. Javascript sandboxing. We've depended on it for a bit now.

This latest one is a bit scarier. Been reading into it in more detail and the JS vulnerability is a real threat for common users. However, the assesment by the original researchers makes a few assumptions that are not common in most browsers. By adding a javascript-blocker plugin to most browsers and being very careful what to allow(enable) these vulnerabilities can be avoided. However, I have also concluded that disabling Hyper-Threading will completely remove these latest vulnerabilities ability to render an attack vector. This is why I accepted the challenge offered by @freeagent, even though it wasn't a deliberate challenge. So far, he's right, I'm not noticing a difference in common usage scenario's. I've run a CPU intensive programs and the differences are about what Intel stated they were, 7%ish, but that's only in programs that make good use of HT.

Disabling HT doesn't completely stop the vulnerability mind. But it does make it basically impractical to use.

 

[lexluthermiester]

The whole point of this thing is that it does not need root, to get root.

In a VM, true. In a normal operating environment, not so much. However, most power users(like myself) run in admin mode anyway, so it's a bit semantics.

Disabling HT doesn't completely stop the vulnerability mind. But it does make it basically impractical to use.

Not based on what I've read and understand. Might be missing something, but this latest vulnerability requires an instruction function exclusively used by HT. Disabling HT effectively disables/eliminates the attack vector.

 

[arbiter]

How do you mean “starting to show it’s age?” I’m only a quarter gen ahead of you and still have no game issues because of mine.

there are games like division 2 for example or even AC: Odyssey. if something is even using 5-10% of cpu i can lose a lot of fps easy. that is even with a small OC with all cores at least 4ghz.

Not based on what I've read and understand. Might be missing something, but this latest vulnerability requires an instruction function exclusively used by HT. Disabling HT effectively disables/eliminates the attack vector.

It may stop it but if you got older intel's like mine you are crippling performance of a cpu that is already starting to struggle in some games now if anything else is even using a tiny bit of cpu.

 

[Regeneration]

I disabled HT on my gaming rigs. It appears my favorite games run better without HT.

You can also gain higher OC at the same voltage without HT.

 

[trparky]

As I said before, I won't be turning off Hyper Threading. Not unless Intel cuts me a check and sends it to me in the mail for a feature that I paid a premium for. As for needing Hyper Threading, it definitely helps me since I tend to be a bit of a multi tasker. I don't have a dual-monitor setup for nothing here. I use all 12 threads of my 8700K so turning Hyper Threading off is going to hurt my multi tasking performance.

Will I be looking at AMD in the coming months? Yeah...

 

[advanced3]

But if all you do is game, and menial tasks, you don't need HT and wont benefit from it..

"Hello, I am BF:V or any other large open world multiplayer game."