Intel Meltdown / Spectre Patch Tested on Avigilon, Exacq and Milestone VMSes

By: IPVM Team, Published on Jan 23, 2018

Significant concern exists about the impact on VMS servers and video surveillance systems of patching the Meltdown and Spectre flaws. Generally, reports have claimed a significant increase in CPU loads, though the amounts have varied depending on the source and services being used. This could be very problematic for VMS servers as it risks problems in recording, watching or playing back video.

Meltdown / Spectre Summary

Meltdown is a flaw in protections allowing unauthorized applications to access OS kernel protected memory. Spectre allows unauthorized applications to trick other programs into divulging private data. For technical details on these, see The Meltdown and Spectre CPU Bugs, Explained or various other online tech sources.

How To Patch

Users may see if their Windows machine is vulnerable using PowerShell, following the steps in this guide

If so, in order to avoid both of these vulnerabilities, users must install two updates:

  • Windows Update KB4056892: This update should have been included in regular Windows Updates as of early January. This fixes the Meltdown vulnerability.
  • BIOS update: To fix the Spectre vulnerability, users must update their system BIOS, provided by their hardware manufacturer.

However, many devices have not yet received a BIOS update. Out of four different hardware manufacturers we checked (Acer, Asus, HP, and Intel NUCs), only Intel had released a BIOS update for our machines. 

Tests Performed

IPVM measured CPU load of server and client processes prior to applying Windows and BIOS updates, and again after updating, using two configurations:

  • Recording only, 25 cameras, ~150 Mb/s
  • Recording and viewing, 10 cameras, ~30 Mb/s

Test Machine Specs

IPVM tested on three separate machines, all with the same hardware configuration, as follows:

  • Operating System: Windows 10 Pro 64-bit (10.0, Build 16299) (16299.rs3_release.170928-1534)
  • BIOS: RYBDWi35.86A.0350.2015.0812.1722 (pre-update)/RYBDWi35.86A.0368.2017.1220.0950 (post-update)
  • Processor: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz (4 CPUs), ~3.1GHz
  • Memory: 8192MB RAM

Note that these machines are fairly high spec, with relatively new processors (1-2 generations old). Older generation processors and lower spec machines are likely to see a greater impact.

Inside this report, we examine the results achieved across Avigilon, Exacq and Milestone plus our recommendations.

*********** ******* ****** ***** the ****** ** *** servers *** ***** ************ systems ** ******** *** Meltdown *** ******* *****. Generally, ******* **** ******* a *********** ******** ** CPU *****, ****** *** amounts **** ****** ********* on *** ****** *** services ***** ****. **** could ** **** *********** for *** ******* ** it ***** ******** ** recording, ******** ** ******* back *****.

Meltdown / ******* *******

******** ** * **** in *********** ******** ************ applications ** ****** ** kernel ********* ******. ******* ****** unauthorized ************ ** ***** other ******** **** ********* private ****. *** ********* details ** *****, ****** ******** *** ******* CPU ****, ********* ** ******* ***** ****** tech *******.

How ** *****

***** *** *** ** their ******* ******* ** vulnerable ***** **********,********* *** ***** ** this *****

** **, ** ***** to ***** **** ** these ***************, ***** **** install *** *******:

  • ******* ****** *********: **** ****** should **** **** ******** in ******* ******* ******* as ** ***** *******. This ***** *** ******** vulnerability.
  • **** ******: ** *** *** Spectre *************, ***** **** update ***** ****** ****, provided ** ***** ******** manufacturer.

*******, **** ******* **** not *** ******** * BIOS ******. *** ** four ********* ******** ************* we ******* (****, ****, HP, *** ***** ****), only ***** *** ******** a **** ****** *** our ********. 

Tests *********

**** ******** *** **** of ****** *** ****** processes ***** ** ******** Windows *** **** *******, and ***** ***** ********, using *** **************:

  • ********* ****, ** *******, ~150 **/*
  • ********* *** *******, ** cameras, ~** **/*

Test ******* *****

**** ****** ** ***** ******** machines, *** **** *** same ******** *************, ** follows:

  • ********* ******:******* ** *** **-*** (10.0, ***** *****) (*****.***********.******-****)
  • ****:********.***.****.****.****.**** (***-******)/********.***.****.****.****.**** (****-******)
  • *********:*****(*) ****(**) **-***** *** @ *.***** (* ****), ~3.1GHz
  • ******:****** ***

**** **** ***** ******** are ****** **** ****, with ********** *** ********** (1-2 *********** ***). ***** generation ********** *** ***** spec ******** *** ****** to *** * ******* impact.

****** **** ******, ** examine *** ******* ******** across ********, ***** *** Milestone plus *** ***************.

[***************]

Test *******

** *** *****, ******** system **** ** ***** the ******* ************* *** a *********** ****** ** CPU ****, ********** *** load ** ********* ******** by ** **** **-**%. ****** on ****** **** **** viewing **** ** ******** video *** **** **** significant, nearly ******** *** **** ** low ****** ***** ******* using ******** *** ***** (an ******** ** **-**% load). ******** *******' ******** update ** ***** ******** alone had * ********** ******, increasing **** **** **** 1%. 

****** *******, ** *** no *** ******* **** these *******/******** *******, **** as ******* ******, **** loading *****, ******** ** video, ** ***** *** malfunctions ***** *** ***** when **********. *******, **** that *** ******* *** load **** ** **** testing *** ***** ***** 50% ***********. ***** **** higher ********** ******* ** lower **** ******* *** see ****** ** ***** camera ******/***********.

***************

******* ** *** *********** impact ** **** ******* on *** ****, ** strongly ********* **** ***** of ****** **********/****** ****** count ******* ****** ***** system *** ******** ***** to ********. ***** ********* running ** **-**% **** are ****** ** ******** to **-***%, **** *** potential *** ****** **** higher. 

***** **** *** ****** *****/********** systems *** ****** ** see ****** *********** ********** unless **** ******* ******* on *** ****** *******.

Intel ***** ******** ******* - ****** *****

******* *** **** ******* have ****** ****** ****** on ******* ******** (****: IPVM *** *** ********** this, *** ** *** be ******** *********). ***** released * ********* ** January **** ******** *** ***** ******** BIOS ********** **** ****** **** updated ******* ****. ******* indications *** **** *** updated ******* **** **** roughly ******* *********** *******, and ***** ** ************ partners ** ******** ** test **** *** ******* patches ** *** **** data ** *********** *******. 

Biggest ******: **** ******

** ***** ** ***** repair *** ******** *** Spectre ***************, ***** **** apply **** ******* ******* and **** *******. ** these ***, *** **** update *** * *********** impact ** *** ****, while ******* ******* *** minimal ******, **** ***** *% on *** ***** ******, both ********* *** *******.

Significant ****** ** **** ********** ****

** *** ***** ** 24 ****** *******, ~*** Mb/s ***** **********, ****** process *** **** ********* significantly ***** ******** *** BIOS ** **** *******, with *********** ************ ********** by ~*% *** ********* XProtect ********* ** ~**%.

**** **** ** ******** no ****** ** *********** in ****** *** ****** testing (******* ******, **** loading, ********/******* *****, ***.), but ***** **** ****** throughput *** *** ****** as **** ***** ***** updating.

Low ********** ********* *******

******* **** ** ******* at ***** ** **/* total, ****** **** *** usage ********* **** *****, but *************** ****** **** ** ****** testing, **** ***** ********** by 4% **** (* **% increase) *** ********* ** 5% (* ~**% ********). However, ******** ******* ****** jumped *************, **** ~*% to *%, *** ** with ****** ********** *******, these ********* *** *** result ** ********** *********** issues.

Live **** ******* *** ******

*** **** ********* *** those ******* ***** ***** viewing **** *** **** significant, **** ******** *** Exacq ********** ** **-**% when **** ******* ** playing **** *** ******* on *** ********* ******. Milestone ********* ** ***** the **** *** **** percentage, *** * *************** smaller ******.

 

Test ********* ****** ********

***** ** *** ******* state ** *****'* **** patches **** ***** ******* users ** **** ********* before ******** ******* ** production ********. ***** *** cannot ***** **** ** a ***-********** *********** *** want ** **** *** the ******* **** ******* to ******** **** ** unanticipated *******.

Manufacturer ********

**** *** **** ** communication **** *** ************* regarding *********** ******* **** patches. ** ***, ************* **** indicated **** *** ***** in *** ******* ** determining ******* *********** ******, and *********** ********** *** applying *******.

Comments (21)

**** ** *** **, ** ***** *** ******* / *****, you ******* *** **** * *********** ******* ** **** ***? Replace *** ***? ******* *** ******? **** *** ***'* ********* options?

** ** **** ** *** **** ******* **** ***** ******** so ***. ** **** *****, *** *** ** **** ** upgrade ** * ****** *********. *********, ********* ** ****** *** (if ********) *** **** ****.

***** *** ************* *** ***** **** ***** ******** ** ****, I ***** ***** *********** ** ********* **********, ** *******, ** much ** ********. ** ***** **** *** **** ****** ******** are *** **** ********* ******** *** ***** ********, ** *** would ****** **** ** ***** * ****** ***** ** **** CPU ** ****** *** ****** ************ **** **** *** ** processor ***********.

****, **** *** *** **** ********* ** ***, *** ** the ****** ** ********** ******** ************ (*.*.: *** ****** *** also ****** ******* ******, ***.), ** *** ** ****-********* ** off-load **** ************ ** ***** ******** ** **** ** *** for *** **** ***.

**** ********* **** ** *** **** *** ****** ** *** one ** **** ****** ***** ** * ****** ******* ** increase ********** *****. ********* ************* **** ******** *** ***'* *** uses *** *** ******** *****. *** *** *** **, ****

**** ********* **** **, *** **** *** ****** ** **** one ** **** ****** ***** **** **** ********* ******* ** offload *** ************* *****. **** ** *** *** *** **** mid-summer ** * *** ** * *** *** ***** ******** now, *** ** ***** ** ** * **** *** ********** low-cost ****** **** ** ****.

*** *** ***** ******** **** ** ***** ** * ****** environment **** ** * *** ******? ** *** ** ***** to ** ***** *** ** **** *** *** ** ****** random ****, ** ** * ******* *********?

************* **** *** **********'* ***** ** ****, ******** ******** *** not ** ****** ************ *******.

** *********** *** ******* ******* ******* ******** ******** ** ***** segments ** *** *******, *** ********* *** **** *** **** to *** ******** ** **** ****** *** ****** **********, ****** monitoring ** ********** ****** *****.

****** ** ****** **** **** ******* **** ** ******** ***** was **** **** ***********, ********** *** **** ** **-**% ** low ****** ***** ******* ***** ******** *** *****

******* ** *** ******* ************* *** ** * ************* **** right? *'* ****** **** ** ***** ** **** ** **'** at **% **** ** ** ******* ** **%-**%.

***, ****'* *******. *'** **** **** ** **'* **** *****.

***, *** **** ******* ** *********.

*** *******, *** ***** ****** ** *** *** ********** **** increased ** *% *** *****, ***** **** *% ***-***** ** 12% **** *****, **** *** * **% ********.

*** ******* ***** *** **** **** ******* ** ***** ******** code **** ** ******* * ****** *******. ****, **, *** Lenovo **** *** ******* *** ****** **** ******* **** ***** downloads *** *** ************ ****** *** ********* **** ** **** back. ** *** ******** ******* **** ****, *** ****** ** back *** ***** ** ** **** *** ****'* ******* * version **** *** **** *********.

**** *** ** ***** *****’* ******* ***** **** ****** ****

“** ********* **** ****, ***** ******* *********, ****** *************, ******** vendors *** *** ***** **** ********** ** ******* ********, ** they *** ********* ****** **** ******** ******* *** ***** ************* system ********,” ** *****.

*****://***.**********.***/*****-*******-*********-**-****-**********-***************-******/*******/******/

****** **** * ******* *********** **********, *** ******* **** **** Milestone ***** ****** ******** ************ *******? ** ***** ***** ** reason *** ***** *** ****** ***** ** **** **** **** if **** ***** ***** **** ** ****** *** ******...

****, ***** *** *** **** *********, **** **** **** ******** testing ****?

***'* ******* *** *** ***** ** *** ***** ******* *** retest ****?

***** *** **** * ***** *** ********** ******** **** ******** affects ******** ******* *** ***** ******** ********** ** ****. ** I'd ** ***** ******* ** **** *** *** **** *** Meltdown ***** ******* *** ***** ** *******.

** *** ********* ********** **** ********* *** ********** **** ********* whether ** *** ** ******** ******** *** **** *******.

*** ****** *** **** ** **** ** **** *** ********* to **** * ******. **** ** *** ********* **** ********** disconnected ******** *** **** *** **** **** ******* **** **** can ** ********* ** ***** ********, **** *** ********.

** ** **** ** **** ** **** ** *** ********* security ******* ** **** ** *** ****** ******* *** ********* actions.

**** ***** **** ******* ** *** ******, **** ** *** customers **** **** ** ** ********* *** **** ********* ******** if ***** ** ** *** ****** *** **** *******.

**** **** *************, *** ** ****** ********* ***** ** *********/***'* with ***** ***** ** **** *******/***** *******?

*** ***** *** ******** ************* ** ***** **** *******?

***** *** ********* ***************, ** **** *** ****** *** ** really.

***** *** ********* ** ********, ******** ******** *** **** * *** ******** ** ***** ** this.

*****,

**** **** * **** **** ******* ** ******* * **** smaller *** ** *** ***** *** ******** ** ****. **** this **** *** ********* ****** ** ******** ****/**** ** **** their ******** ****** ******* ****?

***, **** *** ***** *** ******** ****. ******** ********* ** the **** **** ** *** ***** *** ** **** ******** software/apps/etc., *** ******* ********** ******** ** ******** ******** ****** *** less ****** ** ** ********. * ****** ** ****** ***** that *** ** *** **** ****** **** ******, ***, ***, open ***** ** ******** ***** ****** * ****** ******** ** the ******.

********* ******** **** ** **** ********* ******** ***** ******** ** the ****** **** ** ******** ** ******** ***** ***************. (**** it *** *** *********** **** ** ** *********, ** ***** have **** **** *******-***** ***'*). **** **** ******** **** *** do *** **** * *** ** **** ****** ******** ** even ******* * *******, ** **** *** ***** **** **-***** systems ** **** ******.

**** **** ** **** *** ***** ** ***** ** ******* knowledge ** *** *************** *** ********. ** **** ******* ***** these *************** ********* ***** *****-*** ******* ***** ***** ** *** exploits ******* **** *** ******** **** ** ******* ****.

** ** ******* *** *************, **** ** * *** *****... sure **'* ******* ***, **** *** **** ******* ** ********* executing ** **** ****.

*** ******* ***** *** ** **** ** *** *** *** itself *** *** ********* *********** ** *** **** **** ***.

** ****** ****, ******* *** ******** * ******** ** **% performance */* ********* *****. **** ** ***** *** **** ***** with ******** *** ******* ****.

* ***** ** ********* ** ******.

******** **** ** *** (*********) *****'* **** ********/******* *** ********* on *** ***** ******* (****** **** ****** ** *** ****).

***** ** **** **** ******** (********.***.****.****.****.****) *** ****** *****.

*** **** **** **** ****** ***** ** ********://**************.*****.***/*****/***/********************.***

** ***** ********* *** **** ***** (*********)

*****://**************.*****.***/*******/*****/*****-***-***-*********

*** ****** **** ****** ** ***** ********* ****.

***** **** ***** ***** **** *** **** ******* ** ***** is *** **** ****** **** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

Anyvision Facial Recognition Tested on Aug 21, 2019
Anyvision is aiming for $1 billion in revenue by 2022, backed by $74 million in funding. But does their performance live up to the hype they have...
Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
Proactive CCTV "Only Affordable Video Archiving Solution" Profile on Aug 12, 2019
Proactive CCTV is claiming to offer "the only affordable video archiving solution on the market", reducing the storage typically required for H.265...
Milestone "GDPR-ready" Certification Claim Critiqued on Aug 12, 2019
Milestone is touting that its latest XProtect VMS is "GDPR-ready" with a 'European Privacy Seal'. However, our investigation raises significant...
Axis Door Station A8207-VE Tested on Aug 07, 2019
Axis newest door station, the A8207-VE, claims to deliver "video surveillance, two-way communication, and access control" in a single device. But...
Avigilon Blue VSaaS Tested on Aug 05, 2019
Avigilon says Blue is a "powerful integrator cloud service platform", easy to set up and configure, quickly scale business, by leveraging cloud...
Cisco Settles False Claims Act Suit For Video Surveillance Vulnerabilities on Aug 01, 2019
Cisco entered the video surveillance market in 2007 and suffered for many years through a variety of its own errors and arrogance. The conclusion...
Ionodes Company Profile on Jul 31, 2019
What happened to Ionodes? With seasoned leadership from Jean-Paul Saindon founder of SmartSight and Dr. Michael Gilge, founder of VCS, back in...
Vivotek Trend Micro Cyber Security Camera App Tested on Jul 22, 2019
Vivotek and Trend Micro are claiming five million blocked attacks on IP cameras, with their jointly developed app for Vivotek cameras. This new...
Avigilon ACC7 VMS Tested on Jul 22, 2019
Avigilon's Control Center 7 boldly claims it will "transform live video monitoring" with the new Focus of Attention "AI-enabled" interface. We...

Most Recent Industry Reports

Dahua 4K Camera Shootout on Aug 20, 2019
Dahua's new Pro Series 4K N85CL5Z claims to "deliver superior images in all lighting and environmental conditions", but how does this compare to...
ZK Teco Atlas Access Control Tested on Aug 20, 2019
Who needs access specialists? China-based ZKTeco claims its newest access panel 'makes it very easy for anyone to learn and install access control...
Uniview Beats Intel In Trademark Lawsuit on Aug 19, 2019
Uniview has won a long-running trademark lawsuit brought by Intel, with Beijing's highest court reversing an earlier Intel win, centered on...
Verkada People And Face Analytics Tested on Aug 16, 2019
This week, Verkada released "People Analytics", including face analytics that they describe is a "game-changing feature" that "pushes the...
Dahua OEM Directory 2019 on Aug 16, 2019
US Government banned Dahua OEMs for dozens of companies. The following directory includes 40+ of those companies with a graphic and links to...
Installation Course - Register Now on Aug 15, 2019
Register Now for the September 2019 Video Surveillance Install Course. This is a unique installation course in a market where little practical...
Axis Suffers Outage, Provides Postmortem on Aug 15, 2019
This week, Axis suffered an outage impacting their website and cloud services. Inside this note, we examined what happened, what was impacted...
Hikvision Scrutinized In The Netherlands on Aug 15, 2019
Hikvision is facing unprecedented scrutiny in the Netherlands, at the same time the US government ban has taken effect. This week, a Dutch...
Axis 4K Camera Shootout 2019 on Aug 14, 2019
Axis' 4K Q3518-LVE claims the "best video quality possible", with Lightfinder super low light performance, Axis' high end Forensic WDR, and...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact