Full Mitigation for Intel’s ZombieLoad Flaw Drops Mac Performance by 40%

[Tsing]

Apple has published an official support document regarding the enabling of full mitigation for Microarchitectural Data Sampling (MDS) vulnerabilities, otherwise known as ZombieLoad. Complete mitigation, which requires that hyper-threading be disabled, results in “a 40 percent reduction in performance with tests that include multithreaded workloads and public benchmarks.”

That is a severe loss, but some have pointed out full mitigation isn’t necessary for most folks. AppleInsider opinions that “unless the Mac is being used for highly secretive tasks, the user is a potential subject for hacking attempts by a sophisticated bad actor, or some other value-based reason, there isn't really a need to turn on the full mitigation.”

Although there are no known exploits affecting customers at the time of this writing, customers who believe their computer is at heightened risk of attack can use the Terminal app to enable an additional CPU instruction and disable hyper-threading processing technology, which provides full protection from these security issues. This option is available for macOS Mojave, High Sierra and Sierra and may have a significant impact on the performance of your computer.

 

[Dan_D]

Holy crap. That's a huge performance hit.

 

[DejaWiz]

That drop literally erases every IPC improvement since Nehalem/Westmere.

 

[Dan_D]

I think that's putting it mildly.

In truth, we typically only saw 1-3% per generation outside of very specific scenarios where the performance gap was larger. Intel threw allot of figures around but performance did improve upwards of 7-11% in some cases. Again, this was rarer than Intel liked to advertise. Also keep in mind that some generations saw literally no improvement at all. Devil's Canyon is a good example of this. The improvements there were about thermals and slightly higher clock speeds. There was nothing done on the IPC front at all. In others, such as Ivy Bridge, we had a slight IPC improvement, but a reduction in clock speed to go along with it making the improvement a wash.

While AMD processors aren't as vulnerable to many of these exploits, I have to wonder if they are as vulnerable, just in different ways. I wonder if its a security through obscurity type of deal. Which is of course what's helped the Mac platform for the last two decades or so. Their relatively small market share has kept them flying under the radar of those people who exploit system vulnerabilities, write viruses etc. If all of the sudden AMD was the popular choice, I wonder if their weaknesses would be as equally exposed, or as bad.