Intel Meltdown / Spectre Patch Tested on Avigilon, Exacq and Milestone VMSes

Author: IPVM Team, Published on Jan 23, 2018

Significant concern exists about the impact on VMS servers and video surveillance systems of patching the Meltdown and Spectre flaws. Generally, reports have claimed a significant increase in CPU loads, though the amounts have varied depending on the source and services being used. This could be very problematic for VMS servers as it risks problems in recording, watching or playing back video.

Meltdown / Spectre Summary

Meltdown is a flaw in protections allowing unauthorized applications to access OS kernel protected memory. Spectre allows unauthorized applications to trick other programs into divulging private data. For technical details on these, see The Meltdown and Spectre CPU Bugs, Explained or various other online tech sources.

How To Patch

Users may see if their Windows machine is vulnerable using PowerShell, following the steps in this guide.

If so, in order to avoid both of these vulnerabilities, users must install two updates:

  • Windows Update KB4056892: This update should have been included in regular Windows Updates as of early January. This fixes the Meltdown vulnerability.
  • BIOS update: To fix the Spectre vulnerability, users must update their system BIOS, provided by their hardware manufacturer.

However, many devices have not yet received a BIOS update. Out of four different hardware manufacturers we checked (Acer, Asus, HP, and Intel NUCs), only Intel had released a BIOS update for our machines.

Tests Performed

IPVM measured CPU load of server and client processes prior to applying Windows and BIOS updates, and again after updating, using two configurations:

  • Recording only, 25 cameras, ~150 Mb/s
  • Recording and viewing, 10 cameras, ~30 Mb/s

Test Machine Specs

IPVM tested on three separate machines, all with the same hardware configuration, as follows:

  • Operating System: Windows 10 Pro 64-bit (10.0, Build 16299) (16299.rs3_release.170928-1534)
  • BIOS: RYBDWi35.86A.0350.2015.0812.1722 (pre-update)/RYBDWi35.86A.0368.2017.1220.0950 (post-update)
  • Processor: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz (4 CPUs), ~3.1GHz
  • Memory: 8192MB RAM

Note that these machines are fairly high spec, with relatively new processors (1-2 generations old). Older generation processors and lower spec machines are likely to see a greater impact.

Inside this report, we examine the results achieved across Avigilon, Exacq and Milestone plus our recommendations.

*********** ******* ****** ***** *** ****** ** *** ******* *** video ************ ******* ** ******** *** ******** *** ******* *****. Generally, ******* **** ******* * *********** ******** ** *** *****, though *** ******* **** ****** ********* ** *** ****** *** services ***** ****. **** ***** ** **** *********** *** *** servers ** ** ***** ******** ** *********, ******** ** ******* back *****.

Meltdown / ******* *******

******** ** * **** ** *********** ******** ************ ************ ** access ** ****** ********* ******. ******* ****** ************ ************ ** trick ***** ******** **** ********* ******* ****. *** ********* ******* on *****, ****** ******** *** ******* *** ****, *********** ******* ***** ****** **** *******.

How ** *****

***** *** *** ** ***** ******* ******* ** ********** ***** PowerShell,********* *** ***** ** **** *****.

** **, ** ***** ** ***** **** ** ***** ***************, users **** ******* *** *******:

  • ******* ****** *********: **** ****** ****** **** **** ******** ** regular ******* ******* ** ** ***** *******. **** ***** *** Meltdown *************.
  • **** ******: ** *** *** ******* *************, ***** **** ****** their ****** ****, ******** ** ***** ******** ************.

*******, **** ******* **** *** *** ******** * **** ******. Out ** **** ********* ******** ************* ** ******* (****, ****, HP, *** ***** ****), **** ***** *** ******** * **** update *** *** ********.

Tests *********

**** ******** *** **** ** ****** *** ****** ********* ***** to ******** ******* *** **** *******, *** ***** ***** ********, using *** **************:

  • ********* ****, ** *******, ~*** **/*
  • ********* *** *******, ** *******, ~** **/*

Test ******* *****

**** ****** ** ***** ******** ********, *** **** *** **** hardware *************, ** *******:

  • ********* ******:******* ** *** **-*** (**.*, ***** *****) (*****.***********.******-****)
  • ****:********.***.****.****.****.**** (***-******)/********.***.****.****.****.**** (****-******)
  • *********:*****(*) ****(**) **-***** *** @ *.***** (* ****), ~*.****
  • ******:****** ***

**** **** ***** ******** *** ****** **** ****, **** ********** new ********** (*-* *********** ***). ***** ********** ********** *** ***** spec ******** *** ****** ** *** * ******* ******.

****** **** ******, ** ******* *** ******* ******** ****** ********, Exacq *** ********* **** *** ***************.

[***************]

Test *******

** *** *****, ******** ****** **** ** ***** *** ******* vulnerability *** * *********** ****** ** *** ****, ********** *** load ** ********* ******** ** ** **** **-**%. ****** ** server **** **** ******* **** ** ******** ***** *** **** more ***********, ****** ******** *** **** ** *** ****** ***** systems ***** ******** *** ***** (** ******** ** **-**% ****). Applying *******' ******** ****** ** ***** ******** ***** *** * negligible ******, ********** **** **** **** *%.

****** *******, ** *** ** *** ******* **** ***** *******/******** updates, **** ** ******* ******, **** ******* *****, ******** ** video, ** ***** *** ************ ***** *** ***** **** **********. However, **** **** *** ******* *** **** **** ** **** testing *** ***** ***** **% ***********. ***** **** ****** ********** systems ** ***** **** ******* *** *** ****** ** ***** camera ******/***********.

***************

******* ** *** *********** ****** ** **** ******* ** *** load, ** ******** ********* **** ***** ** ****** **********/****** ****** count ******* ****** ***** ****** *** ******** ***** ** ********. Those ********* ******* ** **-**% **** *** ****** ** ******** to **-***%, **** *** ********* *** ****** **** ******.

***** **** *** ****** *****/********** ******* *** ****** ** *** little *********** ********** ****** **** ******* ******* ** *** ****** machine.

Intel ***** ******** ******* - ****** *****

******* *** **** ******* **** ****** ****** ****** ** ******* machines (****: **** *** *** ********** ****, *** ** *** be ******** *********). ***** ******** * ********* ** ******* **** that**** *** ***** ******** **** ********** **** ****** **** ******* ******* ****. ******* *********** *** that *** ******* ******* **** **** ******* ******* *********** *******, and ***** ** ************ ******** ** ******** ** **** **** the ******* ******* ** *** **** **** ** *********** *******.

Biggest ******: **** ******

** ***** ** ***** ****** *** ******** *** ******* ***************, users **** ***** **** ******* ******* *** **** *******. ** these ***, *** **** ****** *** * *********** ****** ** CPU ****, ***** ******* ******* *** ******* ******, **** ***** 1% ** *** ***** ******, **** ********* *** *******.

Significant ****** ** **** ********** ****

** *** ***** ** ** ****** *******, ~*** **/* ***** throughput, ****** ******* *** **** ********* ************* ***** ******** *** BIOS ** **** *******, **** *********** ************ ********** ** ~*% and ********* ******** ********* ** ~**%.

**** **** ** ******** ** ****** ** *********** ** ****** VMS ****** ******* (******* ******, **** *******, ********/******* *****, ***.), but ***** **** ****** ********** *** *** ****** ** **** jumps ***** ********.

Low ********** ********* *******

******* **** ** ******* ** ***** ** **/* *****, ****** load *** ***** ********* **** *****, *** *************** ****** **** 24 ****** *******, **** ***** ********** ** *% **** (* 50% ********) *** ********* ** *% (* ~**% ********). *******, Avigilon ******* ****** ****** *************, **** ~*% ** *%, *** as **** ****** ********** *******, ***** ********* *** *** ****** in ********** *********** ******.

Live **** ******* *** ******

*** **** ********* *** ***** ******* ***** ***** ******* **** far **** ***********, **** ******** *** ***** ********** ** **-**% when **** ******* ** ******* **** *** ******* ** *** recording ******. ********* ********* ** ***** *** **** *** **** percentage, *** * *************** ******* ******.

Test ********* ****** ********

***** ** *** ******* ***** ** *****'* **** ******* **** would ******* ***** ** **** ********* ****** ******** ******* ** production ********. ***** *** ****** ***** **** ** * ***-********** environment *** **** ** **** *** *** ******* **** ******* to ******** **** ** ************* *******.

Manufacturer ********

**** *** **** ** ************* **** *** ************* ********* *********** impacts **** *******. ** ***, ************* **** ********* **** *** still ** *** ******* ** *********** ******* *********** ******, *** recommended ********** *** ******** *******.

Comments (21)

John Honovich

IPVM | 01/23/18 05:48pm

**** ** *** **, ** ***** *** ******* / *****, you ******* *** **** * *********** ******* ** **** ***? Replace *** ***? ******* *** ******? **** *** ***'* ********* options?

Thumbnail brk1

Brian Karas

IPVM | In reply to John Honovich | 01/23/18 05:55pm

** ** **** ** *** **** ******* **** ***** ******** so ***. ** **** *****, *** *** ** **** ** upgrade ** * ****** *********. *********, ********* ** ****** *** (if ********) *** **** ****.

***** *** ************* *** ***** **** ***** ******** ** ****, I ***** ***** *********** ** ********* **********, ** *******, ** much ** ********. ** ***** **** *** **** ****** ******** are *** **** ********* ******** *** ***** ********, ** *** would ****** **** ** ***** * ****** ***** ** **** CPU ** ****** *** ****** ************ **** **** *** ** processor ***********.

****, **** *** *** **** ********* ** ***, *** ** the ****** ** ********** ******** ************ (*.*.: *** ****** *** also ****** ******* ******, ***.), ** *** ** ****-********* ** off-load **** ************ ** ***** ******** ** **** ** *** for *** **** ***.

Undisclosed Manufacturer #4

In reply to John Honovich | 01/26/18 04:33pm

**** ********* **** ** *** **** *** ****** ** *** one ** **** ****** ***** ** * ****** ******* ** increase ********** *****. ********* ************* **** ******** *** ***'* *** uses *** *** ******** *****. *** *** *** **, ****

**** ********* **** **, *** **** *** ****** ** **** one ** **** ****** ***** **** **** ********* ******* ** offload *** ************* *****. **** ** *** *** *** **** mid-summer ** * *** ** * *** *** ***** ******** now, *** ** ***** ** ** * **** *** ********** low-cost ****** **** ** ****.

Thumbnail tompic

Tom Sharples

01/23/18 06:13pm

*** *** ***** ******** **** ** ***** ** * ****** environment **** ** * *** ******? ** *** ** ***** to ** ***** *** ** **** *** *** ** ****** random ****, ** ** * ******* *********?

Undisclosed Integrator #2

In reply to Tom Sharples | 01/24/18 01:38pm

************* **** *** **********'* ***** ** ****, ******** ******** *** not ** ****** ************ *******.

** *********** *** ******* ******* ******* ******** ******** ** ***** segments ** *** *******, *** ********* *** **** *** **** to *** ******** ** **** ****** *** ****** **********, ****** monitoring ** ********** ****** *****.

Undisclosed Integrator #1

01/23/18 07:07pm

****** ** ****** **** **** ******* **** ** ******** ***** was **** **** ***********, ********** *** **** ** **-**% ** low ****** ***** ******* ***** ******** *** *****

******* ** *** ******* ************* *** ** * ************* **** right? *'* ****** **** ** ***** ** **** ** **'** at **% **** ** ** ******* ** **%-**%.

Thumbnail profile pic

Ethan Ace

IPVM | In reply to Undisclosed Integrator #1 | 01/23/18 10:19pm

***, ****'* *******. *'** **** **** ** **'* **** *****.

Thumbnail 20180219 112642

Rob Kilpatrick

IPVM | IPVMU Certified | In reply to Undisclosed Integrator #1 | 01/23/18 10:28pm

***, *** **** ******* ** *********.

*** *******, *** ***** ****** ** *** *** ********** **** increased ** *% *** *****, ***** **** *% ***-***** ** 12% **** *****, **** *** * **% ********.

Bob Schenck

IPVMU Certified | 01/24/18 04:18am

*** ******* ***** *** **** **** ******* ** ***** ******** code **** ** ******* * ****** *******. ****, **, *** Lenovo **** *** ******* *** ****** **** ******* **** ***** downloads *** *** ************ ****** *** ********* **** ** **** back. ** *** ******** ******* **** ****, *** ****** ** back *** ***** ** ** **** *** ****'* ******* * version **** *** **** *********.

**** *** ** ***** *****’* ******* ***** **** ****** ****

Michael Miller

01/24/18 02:39pm

“** ********* **** ****, ***** ******* *********, ****** *************, ******** vendors *** *** ***** **** ********** ** ******* ********, ** they *** ********* ****** **** ******** ******* *** ***** ************* system ********,” ** *****.

*****://***.**********.***/*****-*******-*********-**-****-**********-***************-******/*******/******/

Thumbnail ack head zy

Alex Knapik

Milestone Systems | 01/24/18 11:11pm

****** **** * ******* *********** **********, *** ******* **** **** Milestone ***** ****** ******** ************ *******? ** ***** ***** ** reason *** ***** *** ****** ***** ** **** **** **** if **** ***** ***** **** ** ****** *** ******...

Undisclosed Integrator #1

In reply to Alex Knapik | 01/24/18 11:17pm

****, ***** *** *** **** *********, **** **** **** ******** testing ****?

Thumbnail me

Campbell Chang

01/25/18 01:25am

***'* ******* *** *** ***** ** *** ***** ******* *** retest ****?

***** *** **** * ***** *** ********** ******** **** ******** affects ******** ******* *** ***** ******** ********** ** ****. ** I'd ** ***** ******* ** **** *** *** **** *** Meltdown ***** ******* *** ***** ** *******.

Undisclosed Manufacturer #3

01/25/18 11:17am

** *** ********* ********** **** ********* *** ********** **** ********* whether ** *** ** ******** ******** *** **** *******.

*** ****** *** **** ** **** ** **** *** ********* to **** * ******. **** ** *** ********* **** ********** disconnected ******** *** **** *** **** **** ******* **** **** can ** ********* ** ***** ********, **** *** ********.

** ** **** ** **** ** **** ** *** ********* security ******* ** **** ** *** ****** ******* *** ********* actions.

**** ***** **** ******* ** *** ******, **** ** *** customers **** **** ** ** ********* *** **** ********* ******** if ***** ** ** *** ****** *** **** *******.

Tim Cook

IPVMU Certified | 01/25/18 02:25pm

**** **** *************, *** ** ****** ********* ***** ** *********/***'* with ***** ***** ** **** *******/***** *******?

*** ***** *** ******** ************* ** ***** **** *******?

Thumbnail brk1

Brian Karas

IPVM | In reply to Tim Cook | 01/25/18 02:36pm

***** *** ********* ***************, ** **** *** ****** *** ** really.

***** *** ********* ** ********, ******** ******** *** **** * *** ******** ** ***** ** this.

Undisclosed Integrator #1

In reply to Brian Karas | 01/26/18 02:34am

*****,

**** **** * **** **** ******* ** ******* * **** smaller *** ** *** ***** *** ******** ** ****. **** this **** *** ********* ****** ** ******** ****/**** ** **** their ******** ****** ******* ****?

Thumbnail brk1

Brian Karas

IPVM | In reply to Undisclosed Integrator #1 | 01/25/18 09:40pm

***, **** *** ***** *** ******** ****. ******** ********* ** the **** **** ** *** ***** *** ** **** ******** software/apps/etc., *** ******* ********** ******** ** ******** ******** ****** *** less ****** ** ** ********. * ****** ** ****** ***** that *** ** *** **** ****** **** ******, ***, ***, open ***** ** ******** ***** ****** * ****** ******** ** the ******.

********* ******** **** ** **** ********* ******** ***** ******** ** the ****** **** ** ******** ** ******** ***** ***************. (**** it *** *** *********** **** ** ** *********, ** ***** have **** **** *******-***** ***'*). **** **** ******** **** *** do *** **** * *** ** **** ****** ******** ** even ******* * *******, ** **** *** ***** **** **-***** systems ** **** ******.

**** **** ** **** *** ***** ** ***** ** ******* knowledge ** *** *************** *** ********. ** **** ******* ***** these *************** ********* ***** *****-*** ******* ***** ***** ** *** exploits ******* **** *** ******** **** ** ******* ****.

bashis mcw

01/29/18 07:44pm

** ** ******* *** *************, **** ** * *** *****... sure **'* ******* ***, **** *** **** ******* ** ********* executing ** **** ****.

Thumbnail me

Campbell Chang

In reply to bashis mcw | 02/01/18 05:01am

*** ******* ***** *** ** **** ** *** *** *** itself *** *** ********* *********** ** *** **** **** ***.

** ****** ****, ******* *** ******** * ******** ** **% performance */* ********* *****. **** ** ***** *** **** ***** with ******** *** ******* ****.

Boris Biryuchkov

02/01/18 04:24am

* ***** ** ********* ** ******.

******** **** ** *** (*********) *****'* **** ********/******* *** ********* on *** ***** ******* (****** **** ****** ** *** ****).

***** ** **** **** ******** (********.***.****.****.****.****) *** ****** *****.

*** **** **** **** ****** ***** ** ********://**************.*****.***/*****/***/********************.***

** ***** ********* *** **** ***** (*********)

*****://**************.*****.***/*******/*****/*****-***-***-*********

*** ****** **** ****** ** ***** ********* ****.

***** **** ***** ***** **** *** **** ******* ** ***** is *** **** ****** **** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

FLIR Launches Body Cameras Unified With VMS (TruWitness) on Dec 11, 2018
While FLIR is best known for their thermal cameras, now they have expanded into body cameras, launching TruWITNESS, a public safety focused body...
Infinova's Xinjiang Business Examined on Dec 07, 2018
As pressure mounts for companies to stop doing business in China’s Xinjiang region amid a severe human rights crisis, IPVM has found Infinova sold...
VMS Live Monitoring Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone, Network Optix on Dec 05, 2018
Viewing live video is the first interaction and most common task most users have with a VMS. Who does it best and worst? Who offers the most...
Fullerton Returns, Joins OpenEye on Dec 04, 2018
Eric Fullerton became one of the most famous people in the industry as the Chief Sales and Marketing Officer of Milestone as Milestone became the...
Startup Qumulex Aims For Unified Platform, Adds Infinias Access Founder on Nov 29, 2018
The startup founded by former Exacq executives, Qumulex has hired Wayne Jared, founder of access control manufacturer Infinias and most recently a...
Vintra "AI-Powered" Video Analytics Startup Profile on Nov 27, 2018
Vintra is a Silicon Valley startup focused on AI-based video analytics. They had booths at IACP and ISC West demonstrating their hosted or...
Top Manufacturers Gaining and Losing 2018 on Nov 26, 2018
This is the 5th year IPVM has tracked manufacturers gaining and losing: Top Manufacturers Gaining and Losing 2014 Top Manufacturers Gaining and...
Milestone Disrupts Milestone With Arcules on Nov 19, 2018
Milestone is now competing against... Milestone's own spinout Arcules. New IPVM testing shows that Arcules has incorporated a substantial amount...
Arcules Cloud VMS Tested on Nov 19, 2018
Arcules is a big bet, or as they describe themselves a 'bold company', spun out and backed by Milestone and Canon.  But how good is Arcules cloud...
Magos Radar Company Profile on Nov 12, 2018
Magos America General Manager Yaron Zussman admits when he first came across Magos, he asked himself: "What's innovative about radar?" Be that as...

Most Recent Industry Reports

Imperial Capital Security Investor Conference 2018 Review - ADT, Resideo, Alarm.com, Arlo, Eagle Eye, ACRE, More on Dec 14, 2018
Imperial Capital Security Investor Conference is an event matching industry executives with financiers that frequently leads to future funding...
Cisco Meraki New Cameras and AI Analytics on Dec 14, 2018
Meraki has released their second generation of video surveillance with 3 new cameras, AI-based video analytics, and 2 cloud-based storage...
Foolish Strategy: OEMing Facial Recognition on Dec 13, 2018
Almost as 'hot' as face recognition marketing right now is OEMing facial recognition. Last year, they were a who's who of company's with...
DVR Examiner - Video Recovery from Recorder Hard Drives on Dec 13, 2018
Bypassing passwords and long download times on-site, DVR Examiner collects and organizes video evidence directly from a hard drive extracted from...
2019 Access Control Book Released on Dec 12, 2018
This is the best, most comprehensive access control book in the world, based on our unprecedented research and testing has been significantly...
Huawei Hisilicon Quietly Powering Tens of Millions of Western IoT Devices on Dec 12, 2018
Huawei Hisilicon chips are powering, at least, tens of millions of Western IoT devices, such as IP cameras and surveillance recorders, a fact that...
FLIR Launches Body Cameras Unified With VMS (TruWitness) on Dec 11, 2018
While FLIR is best known for their thermal cameras, now they have expanded into body cameras, launching TruWITNESS, a public safety focused body...
Startup Sunflower Labs' Autonomous Drone Security System on Dec 11, 2018
Startup Sunflower Labs is claiming a unique design on a home security system, combining autonomous drones and 'Sunflower' sensors. Imagine an...
The 2019 Video Surveillance Industry Guide on Dec 10, 2018
The 300 page, 2019 Video Surveillance Industry Guide, covers the key events and the future of the video surveillance market, is now available,...
Multi-Factor Access Control Authentication Guide on Dec 10, 2018
Can a stranger use your credentials? One of the oldest problems facing access control is making credentials as easy to use as keys, but restricting...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact