It is hard to say with limited data being released so far. In some cases, you may be able to upgrade to a faster processor. Similarly, upgrading to faster RAM (if possible) may also help.
Until VMS manufacturers can issue some solid guidance on this, I would limit investments in upgrading components, or servers, as much as possible. It could turn out that server upgrades are the most practical approach for older hardware, as you would likely want to leave a decent chunk of free CPU to absorb any future enhancements that also add to processor utilization.
Also, this has not been addressed so far, but if the server is supporting multiple applications (e.g.: VMS server and also mobile gateway server, etc.), it may be cost-effective to off-load some applications to other hardware to free up CPU for the core VMS.
With Milestone 2018 R1 you have the option to add one or more NVidia cards to a client machine to increase processing power. Milestone automatically load balances the GPU's and uses CPU for leftover needs. Due out Feb 20, 2018
With Milestone 2018 R2, you have the option to drop one or more NVidia cards into your recording servers to offload the decompression tasks. This is not due out till mid-summer so a bit of a gap for those patching now, but at least it is a real and relatively low-cost option that we have.
Unfortunately from the integrator's point of view, security networks are not so closed environments anymore.
IT departments are pushing towards opening security networks to other segments of the network, and sometimes yes they are open to the Internet as well either for remote assistance, remote monitoring or connecting remote sites.
The problem right now with BIOS updates is Intel released code that is causing a reboot problem. Dell, HP, and Lenovo have all removed the latest BIOS patches from their downloads and are recommending anyone who installed them to roll back. If you recently patched your BIOS, you should go back and check to be sure you didn't install a version that has been retracted.
“We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior,” he wrote.
Purely from a testing methodology standpoint, was testing done with Milestone Smart Client hardware acceleration enabled? It could stand to reason CPU usage and impact would be less than this if GPUs would being used to decode and render...
Don't suppose you can build an AMD Ryzen machine and retest this?
Intel has done a great job convincing everyone that Meltdown affects everyone despite AMD being entirely unaffected by this. So I'd be super curious to find out how much the Meltdown patch affects the speed vs Spectre.
We are currently evaluating this situation and discussing with customers whether or not to actually applying the BIOS patches.
The reason for this is that we want the customers to have a choice. Many of our customers have distinctly disconnected networks for CCTV and very high control over what can be installed on their machines, like web browsers.
To do this we need to call on our corporate security experts to look at the attack vectors and recommend actions.
With these high impacts we are seeing, many of our customers will have to do expensive and time consuming upgrades if there is no way around the BIOS patches.
Yes, some ARM chips are affected also. Embedded recorders of the sort that do not allow you to load external software/apps/etc., and instead distribute software as complete firmware images are less likely to be infected. A caveat of course being that you do not have things like telnet, ftp, ssh, open where an attacker could upload a binary directly to the system.
Currently exploits rely in some malicious software being executed on the device that is designed to leverage these vulnerabilities. (note it may not technically need to be installed, as there have been some browser-based PoC's). With most embedded NVRs you do not have a way to load random software or even execute a browser, so they are safer than PC-based systems in that regard.
Also keep in mind the above is based on current knowledge of the vulnerabilities and exploits. As more details about these vulnerabilities circulate among black-hat hackers there could be new exploits devised that put embedded NVRs at greater risk.