Intel Meltdown / Spectre Patch Tested on Avigilon, Exacq and Milestone VMSes

Author: IPVM Team, Published on Jan 23, 2018

Significant concern exists about the impact on VMS servers and video surveillance systems of patching the Meltdown and Spectre flaws. Generally, reports have claimed a significant increase in CPU loads, though the amounts have varied depending on the source and services being used. This could be very problematic for VMS servers as it risks problems in recording, watching or playing back video.

Meltdown / Spectre Summary

Meltdown is a flaw in protections allowing unauthorized applications to access OS kernel protected memory. Spectre allows unauthorized applications to trick other programs into divulging private data. For technical details on these, see The Meltdown and Spectre CPU Bugs, Explained or various other online tech sources.

How To Patch

Users may see if their Windows machine is vulnerable using PowerShell, following the steps in this guide.

If so, in order to avoid both of these vulnerabilities, users must install two updates:

  • Windows Update KB4056892: This update should have been included in regular Windows Updates as of early January. This fixes the Meltdown vulnerability.
  • BIOS update: To fix the Spectre vulnerability, users must update their system BIOS, provided by their hardware manufacturer.

However, many devices have not yet received a BIOS update. Out of four different hardware manufacturers we checked (Acer, Asus, HP, and Intel NUCs), only Intel had released a BIOS update for our machines.

Tests Performed

IPVM measured CPU load of server and client processes prior to applying Windows and BIOS updates, and again after updating, using two configurations:

  • Recording only, 25 cameras, ~150 Mb/s
  • Recording and viewing, 10 cameras, ~30 Mb/s

Test Machine Specs

IPVM tested on three separate machines, all with the same hardware configuration, as follows:

  • Operating System: Windows 10 Pro 64-bit (10.0, Build 16299) (16299.rs3_release.170928-1534)
  • BIOS: RYBDWi35.86A.0350.2015.0812.1722 (pre-update)/RYBDWi35.86A.0368.2017.1220.0950 (post-update)
  • Processor: Intel(R) Core(TM) i7-5557U CPU @ 3.10GHz (4 CPUs), ~3.1GHz
  • Memory: 8192MB RAM

Note that these machines are fairly high spec, with relatively new processors (1-2 generations old). Older generation processors and lower spec machines are likely to see a greater impact.

Inside this report, we examine the results achieved across Avigilon, Exacq and Milestone plus our recommendations.

*********** ******* ****** ***** *** ****** ** *** ******* *** video ************ ******* ** ******** *** ******** *** ******* *****. Generally, ******* **** ******* * *********** ******** ** *** *****, though *** ******* **** ****** ********* ** *** ****** *** services ***** ****. **** ***** ** **** *********** *** *** servers ** ** ***** ******** ** *********, ******** ** ******* back *****.

Meltdown / ******* *******

******** ** * **** ** *********** ******** ************ ************ ** access ** ****** ********* ******. ******* ****** ************ ************ ** trick ***** ******** **** ********* ******* ****. *** ********* ******* on *****, ****** ******** *** ******* *** ****, *********** ******* ***** ****** **** *******.

How ** *****

***** *** *** ** ***** ******* ******* ** ********** ***** PowerShell,********* *** ***** ** **** *****.

** **, ** ***** ** ***** **** ** ***** ***************, users **** ******* *** *******:

  • ******* ****** *********: **** ****** ****** **** **** ******** ** regular ******* ******* ** ** ***** *******. **** ***** *** Meltdown *************.
  • **** ******: ** *** *** ******* *************, ***** **** ****** their ****** ****, ******** ** ***** ******** ************.

*******, **** ******* **** *** *** ******** * **** ******. Out ** **** ********* ******** ************* ** ******* (****, ****, HP, *** ***** ****), **** ***** *** ******** * **** update *** *** ********.

Tests *********

**** ******** *** **** ** ****** *** ****** ********* ***** to ******** ******* *** **** *******, *** ***** ***** ********, using *** **************:

  • ********* ****, ** *******, ~*** **/*
  • ********* *** *******, ** *******, ~** **/*

Test ******* *****

**** ****** ** ***** ******** ********, *** **** *** **** hardware *************, ** *******:

  • ********* ******:******* ** *** **-*** (**.*, ***** *****) (*****.***********.******-****)
  • ****:********.***.****.****.****.**** (***-******)/********.***.****.****.****.**** (****-******)
  • *********:*****(*) ****(**) **-***** *** @ *.***** (* ****), ~*.****
  • ******:****** ***

**** **** ***** ******** *** ****** **** ****, **** ********** new ********** (*-* *********** ***). ***** ********** ********** *** ***** spec ******** *** ****** ** *** * ******* ******.

****** **** ******, ** ******* *** ******* ******** ****** ********, Exacq *** ********* **** *** ***************.

[***************]

Test *******

** *** *****, ******** ****** **** ** ***** *** ******* vulnerability *** * *********** ****** ** *** ****, ********** *** load ** ********* ******** ** ** **** **-**%. ****** ** server **** **** ******* **** ** ******** ***** *** **** more ***********, ****** ******** *** **** ** *** ****** ***** systems ***** ******** *** ***** (** ******** ** **-**% ****). Applying *******' ******** ****** ** ***** ******** ***** *** * negligible ******, ********** **** **** **** *%.

****** *******, ** *** ** *** ******* **** ***** *******/******** updates, **** ** ******* ******, **** ******* *****, ******** ** video, ** ***** *** ************ ***** *** ***** **** **********. However, **** **** *** ******* *** **** **** ** **** testing *** ***** ***** **% ***********. ***** **** ****** ********** systems ** ***** **** ******* *** *** ****** ** ***** camera ******/***********.

***************

******* ** *** *********** ****** ** **** ******* ** *** load, ** ******** ********* **** ***** ** ****** **********/****** ****** count ******* ****** ***** ****** *** ******** ***** ** ********. Those ********* ******* ** **-**% **** *** ****** ** ******** to **-***%, **** *** ********* *** ****** **** ******.

***** **** *** ****** *****/********** ******* *** ****** ** *** little *********** ********** ****** **** ******* ******* ** *** ****** machine.

Intel ***** ******** ******* - ****** *****

******* *** **** ******* **** ****** ****** ****** ** ******* machines (****: **** *** *** ********** ****, *** ** *** be ******** *********). ***** ******** * ********* ** ******* **** that**** *** ***** ******** **** ********** **** ****** **** ******* ******* ****. ******* *********** *** that *** ******* ******* **** **** ******* ******* *********** *******, and ***** ** ************ ******** ** ******** ** **** **** the ******* ******* ** *** **** **** ** *********** *******.

Biggest ******: **** ******

** ***** ** ***** ****** *** ******** *** ******* ***************, users **** ***** **** ******* ******* *** **** *******. ** these ***, *** **** ****** *** * *********** ****** ** CPU ****, ***** ******* ******* *** ******* ******, **** ***** 1% ** *** ***** ******, **** ********* *** *******.

Significant ****** ** **** ********** ****

** *** ***** ** ** ****** *******, ~*** **/* ***** throughput, ****** ******* *** **** ********* ************* ***** ******** *** BIOS ** **** *******, **** *********** ************ ********** ** ~*% and ********* ******** ********* ** ~**%.

**** **** ** ******** ** ****** ** *********** ** ****** VMS ****** ******* (******* ******, **** *******, ********/******* *****, ***.), but ***** **** ****** ********** *** *** ****** ** **** jumps ***** ********.

Low ********** ********* *******

******* **** ** ******* ** ***** ** **/* *****, ****** load *** ***** ********* **** *****, *** *************** ****** **** 24 ****** *******, **** ***** ********** ** *% **** (* 50% ********) *** ********* ** *% (* ~**% ********). *******, Avigilon ******* ****** ****** *************, **** ~*% ** *%, *** as **** ****** ********** *******, ***** ********* *** *** ****** in ********** *********** ******.

Live **** ******* *** ******

*** **** ********* *** ***** ******* ***** ***** ******* **** far **** ***********, **** ******** *** ***** ********** ** **-**% when **** ******* ** ******* **** *** ******* ** *** recording ******. ********* ********* ** ***** *** **** *** **** percentage, *** * *************** ******* ******.

Test ********* ****** ********

***** ** *** ******* ***** ** *****'* **** ******* **** would ******* ***** ** **** ********* ****** ******** ******* ** production ********. ***** *** ****** ***** **** ** * ***-********** environment *** **** ** **** *** *** ******* **** ******* to ******** **** ** ************* *******.

Manufacturer ********

**** *** **** ** ************* **** *** ************* ********* *********** impacts **** *******. ** ***, ************* **** ********* **** *** still ** *** ******* ** *********** ******* *********** ******, *** recommended ********** *** ******** *******.

Comments (21)

**** ** *** **, ** ***** *** ******* / *****, you ******* *** **** * *********** ******* ** **** ***? Replace *** ***? ******* *** ******? **** *** ***'* ********* options?

** ** **** ** *** **** ******* **** ***** ******** so ***. ** **** *****, *** *** ** **** ** upgrade ** * ****** *********. *********, ********* ** ****** *** (if ********) *** **** ****.

***** *** ************* *** ***** **** ***** ******** ** ****, I ***** ***** *********** ** ********* **********, ** *******, ** much ** ********. ** ***** **** *** **** ****** ******** are *** **** ********* ******** *** ***** ********, ** *** would ****** **** ** ***** * ****** ***** ** **** CPU ** ****** *** ****** ************ **** **** *** ** processor ***********.

****, **** *** *** **** ********* ** ***, *** ** the ****** ** ********** ******** ************ (*.*.: *** ****** *** also ****** ******* ******, ***.), ** *** ** ****-********* ** off-load **** ************ ** ***** ******** ** **** ** *** for *** **** ***.

**** ********* **** ** *** **** *** ****** ** *** one ** **** ****** ***** ** * ****** ******* ** increase ********** *****. ********* ************* **** ******** *** ***'* *** uses *** *** ******** *****. *** *** *** **, ****

**** ********* **** **, *** **** *** ****** ** **** one ** **** ****** ***** **** **** ********* ******* ** offload *** ************* *****. **** ** *** *** *** **** mid-summer ** * *** ** * *** *** ***** ******** now, *** ** ***** ** ** * **** *** ********** low-cost ****** **** ** ****.

*** *** ***** ******** **** ** ***** ** * ****** environment **** ** * *** ******? ** *** ** ***** to ** ***** *** ** **** *** *** ** ****** random ****, ** ** * ******* *********?

************* **** *** **********'* ***** ** ****, ******** ******** *** not ** ****** ************ *******.

** *********** *** ******* ******* ******* ******** ******** ** ***** segments ** *** *******, *** ********* *** **** *** **** to *** ******** ** **** ****** *** ****** **********, ****** monitoring ** ********** ****** *****.

****** ** ****** **** **** ******* **** ** ******** ***** was **** **** ***********, ********** *** **** ** **-**% ** low ****** ***** ******* ***** ******** *** *****

******* ** *** ******* ************* *** ** * ************* **** right? *'* ****** **** ** ***** ** **** ** **'** at **% **** ** ** ******* ** **%-**%.

***, ****'* *******. *'** **** **** ** **'* **** *****.

***, *** **** ******* ** *********.

*** *******, *** ***** ****** ** *** *** ********** **** increased ** *% *** *****, ***** **** *% ***-***** ** 12% **** *****, **** *** * **% ********.

*** ******* ***** *** **** **** ******* ** ***** ******** code **** ** ******* * ****** *******. ****, **, *** Lenovo **** *** ******* *** ****** **** ******* **** ***** downloads *** *** ************ ****** *** ********* **** ** **** back. ** *** ******** ******* **** ****, *** ****** ** back *** ***** ** ** **** *** ****'* ******* * version **** *** **** *********.

**** *** ** ***** *****’* ******* ***** **** ****** ****

“** ********* **** ****, ***** ******* *********, ****** *************, ******** vendors *** *** ***** **** ********** ** ******* ********, ** they *** ********* ****** **** ******** ******* *** ***** ************* system ********,” ** *****.

*****://***.**********.***/*****-*******-*********-**-****-**********-***************-******/*******/******/

****** **** * ******* *********** **********, *** ******* **** **** Milestone ***** ****** ******** ************ *******? ** ***** ***** ** reason *** ***** *** ****** ***** ** **** **** **** if **** ***** ***** **** ** ****** *** ******...

****, ***** *** *** **** *********, **** **** **** ******** testing ****?

***'* ******* *** *** ***** ** *** ***** ******* *** retest ****?

***** *** **** * ***** *** ********** ******** **** ******** affects ******** ******* *** ***** ******** ********** ** ****. ** I'd ** ***** ******* ** **** *** *** **** *** Meltdown ***** ******* *** ***** ** *******.

** *** ********* ********** **** ********* *** ********** **** ********* whether ** *** ** ******** ******** *** **** *******.

*** ****** *** **** ** **** ** **** *** ********* to **** * ******. **** ** *** ********* **** ********** disconnected ******** *** **** *** **** **** ******* **** **** can ** ********* ** ***** ********, **** *** ********.

** ** **** ** **** ** **** ** *** ********* security ******* ** **** ** *** ****** ******* *** ********* actions.

**** ***** **** ******* ** *** ******, **** ** *** customers **** **** ** ** ********* *** **** ********* ******** if ***** ** ** *** ****** *** **** *******.

**** **** *************, *** ** ****** ********* ***** ** *********/***'* with ***** ***** ** **** *******/***** *******?

*** ***** *** ******** ************* ** ***** **** *******?

***** *** ********* ***************, ** **** *** ****** *** ** really.

***** *** ********* ** ********, ******** ******** *** **** * *** ******** ** ***** ** this.

*****,

**** **** * **** **** ******* ** ******* * **** smaller *** ** *** ***** *** ******** ** ****. **** this **** *** ********* ****** ** ******** ****/**** ** **** their ******** ****** ******* ****?

***, **** *** ***** *** ******** ****. ******** ********* ** the **** **** ** *** ***** *** ** **** ******** software/apps/etc., *** ******* ********** ******** ** ******** ******** ****** *** less ****** ** ** ********. * ****** ** ****** ***** that *** ** *** **** ****** **** ******, ***, ***, open ***** ** ******** ***** ****** * ****** ******** ** the ******.

********* ******** **** ** **** ********* ******** ***** ******** ** the ****** **** ** ******** ** ******** ***** ***************. (**** it *** *** *********** **** ** ** *********, ** ***** have **** **** *******-***** ***'*). **** **** ******** **** *** do *** **** * *** ** **** ****** ******** ** even ******* * *******, ** **** *** ***** **** **-***** systems ** **** ******.

**** **** ** **** *** ***** ** ***** ** ******* knowledge ** *** *************** *** ********. ** **** ******* ***** these *************** ********* ***** *****-*** ******* ***** ***** ** *** exploits ******* **** *** ******** **** ** ******* ****.

** ** ******* *** *************, **** ** * *** *****... sure **'* ******* ***, **** *** **** ******* ** ********* executing ** **** ****.

*** ******* ***** *** ** **** ** *** *** *** itself *** *** ********* *********** ** *** **** **** ***.

** ****** ****, ******* *** ******** * ******** ** **% performance */* ********* *****. **** ** ***** *** **** ***** with ******** *** ******* ****.

* ***** ** ********* ** ******.

******** **** ** *** (*********) *****'* **** ********/******* *** ********* on *** ***** ******* (****** **** ****** ** *** ****).

***** ** **** **** ******** (********.***.****.****.****.****) *** ****** *****.

*** **** **** **** ****** ***** ** ********://**************.*****.***/*****/***/********************.***

** ***** ********* *** **** ***** (*********)

*****://**************.*****.***/*******/*****/*****-***-***-*********

*** ****** **** ****** ** ***** ********* ****.

***** **** ***** ***** **** *** **** ******* ** ***** is *** **** ****** **** *** *******.

Login to read this IPVM report.
Why do I need to log in?
IPVM conducts unique testing and research funded by member's payments enabling us to offer the most independent, accurate and in-depth information.

Related Reports on VMS

Hanwha Dual Imager Dome Camera Tested (PNM-7000VD) on Oct 18, 2018
Hanwha has introduced their first dual-imager model, the PNM-7000VD, a twin 1080p model featuring independently positionable sensors and a snap-in...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Mysterious Patent Troll 'Secure Cam' Targets Industry, Sues Hanwha, Hikvison, JCI, Panasonic, More on Oct 11, 2018
A company named "Secure Cam," who is actively hiding their ownership, has acquired a slew of video patents and is systematically suing video...
Security System Health Monitoring Usage Statistics 2018 on Oct 09, 2018
How well and quickly do integrators know if devices are offline or broken? New IPVM statistics show that typically no health monitoring is...
IACP 2018 Police Show Final Report on Oct 08, 2018
IPVM went to Orlando to cover the 2018 IACP conference, the country's largest police show (about as big as ASIS), examining the 700+...
VMS Mobile App Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone on Oct 01, 2018
Mobile VMS apps are a critical interface for the modern surveillance user. But who does it best and worst? We tested 6 manufacturers - Avigilon,...
Hikvision 4MP Camera Tested (DS-2CD2345FWD-I) on Sep 27, 2018
Hikvision's latest Performance Series / EasyIP 3.0 4MP model, the DS-2CD2345FWD-I, was the top performer in our 4MP shootout, besting rivals from...
ASIS GSX 2018 Show Report on Sep 25, 2018
In the first major US show since the US government ban of Dahua and Hikvision was passed into law, the mega Chinese companies were in retreat and...
4MP Camera Shootout - Axis, Dahua, DW, Hanwha, Hikvision, Uniview, Vivotek on Sep 24, 2018
4MP usage continues to climb, especially for low cost fixed lens models. To see who was best, we bought and tested seven 4MP models from Axis,...
VMS Export Shootout - Avigilon, Dahua, Exacq, Genetec, Hikvision, Milestone on Sep 13, 2018
When crimes, accidents or problems occur, exporting video from one's video surveillance system is critical to proving incidents. But who does it...

Most Recent Industry Reports

Startup SafePass Profile on Oct 19, 2018
A major problem with visitor management is that the systems mostly require adhesive printed paper labels and paper logs, creating waste and an...
China Is Not A Security Megatrend, Says SIA on Oct 19, 2018
The US Security Industry Association has released its 10 "Security Megatrends" for 2019. SIA declares that these megatrends, such as "Advanced...
Hanwha Dual Imager Dome Camera Tested (PNM-7000VD) on Oct 18, 2018
Hanwha has introduced their first dual-imager model, the PNM-7000VD, a twin 1080p model featuring independently positionable sensors and a snap-in...
Camera Height / Blind Spot Added to IPVM Camera Calculator on Oct 18, 2018
IPVM has added camera height and blind spot estimation to the Camera Calculator. This is especially helpful for those who need to mount cameras up...
Axis Strong US Growth, Flat EMEA - Q3 2018 Financials on Oct 18, 2018
This spring, Axis had its best financials in many years (see Axis Strong Q2 2018 Results). However, over the summer, Axis had many products sold...
Best Alternatives to Banned Dahua and Hikvision on Oct 17, 2018
With the US government ban and a growing number of users banning Dahua and Hikvision, one key question is what to use for low cost? While Dahua and...
Video Quality / Compression Tutorial on Oct 17, 2018
While CODECs, like H.264, H.265, and MJPEG, get a lot of attention, a camera's 'quality' or compression setting has a big impact on overall...
Knightscope Winning Investors, Struggling With Growth on Oct 16, 2018
While Knightscope's new financials show the company only winning 11 new customers in the past 12 months, the company continues to win new...
Integrator Laptop Guide on Oct 16, 2018
This 18-page guide provides guidance and statistics about integrator laptop use. 150 integrators explained to IPVM in detail about their laptops,...
Huawei Admits AI "Bubble" on Oct 16, 2018
A fascinating article from the Chinese government's Global Times: Huawei’s AI ambition to reshape industries. While the Global Times talks about...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact