Intel Meltdown / Spectre Patch Tested on Avigilon, Exacq and Milestone VMSes

Author: IPVM Team, Published on Jan 23, 2018

Significant concern exists about the impact on VMS servers and video surveillance systems of patching the Meltdown and Spectre flaws. Generally, reports have claimed a significant increase in CPU loads, though the amounts have varied depending on the source and services being used. This could be very problematic for VMS servers as it risks problems in recording, watching or playing back video.

Meltdown / Spectre Summary

Meltdown is a flaw in protections allowing unauthorized applications to access OS kernel protected memory. Spectre allows unauthorized applications to trick other programs into divulging private data. For technical details on these, see The Meltdown and Spectre CPU Bugs, Explained or various other online tech sources.

How To Patch

Users may see if their Windows machine is vulnerable using PowerShell, following the steps in this guide.

If so, in order to avoid both of these vulnerabilities, users must install two updates:

  • Windows Update KB4056892: This update should have been included in regular Windows Updates as of early January. This fixes the Meltdown vulnerability.
  • BIOS update: To fix the Spectre vulnerability, users must update their system BIOS, provided by their hardware manufacturer.

However, many devices have not yet received a BIOS update. Out of four different hardware manufacturers we checked (Acer, Asus, HP, and Intel NUCs), only Intel had released a BIOS update for our machines.

Tests Performed

IPVM measured CPU load of server and client processes prior to applying Windows and BIOS updates, and again after updating, using two configurations:

  • Recording only, 25 cameras, ~150 Mb/s
  • Recording and viewing, 10 cameras, ~30 Mb/s

Test Machine Specs

IPVM tested on three separate machines, all with the same hardware configuration, as follows:

  • Operating System: Windows 10 Pro 64-bit (10.0, Build 16299) (16299.rs3_release.170928-1534)
  • BIOS: RYBDWi35.86A.0350.2015.0812.1722 (pre-update)/RYBDWi35.86A.0368.2017.1220.0950 (post-update)
  • Processor: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz (4 CPUs), ~3.1GHz
  • Memory: 8192MB RAM

Note that these machines are fairly high spec, with relatively new processors (1-2 generations old). Older generation processors and lower spec machines are likely to see a greater impact.

Inside this report, we examine the results achieved across Avigilon, Exacq and Milestone plus our recommendations.

*********** ******* ****** ***** *** ****** ** *** ******* *** video ************ ******* ** ******** *** ******** *** ******* *****. Generally, ******* **** ******* * *********** ******** ** *** *****, though *** ******* **** ****** ********* ** *** ****** *** services ***** ****. **** ***** ** **** *********** *** *** servers ** ** ***** ******** ** *********, ******** ** ******* back *****.

Meltdown / ******* *******

******** ** * **** ** *********** ******** ************ ************ ** access ** ****** ********* ******. ******* ****** ************ ************ ** trick ***** ******** **** ********* ******* ****. *** ********* ******* on *****, ****** ******** *** ******* *** ****, *********** ******* ***** ****** **** *******.

How ** *****

***** *** *** ** ***** ******* ******* ** ********** ***** PowerShell,********* *** ***** ** **** *****.

** **, ** ***** ** ***** **** ** ***** ***************, users **** ******* *** *******:

  • ******* ****** *********: **** ****** ****** **** **** ******** ** regular ******* ******* ** ** ***** *******. **** ***** *** Meltdown *************.
  • **** ******: ** *** *** ******* *************, ***** **** ****** their ****** ****, ******** ** ***** ******** ************.

*******, **** ******* **** *** *** ******** * **** ******. Out ** **** ********* ******** ************* ** ******* (****, ****, HP, *** ***** ****), **** ***** *** ******** * **** update *** *** ********.

Tests *********

**** ******** *** **** ** ****** *** ****** ********* ***** to ******** ******* *** **** *******, *** ***** ***** ********, using *** **************:

  • ********* ****, ** *******, ~*** **/*
  • ********* *** *******, ** *******, ~** **/*

Test ******* *****

**** ****** ** ***** ******** ********, *** **** *** **** hardware *************, ** *******:

  • ********* ******:******* ** *** **-*** (**.*, ***** *****) (*****.***********.******-****)
  • ****:********.***.****.****.****.**** (***-******)/********.***.****.****.****.**** (****-******)
  • *********:*****(*) ****(**) **-***** *** @ *.***** (* ****), ~*.****
  • ******:****** ***

**** **** ***** ******** *** ****** **** ****, **** ********** new ********** (*-* *********** ***). ***** ********** ********** *** ***** spec ******** *** ****** ** *** * ******* ******.

****** **** ******, ** ******* *** ******* ******** ****** ********, Exacq *** ********* **** *** ***************.

[***************]

Test *******

** *** *****, ******** ****** **** ** ***** *** ******* vulnerability *** * *********** ****** ** *** ****, ********** *** load ** ********* ******** ** ** **** **-**%. ****** ** server **** **** ******* **** ** ******** ***** *** **** more ***********, ****** ******** *** **** ** *** ****** ***** systems ***** ******** *** ***** (** ******** ** **-**% ****). Applying *******' ******** ****** ** ***** ******** ***** *** * negligible ******, ********** **** **** **** *%.

****** *******, ** *** ** *** ******* **** ***** *******/******** updates, **** ** ******* ******, **** ******* *****, ******** ** video, ** ***** *** ************ ***** *** ***** **** **********. However, **** **** *** ******* *** **** **** ** **** testing *** ***** ***** **% ***********. ***** **** ****** ********** systems ** ***** **** ******* *** *** ****** ** ***** camera ******/***********.

***************

******* ** *** *********** ****** ** **** ******* ** *** load, ** ******** ********* **** ***** ** ****** **********/****** ****** count ******* ****** ***** ****** *** ******** ***** ** ********. Those ********* ******* ** **-**% **** *** ****** ** ******** to **-***%, **** *** ********* *** ****** **** ******.

***** **** *** ****** *****/********** ******* *** ****** ** *** little *********** ********** ****** **** ******* ******* ** *** ****** machine.

Intel ***** ******** ******* - ****** *****

******* *** **** ******* **** ****** ****** ****** ** ******* machines (****: **** *** *** ********** ****, *** ** *** be ******** *********). ***** ******** * ********* ** ******* **** that**** *** ***** ******** **** ********** **** ****** **** ******* ******* ****. ******* *********** *** that *** ******* ******* **** **** ******* ******* *********** *******, and ***** ** ************ ******** ** ******** ** **** **** the ******* ******* ** *** **** **** ** *********** *******.

Biggest ******: **** ******

** ***** ** ***** ****** *** ******** *** ******* ***************, users **** ***** **** ******* ******* *** **** *******. ** these ***, *** **** ****** *** * *********** ****** ** CPU ****, ***** ******* ******* *** ******* ******, **** ***** 1% ** *** ***** ******, **** ********* *** *******.

Significant ****** ** **** ********** ****

** *** ***** ** ** ****** *******, ~*** **/* ***** throughput, ****** ******* *** **** ********* ************* ***** ******** *** BIOS ** **** *******, **** *********** ************ ********** ** ~*% and ********* ******** ********* ** ~**%.

**** **** ** ******** ** ****** ** *********** ** ****** VMS ****** ******* (******* ******, **** *******, ********/******* *****, ***.), but ***** **** ****** ********** *** *** ****** ** **** jumps ***** ********.

Low ********** ********* *******

******* **** ** ******* ** ***** ** **/* *****, ****** load *** ***** ********* **** *****, *** *************** ****** **** 24 ****** *******, **** ***** ********** ** *% **** (* 50% ********) *** ********* ** *% (* ~**% ********). *******, Avigilon ******* ****** ****** *************, **** ~*% ** *%, *** as **** ****** ********** *******, ***** ********* *** *** ****** in ********** *********** ******.

Live **** ******* *** ******

*** **** ********* *** ***** ******* ***** ***** ******* **** far **** ***********, **** ******** *** ***** ********** ** **-**% when **** ******* ** ******* **** *** ******* ** *** recording ******. ********* ********* ** ***** *** **** *** **** percentage, *** * *************** ******* ******.

Test ********* ****** ********

***** ** *** ******* ***** ** *****'* **** ******* **** would ******* ***** ** **** ********* ****** ******** ******* ** production ********. ***** *** ****** ***** **** ** * ***-********** environment *** **** ** **** *** *** ******* **** ******* to ******** **** ** ************* *******.

Manufacturer ********

**** *** **** ** ************* **** *** ************* ********* *********** impacts **** *******. ** ***, ************* **** ********* **** *** still ** *** ******* ** *********** ******* *********** ******, *** recommended ********** *** ******** *******.

Comments (21)

**** ** *** **, ** ***** *** ******* / *****, you ******* *** **** * *********** ******* ** **** ***? Replace *** ***? ******* *** ******? **** *** ***'* ********* options?

** ** **** ** *** **** ******* **** ***** ******** so ***. ** **** *****, *** *** ** **** ** upgrade ** * ****** *********. *********, ********* ** ****** *** (if ********) *** **** ****.

***** *** ************* *** ***** **** ***** ******** ** ****, I ***** ***** *********** ** ********* **********, ** *******, ** much ** ********. ** ***** **** *** **** ****** ******** are *** **** ********* ******** *** ***** ********, ** *** would ****** **** ** ***** * ****** ***** ** **** CPU ** ****** *** ****** ************ **** **** *** ** processor ***********.

****, **** *** *** **** ********* ** ***, *** ** the ****** ** ********** ******** ************ (*.*.: *** ****** *** also ****** ******* ******, ***.), ** *** ** ****-********* ** off-load **** ************ ** ***** ******** ** **** ** *** for *** **** ***.

**** ********* **** ** *** **** *** ****** ** *** one ** **** ****** ***** ** * ****** ******* ** increase ********** *****. ********* ************* **** ******** *** ***'* *** uses *** *** ******** *****. *** *** *** **, ****

**** ********* **** **, *** **** *** ****** ** **** one ** **** ****** ***** **** **** ********* ******* ** offload *** ************* *****. **** ** *** *** *** **** mid-summer ** * *** ** * *** *** ***** ******** now, *** ** ***** ** ** * **** *** ********** low-cost ****** **** ** ****.

*** *** ***** ******** **** ** ***** ** * ****** environment **** ** * *** ******? ** *** ** ***** to ** ***** *** ** **** *** *** ** ****** random ****, ** ** * ******* *********?

************* **** *** **********'* ***** ** ****, ******** ******** *** not ** ****** ************ *******.

** *********** *** ******* ******* ******* ******** ******** ** ***** segments ** *** *******, *** ********* *** **** *** **** to *** ******** ** **** ****** *** ****** **********, ****** monitoring ** ********** ****** *****.

****** ** ****** **** **** ******* **** ** ******** ***** was **** **** ***********, ********** *** **** ** **-**% ** low ****** ***** ******* ***** ******** *** *****

******* ** *** ******* ************* *** ** * ************* **** right? *'* ****** **** ** ***** ** **** ** **'** at **% **** ** ** ******* ** **%-**%.

***, ****'* *******. *'** **** **** ** **'* **** *****.

***, *** **** ******* ** *********.

*** *******, *** ***** ****** ** *** *** ********** **** increased ** *% *** *****, ***** **** *% ***-***** ** 12% **** *****, **** *** * **% ********.

*** ******* ***** *** **** **** ******* ** ***** ******** code **** ** ******* * ****** *******. ****, **, *** Lenovo **** *** ******* *** ****** **** ******* **** ***** downloads *** *** ************ ****** *** ********* **** ** **** back. ** *** ******** ******* **** ****, *** ****** ** back *** ***** ** ** **** *** ****'* ******* * version **** *** **** *********.

**** *** ** ***** *****’* ******* ***** **** ****** ****

“** ********* **** ****, ***** ******* *********, ****** *************, ******** vendors *** *** ***** **** ********** ** ******* ********, ** they *** ********* ****** **** ******** ******* *** ***** ************* system ********,” ** *****.

*****://***.**********.***/*****-*******-*********-**-****-**********-***************-******/*******/******/

****** **** * ******* *********** **********, *** ******* **** **** Milestone ***** ****** ******** ************ *******? ** ***** ***** ** reason *** ***** *** ****** ***** ** **** **** **** if **** ***** ***** **** ** ****** *** ******...

****, ***** *** *** **** *********, **** **** **** ******** testing ****?

***'* ******* *** *** ***** ** *** ***** ******* *** retest ****?

***** *** **** * ***** *** ********** ******** **** ******** affects ******** ******* *** ***** ******** ********** ** ****. ** I'd ** ***** ******* ** **** *** *** **** *** Meltdown ***** ******* *** ***** ** *******.

** *** ********* ********** **** ********* *** ********** **** ********* whether ** *** ** ******** ******** *** **** *******.

*** ****** *** **** ** **** ** **** *** ********* to **** * ******. **** ** *** ********* **** ********** disconnected ******** *** **** *** **** **** ******* **** **** can ** ********* ** ***** ********, **** *** ********.

** ** **** ** **** ** **** ** *** ********* security ******* ** **** ** *** ****** ******* *** ********* actions.

**** ***** **** ******* ** *** ******, **** ** *** customers **** **** ** ** ********* *** **** ********* ******** if ***** ** ** *** ****** *** **** *******.

**** **** *************, *** ** ****** ********* ***** ** *********/***'* with ***** ***** ** **** *******/***** *******?

*** ***** *** ******** ************* ** ***** **** *******?

***** *** ********* ***************, ** **** *** ****** *** ** really.

***** *** ********* ** ********, ******** ******** *** **** * *** ******** ** ***** ** this.

*****,

**** **** * **** **** ******* ** ******* * **** smaller *** ** *** ***** *** ******** ** ****. **** this **** *** ********* ****** ** ******** ****/**** ** **** their ******** ****** ******* ****?

***, **** *** ***** *** ******** ****. ******** ********* ** the **** **** ** *** ***** *** ** **** ******** software/apps/etc., *** ******* ********** ******** ** ******** ******** ****** *** less ****** ** ** ********. * ****** ** ****** ***** that *** ** *** **** ****** **** ******, ***, ***, open ***** ** ******** ***** ****** * ****** ******** ** the ******.

********* ******** **** ** **** ********* ******** ***** ******** ** the ****** **** ** ******** ** ******** ***** ***************. (**** it *** *** *********** **** ** ** *********, ** ***** have **** **** *******-***** ***'*). **** **** ******** **** *** do *** **** * *** ** **** ****** ******** ** even ******* * *******, ** **** *** ***** **** **-***** systems ** **** ******.

**** **** ** **** *** ***** ** ***** ** ******* knowledge ** *** *************** *** ********. ** **** ******* ***** these *************** ********* ***** *****-*** ******* ***** ***** ** *** exploits ******* **** *** ******** **** ** ******* ****.

** ** ******* *** *************, **** ** * *** *****... sure **'* ******* ***, **** *** **** ******* ** ********* executing ** **** ****.

*** ******* ***** *** ** **** ** *** *** *** itself *** *** ********* *********** ** *** **** **** ***.

** ****** ****, ******* *** ******** * ******** ** **% performance */* ********* *****. **** ** ***** *** **** ***** with ******** *** ******* ****.

* ***** ** ********* ** ******.

******** **** ** *** (*********) *****'* **** ********/******* *** ********* on *** ***** ******* (****** **** ****** ** *** ****).

***** ** **** **** ******** (********.***.****.****.****.****) *** ****** *****.

*** **** **** **** ****** ***** ** ********://**************.*****.***/*****/***/********************.***

** ***** ********* *** **** ***** (*********)

*****://**************.*****.***/*******/*****/*****-***-***-*********

*** ****** **** ****** ** ***** ********* ****.

***** **** ***** ***** **** *** **** ******* ** ***** is *** **** ****** **** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

Why 3VR Failed on Feb 16, 2018
3VR destroyed transformed ~$65 million in VC funding into a $6.9 million exit. The reason they failed is simple. They bet on analytics. They...
Hanwha Wisenet X 5MP Camera Tested (XNV-8080R) on Feb 13, 2018
Wisenet X is Hanwha's high-end camera line. We tested their Wisenet X 1080p camera last year. Now Hanwha is offering 5MP cameras listing super low...
Favorite NVR / VMS Manufacturers 2018 on Feb 12, 2018
There is a new integrator favorite VMS. In 2016, 2 VMSes were effectively tied for top choice. One of those VMSes favorability was stable while...
Dahua 5MP Starlight Camera Tested (N52BM3Z) on Jan 30, 2018
Is 5MP the new 1080p? According to our recent statistics, average resolution continues to trend upwards. And now, manufacturers releasing new...
Shinobi: Moe Is Building His Own VMS on Jan 29, 2018
Building a new VMS may seem to be a thing of a bygone era. But one developer, Moinul "Moe" Alam, is doing just that and he has made his VMS,...
Worst NVR / VMS Manufacturers 2018 on Jan 29, 2018
These are the manufacturers who integrators reported the most significant problems with. 220+ integrators answered: In the past year, what...
Hanwha Wave VMS Tested on Jan 22, 2018
Hanwha has released their first open platform VMS, Wisenet Wave, an Network Optix OEM (see test results) enhanced with integrations and...
VSaaS Usage Statistics 2018 on Jan 18, 2018
VSaaS has been a 'next big thing' for more than a decade. The prospect of managing, storing and streaming video from the cloud rather than...
Amazon Deep Learning Partnership With AgentVi on Jan 15, 2018
Amazon is aiming to grow its Kinesis Video Streams offering that "enables you to quickly build computer vision and ML applications" in the cloud....

Most Recent Industry Reports

Why 3VR Failed on Feb 16, 2018
3VR destroyed transformed ~$65 million in VC funding into a $6.9 million exit. The reason they failed is simple. They bet on analytics. They...
"Fear Mongering": Hikvision USA Cybersecurity Director Dismisses Chinese Government Ownership Concerns on Feb 16, 2018
The facts are: The Chinese government created Hikvision and is Hikvision's controlling shareholder. Hikvision's Chairman, a Communist Party...
16:9 vs 4:3 Video Aspect Ratio Statistics on Feb 16, 2018
What aspect ratio do security integrators prefer? The 'standard' 4:3 or the 'wide' 16:9 one? 100+ integrators told us what they preferred, with...
Mercury Releases New Series 3 Redboard Access Panels on Feb 15, 2018
Mercury Security has their first major product release post-HID buyout, and things literally look different. The Series 3 SIO boards now are red...
Last Chance February 2018 Camera Course on Feb 15, 2018
This is the last chance to get into the Winter camera course, starts next Tuesday. Register now. IPVM provides the best education, live online...
Hikvision DeepInMind Tested Terribly on Feb 15, 2018
While Hikvision is heavily marketing deep learning and 'AI' as their next big thing, new IPVM test results of their DeepInMind NVR shows their deep...
Genetec CEO: You Cannot Buy Trust on Feb 14, 2018
Genetec's CEO, Pierre Racz, delivered a direct message at their channel partner conference: Racz has become a focal point in the industry debate...
Assa's Lowest Power Draw Maglock: Securitron M680E Examined on Feb 14, 2018
Securitron produces some of the most extreme maglocks on the market, including massively strong maglocks and even ones with integrated CCTV cams...
Hanwha Wisenet X 5MP Camera Tested (XNV-8080R) on Feb 13, 2018
Wisenet X is Hanwha's high-end camera line. We tested their Wisenet X 1080p camera last year. Now Hanwha is offering 5MP cameras listing super low...
Top Problems For Integrator Project Management on Feb 13, 2018
Security projects routinely encounter issues that jeopardize deadlines, create confusion, and shrink profits. Unfortunately, there are common...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact