This is a significant event. Reports are showing at least a 5% performance hit and up to 30% with the current patches. This very well may not change as the problem is specific and unavoidable, outside of purchasing a new chip once chips with a fix are manufactured. The administrative headaches and costs incurred for this vulnerability will cause for companies is going to be enormous. If you think about it, virtualized systems are going to get hit hard. I/O intensive workloads like databases, machine learning, etc. may be the worst hit. For us DAW using consumers we will also be hit performance wise, at least from the I/O interrupt side. Of course, we won't know until some testing is done, but I cannot imagine that having every single interrupt call being delayed will not have an impact on performance.
At this point we have three main choices:
1. Do nothing.
2. Take your DAW offline and use another box to handle all on line activity.
3. Use the patch and take the performance hit.
Financially and administratively we will take a hit because the real solution to the problem will be to upgrade to a newer chip that doesn't have the vulnerability. (And possibly a new motherboard if their current MB doesn't support the new chip.) That's not cheap. Mac Users won't have the option of just swapping out chips, they will have to upgrade their entire system. We will then have to deal with everything that goes with hardware changes. Windows and any software that uses hardware authentication will have to be reinstalled or re-authorized. Ugh.
While nothing is set in stone yet, the current fix is bad. It's kind of like if you break your leg in the woods and have to walk out on a splint. You might be able to do it, but it's going to be slow. I consider this patch to be a quick fix; really, it had to be. Hackers will descend on this vulnerability like vultures on a fresh corpse. Companies (and consumers) need to board up the hole in the wall first and foremost and then look at a more elegant solution. So we will have to wait and see. In a true sense of irony, AMD was happy to announce the vulnerability did not apply to AMD chips. However, the Linux fix currently does not differentiate between AMD and Intel and thus AMD users who install the patch will also get the performance hit. Microsoft hasn't released a patch yet and apparently won't until the next Patch Tuesday (an eternity if you ask me) and so we won't know if they differentiate between brands or not. Fortunately, the details of the vulnerability are not being published, so any hackers working on this are working somewhat in the dark.
How this turns out will be very interesting. I can't think of a vulnerability that comes close to the potential cost this one could cause. If you think about it, all Intel 64 chips are affected! That is *huge* and different from a software vulnerability. The hardware fix has to be done via a software patch. This means highly inefficient and thus performance hits. For businesses, SLAs will be impacted and some quite significantly. This will mean hardware will have to be upgraded and that will drive administrative work and probably drive higher software costs. It's a domino effect. At least with software patches you patch the software and move on as performance hits of any significance are rare. As consumers, we are now vulnerable. We just don't know to *what* and if it will amount to anything. We can be certain hackers are looking at any way possible to exploit not only immediately, but in ways to set up future exploitation when we think the issue is resolved. So, we will have to watch how this develops closely and see what happens. For me, I'll keep my work computer on line, but my DAW is going off line, at least until this whole thing shakes out.