Windows 10 Will Banish Spectre Slowdowns With Google's Retpoline Patch (zdnet.com)

← Back to Stories (view on slashdot.org)

Windows 10 Will Banish Spectre Slowdowns With Google's Retpoline Patch (zdnet.com)

Posted by BeauHD on Sunday October 21, 2018 @06:18AM from the performance-improvements dept.

Microsoft is including Google's mitigation for the Spectre Variant 2 speculative execution side-channel attack in the next release of Windows 10, currently codenamed 19H1. ZDNet reports: Google developed a software-based mitigation for Spectre Variant 2 called Retpoline that constrains speculative execution behavior sufficiently to mitigate an attack. Google's testing found its fix had a negligible effect on performance. Retpoline was implemented by Linux distributions such as Red Hat and SUSE, as well as by Oracle for Oracle Linux 6 and 7. And now, as MSPoweruser spotted, Microsoft's kernel engineers have confirmed that Retpoline will be part of the next version of Windows 10, 19H1, which is due out next year. Google's Retpoline plus Microsoft's own kernel modifications have reduced the performance impact to "noise level", according to Mehmet Iyigun of Microsoft's Windows and Azure kernel team. "Yes, we have enabled Retpoline by default in our 19H1 flights along with what we call 'import optimization' to further reduce perf impact due to indirect calls in kernel-mode. Combined, these reduce the perf impact of Spectre v2 mitigations to noise-level for most scenarios," wrote Iyigun.

"The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have," reports ZDNet.

61 comments

Min score:

Reason:

Sort:

What is taking them so long ? by Alain+Williams · 2018-10-21 06:33 · Score: 5, Interesting

Linux vendors had patches out in March!
1. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 06:40 · Score: 0
  
  Well obviously, the windows kernel developers got sick at the thought of using Google's code. Just look at that version number....
2. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 06:44 · Score: 0
  
  A lot more PCs are running Windows. As such, they have a much larger user base with a wider variety of hardware and software to test. With Linux, you just throw it out there and people who have problems can roll back because those users know what they're doing, usually.
3. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 07:15 · Score: 0
  
  The mitigations are already in. This is about converting the implementation to use retpolines everywhere.
4. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 07:18 · Score: 0
  
  It's the same thing with patching Meltdown. The Linux folk figured a way to use PCID which was added in 2010 to Westmere vs WIndows that uses INVPCID which was added in 2013 to Haswell. As a result, I've actually disabled the Meltdown protection on my Windows system (I use it almost exclusively for games and not online multiplayer) because the potential performance cost without the hardware assistance is pretty horrible. Seriously, there's something really wrong at Microsoft that they can't get their act together on much of anything it seems, these days.
5. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 07:26 · Score: 1
  
  Actually... the INVPCID version was the first version proposed for Linux... by Intel. 3rd party developers managed to hack PCID to do the same thing, yet the performance improvement (or rather reduction of mitigation's degradation) is not as big as using INVPCID. That's why Linux will now try to use INVPCID if available, then PCID if not or just suck up the mitigation cost.
  Microsoft probably had the patches ready from Intel way before the PCID method was even conceived. Remember that Intel was notified a long time before those vulnerabilities were made public, they even extended the deadlines for publication multiple times.
6. Re: What is taking them so long ? by Zero__Kelvin · 2018-10-21 07:36 · Score: 2
  
  A lot more servers, routers, smartphones, home appliances and other systems are running Linux. What's your point? Mostly that it didn't occur to you that Linux isn't the niche OS you are trying to claim it is I suppose.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
7. Re: What is taking them so long ? by Zero__Kelvin · 2018-10-21 07:38 · Score: 1
  
  So then ... the mitigations *weren't* all in then we're they? Thus this new one.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
8. Re: What is taking them so long ? by Zero__Kelvin · 2018-10-21 07:42 · Score: 4, Funny
  
  So you are saying Microsoft was way ahead of the pack but came in last anyway? Sounds about right.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
9. Re: What is taking them so long ? by Anonymous Coward · 2018-10-21 08:24 · Score: 0
  
  Microsoft and Linux have very different patching processes. Linux tends to be very fast while Microsoft has to go through their usual corpobullshit. Microsoft recently failed to act to a 0day discovered and reported to them in May (ZDI-18-1075, CVE-2018-8423).
  Another aspect is that Microsoft is a holistic vendor of operating systems while the burden of pushing patches for Linux to end users ends up at the distribution maintainers which are separate from the kernel. For Microsoft this adds bureaucracy, this adds delays, and firing the QA department doesn't help one bit. They made their own bed with profit-oriented short term gain decisions.
  On the other hand Windows itself isn't as profitable as it was before so they might simply just not care. All that matters to them is Azure and other services now.
10. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 08:45 · Score: 0
  
  3rd party developers managed to hack PCID to do the same thing, yet the performance improvement (or rather reduction of mitigation's degradation) is not as big as using INVPCID. That's why Linux will now try to use INVPCID if available, then PCID if not or just suck up the mitigation cost.
  3rd party developers, other than Microsoft. That's my whole point. They swallowed the Intel version, didn't care to investigate any possible other mitigations that'd work on earlier versions, and haven't adopted what everyone has done even after it became clear there's other approaches. I understand why Intel wouldn't work too hard on supporting older CPUs, but Microsoft trying to push itself as some sort of service should be focusing on trying to keep its customers happy.
  It'd be different if Meltdown was going to be fixed meaningfully soon, but only the latest Intel CPUs now finally have a hardware fix and actual wide adoption is going to take years at the least. It'd also be different if the CPUs in question were actually substantially inferior to modern ones but their new this year i3-8300 is pretty comparable to the i5-3570 (what I have) released in 2012 yet right before the Haswell cut-off. That doesn't even include the more high end i7-4960X released in 2013 which is also before the cut-off and near twice the performance.
  
  Microsoft probably had the patches ready from Intel way before the PCID method was even conceived. Remember that Intel was notified a long time before those vulnerabilities were made public, they even extended the deadlines for publication multiple times.
  I get that, but the point is that they've had over 6 months to introduce the PCID method into Windows. They're announcing only the Retpoline Patch method and that's not coming until next year. If Intel had to wait for Microsoft to have done the patching themselves without Intel's help, would we still not know about Meltdown or Spectre?
11. Re: What is taking them so long ? by Anonymous Coward · 2018-10-21 08:58 · Score: 0
  
  Many of those servers, routers, phones do not run Intel processors. Many have a very constrained i/o and memory map. Many run linux kernels specifically compiled for just that hardware.
  It's a completely different thing.
12. Re: What is taking them so long ? by Anonymous Coward · 2018-10-21 09:16 · Score: 1
  
  Windows 7 is why
  To address it in win7 all systems need a BIOS newer than may 2018
  Unfortunately only HP, Dell and Apple update their BIOS after 2 years due to enterprise demands. You are SOL if you have anything else and this have to rely on software to migitate the bugs.
13. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 09:24 · Score: 0
  
  3rd party developers, other than Microsoft. That's my whole point. They swallowed the Intel version, didn't care to investigate any possible other mitigations that'd work on earlier versions, and haven't adopted what everyone has done even after it became clear there's other approaches. I understand why Intel wouldn't work too hard on supporting older CPUs, but Microsoft trying to push itself as some sort of service should be focusing on trying to keep its customers happy.
  I agreed with your point and was just providing more context in terms of timing.
  
  I get that, but the point is that they've had over 6 months to introduce the PCID method into Windows. They're announcing only the Retpoline Patch method and that's not coming until next year. If Intel had to wait for Microsoft to have done the patching themselves without Intel's help, would we still not know about Meltdown or Spectre?
  This is standard Microsoft practice, and yes it sucks :)
14. Re:What is taking them so long ? by greenwow · 2018-10-21 09:58 · Score: 1
  
  > didn't care to investigate any possible other mitigations
  To be fair, I don't think Microsoft has the expertise on staff to do that. They got rid of most of their more experienced devs in order to save money. Several friends that are great devs got fired since they were so good at their jobs they couldn't be promoted, but Microsoft fires you if you don't get promoted enough. Their system gets rid of the people that are the best at their jobs.
15. Re: What is taking them so long ? by Anonymous Coward · 2018-10-21 10:05 · Score: 0
  
  Transitioning from an inefficient mitigation to a more efficient one. Stop trying so hard to be a fuck wad.
16. Re:What is taking them so long ? by p0p0 · 2018-10-21 11:00 · Score: 1
  
  Microsoft has tried adding it in but when they test Windows Update, it just deletes the patch from the filesystem!
17. Re:What is taking them so long ? by arglebargle_xiv · 2018-10-21 11:07 · Score: 1
  
  As such, they have a much larger user base with a wider variety of hardware and software to test.
  Funny, just a few stories down there's this one, which implies that testing for Windows 10 changes is more or less optional:
  
  Either tests do not exist at all for this code (and I've been told that yes, it's permitted to integrate code without tests, though I would hope this isn't the norm), or test failures are being regarded as acceptable, non-blocking issues, and developers are being allowed to integrate code that they know doesn't work properly...
18. Re: What is taking them so long ? by Anonymous Coward · 2018-10-21 11:41 · Score: 0
  
  A lot more servers, routers, smartphones, home appliances and other systems are running Linux. What's your point? Mostly that it didn't occur to you that Linux isn't the niche OS you are trying to claim it is I suppose.
  How many of those devices actually run Intel processors where this code would even be included? Even if they did, the vast majority of the Linux smartphones in the world will never get close to running the latest version that implements this fix anyway.
19. Re: What is taking them so long ? by Anonymous Coward · 2018-10-21 12:11 · Score: 0
  
  Wrong. Most servers run Intel chipsets by a huge margin. Many routers do as well.
20. Re: What is taking them so long ? by emil · 2018-10-21 22:13 · Score: 1
  
  Big companies are slow. This is especially so with profound changes to the kernel compiler, which were likely reviewed by Dave Cutler himself.
21. Re: What is taking them so long ? by Highdude702 · 2018-10-21 22:23 · Score: 1
  
  Correct for servers, Routers however the majority run broadcom or atheros chips, go look at lede hardware support list or dd-wrt support list.
22. Re:What is taking them so long ? by Anonymous Coward · 2018-10-21 23:06 · Score: 0
  
  Yeah but nobody uses it apart from script kiddies. All the cool kids who need to get work done or play games are on Windows.
23. Re: What is taking them so long ? by Anonymous Coward · 2018-10-22 00:35 · Score: 0
  
  Wrong.
  Intel is NOT making available patches that might be reverse engineered and studied.
  Most BIOS's have reserved pointers for such extensions - but hey obsolesence is the name of the game.
  We dont know the benchmarks. or even how/when the baseline was taken. MS do seem to populating releases before anyone else does an independant audit. Stack smashing sounds OK - but is there security stuff in the stack tht might be readable? One fix opens another problem.
24. Re: What is taking them so long ? by AmiMoJo · 2018-10-22 02:02 · Score: 1
  
  Difference being that "Linux" isn't responsible for patching all those devices. Microsoft has taken on a maintenance contract for hundreds of millions of computers. The terms are pretty shitty, if they brick your machine you are on your own, but they do at least pretend to try to make the update process kinda robust.
  So while the Linux kernel was patched in March, it takes time for distros to adopt the patch, and then even longer for admins to roll the patch out to devices. In fact many devices will never be patched. One thing you can say about Windows 10 is that most machines do get patched, even if it bricks them.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
25. Re:What is taking them so long ? by Anonymous Coward · 2018-10-22 04:57 · Score: 0
  
  Because they are actually testing it before releasing it
26. Re:What is taking them so long ? by Anonymous Coward · 2018-10-22 04:59 · Score: 0
  
  Life tip: Your friends lied to you. They simply aren't that good at their jobs.
27. Re: What is taking them so long ? by Anonymous Coward · 2018-10-23 05:10 · Score: 0
  
  Old and barebones systems can be turned into routers with operating systems like OPNSense. It's a good use for laptops that would otherwise be destined for the trash. A lot of those run Intel chips.
  But yes, I also completely understand that covers a small minority of households. Realistically, most people just buy off-the-shelf routers.
28. Re:What is taking them so long ? by Anonymous Coward · 2018-10-24 12:45 · Score: 0
  
  So the developers have admitted to being amateurs who don't know what they are doing. Microsoft is also using spyware embedded directly into Windows 10 to turn its customers into unpaid labour for free QA so that their company makes more money which they don't share with the people who did the work while simultaneously stealing customers' computer resources, customers' electricity and inflicting wear and tear on customer owned equipment.. They also use their collected customer's data for marketing purposes on top of that with advertisements that, much like the embedded spyware, are built into Windows 10 itself. Microsoft forbid customisation or control over Windows 10 and revert all changes with forced "updates" which almost always break the system and make it more vulnerable to attack.
  Only idiots use Windows 10.
Microsoft should be liable $1,000 / lost document by Anonymous Coward · 2018-10-21 06:41 · Score: 0

They force their shitty upgrades on people. Any document lost due to unwanted reboot or a buggy patch must cost Microsoft $1,000. No mass discount. If they go bankrupt after one week, too bad, they wanted it.
NSA told them to hold off by Anonymous Coward · 2018-10-21 06:44 · Score: 0

There's still a few system they have yet to infiltrate.
Remember to back up all your files by Anonymous Coward · 2018-10-21 06:57 · Score: 0

several days before Windows 10 19H1 is released -- Microsoft will forcefully install it, and delete all your files at the same time.
Great news! by Zero__Kelvin · 2018-10-21 07:31 · Score: 0

The great news? The highly unlikely possibility that you will fall victim to a speculative execution based attack has been addressed. The horrible news? It was implemented by the same company that can't guarantee your files won't be randomly deleted by the greatest security threat known in modern times, to wit Microsoft. I'm sure it's been well tested and there will be no problems though. Even Microsoft has to get it right occasionally, amirite?

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
1. Re: Great news! by Anonymous Coward · 2018-10-21 10:14 · Score: 0
  
  Did Microsoft fuck your mommy and convince her to abandon you only to do it again with the next woman?
  Did the kid who made the winning shot against you... was he wearing a Windows 95 backpack?
  Did a Microsoft commercial come on right when you were about to have your first orgasm watching Days Of Our Lives?
  Did they not hire you in spite of your obvious mastery of sorting algorithms in your senior year at DeVry?
  Or are you just a fucking loser with too much time on your hands? I am genuinely curious. I would read your book. Please write it. But for fuck sakes do not write it in Word.
A little late with it by Anonymous Coward · 2018-10-21 08:07 · Score: 0

Seems like Microsoft again is late to the party in protecting its users with better security solutions and instead created its own performance robbing patches. So 6 or so months from now most Windows 10 users will finally get what Linux and Chrome OS have had for a year. Brilliant Microsoft, and why couldn't this make it into 1809??
Microsoft management is becoming worse. by Futurepower(R) · 2018-10-21 08:23 · Score: 1

"Microsoft again is late to the party in protecting its users with better security solutions and instead created its own performance robbing patches."

Microsoft: More than 10 years of poor management

Microsoft needs a new CEO and a re-organization of management.
1. Re:Microsoft management is becoming worse. by Anonymous Coward · 2018-10-21 12:04 · Score: 0
  
  Bring Back Balmer!
2. Re:Microsoft management is becoming worse. by Anonymous Coward · 2018-10-21 14:19 · Score: 0
  
  Microsoft needs a new CEO and a re-organization of management.
  With this kind of thing it could have been a legal decision that Microsoft's team just decided the other way. Until they could prove the patch was as safe, they didn't want to risk it.
  I doubt they failed to investigate it in a timely manner. That would be grounds for a new CEO.
  We need a better way to run trusted and untrusted code side by side, but the only way that comes to mind is via provable isolation, with disjoint resources. For instance if the core set of applications used in a business were trusted, then you might be able to run them with less paranoid on access scanning and such. Unfortunately, I can't see that being anything but expensive, slow, or both.
  Maybe the docker container idea or similar? The stuff in this box is good, and isn't allowed to access anything questionable, so give it an isolated core/cache/memory/video interface and leave it alone? Similarly the stuff in the container would be protected from the rest of what is going on by using the dedicated resources.
  Another idea that comes to mind is web pages that don't use script languages. They used to exist, and certainly still could for a lot of content. Whenever you bring a Turing complete language into the mix, well its harder to limit. A lot is possible with just plain html, and only server side elements, including basic advertisements and such. The web pages would certainly load a lot faster.
Seriously? by Anonymous Coward · 2018-10-21 08:36 · Score: 0

According to TFS, most Linux distros don't have the patch either.
Only Big-Money distros like SUSE and Red-Hat, and their user-base is tiny compared to windows.
1. Re:Seriously? by r1348 · 2018-10-21 08:51 · Score: 2
  
  Nonsense, the patches are already upstreamed in the kernel code, any distro can distribute them.
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-21 09:15 · Score: 0

Windows 10 is still a pile of spyware, adware, bloatware and crippleware crap. It's not even a real operating system, it's a marketing platform.
Another case of Microsoft pushing Win10. by SeaFox · 2018-10-21 09:27 · Score: 1

Oh, we gave you a patch that will slow down your machine because of Spectre.
Did we mention we're getting a much better patch now? You have to update to 10 to get it, though.
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-21 11:12 · Score: 0

yes seriously, I'm using win10 pro with classic shell on all my machines, 5 laptops( 2 dell, 2 lenovo, and 1 HP) and 4 desktops(3 asus/amd, 1 intel/asus based machines). I have never seen a single case of adware and most of the apps can be removed including IE11. With the new release coming, you'll be able to remove even more apps that are installed by default. I don't use any of the included software so you'll have to explain the crippleware apps because I'm unfamiliar with any. Most of the telemetry and Cortana can be disabled almost completely except some parts of Cortana is needed for search.
-geekpoet
Retpoline does not "banish" slowdowns by complete+loony · 2018-10-21 12:00 · Score: 4, Informative

The retpoline hack is a deliberate stack smash, to execute an indirect jump that the CPU will not speculate. Since the CPU cannot speculate it, execution *must* be slower than code from before spectre was discovered. But it does mean you can turn off *really* slow CPU mitigations.
The real trick is avoiding the need for retpoline in the first place. Make sure that indirect jumps have shortcuts for commonly executed branches that aren't affected by Spectre.
BTW, I watched a great talk about spectre, for application developers, by a clang compiler engineer who was involved in the research on spectre.

--
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
MS: what about Server OSes? And why so slow? by mattb47 · 2018-10-21 12:20 · Score: 1

How about the patch where it really matters: on servers? Will this patch be available on Server 2016? Server 2019? 2012 R2? (OK, not really expecting it on 2012 R2 or earlier, but one can hope.)
Server 2016 and Windows 10 share (or at least used to share) a lot of the same codebase, so one would think Server 2016 could be patched here fairly easily.
And that this won't happen until the next Windows 10 release (probably April 2019)? Absolutely ridiculous. Get it out. NOW.
Codename 19H1? by Anonymous Coward · 2018-10-21 16:01 · Score: 0

Finally, Microsoft is naming their products like proper any proper virus should be.
1. Re:Codename 19H1? by Anonymous Coward · 2018-10-22 00:04 · Score: 0
  
  Sounds more like the pig flu than a computer virus
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-21 19:56 · Score: 0

I have never seen a single case of adware
Doesn't mean they aren't there. They were widely publicised on the lock screen, the start menu and the file manager, so you must live under a rock.

most of the apps can be removed including IE11
No they can't. You might be able to "disable" a few, but you cannot actually remove them.

With the new release coming, you'll be able to remove even more apps that are installed by default.
Oh, how very generous of them to give a tiny bit of control back to the user! Keep licking the boots of your overlords at Microsoft, for they control your computer and your data.

you'll have to explain the crippleware apps
Windows 10 itself is crippleware. It limits what the owner/administrator can do with their own computers. For example, you cannot disable automatic "updates", you cannot remove the bloatware and it serves up ads...all in a commercial, paid-for product.

Most of the telemetry and Cortana can be disabled almost completely except some parts of Cortana is needed for search.
"Most" is relative. When the "basic" spyware level collects a *massive* amount of data, that means "full" must collect an unimaginable amount of data...for no legitimate reason, without a way to disable *all of it* (some is not good enough) and without Microsoft paying users for that data. Really, that spyware should not even exist in the OS at all. It should be 100% impossible for Microsoft to collect any data whatsoever via the OS.
Windows 10 a huge pile of shit and the worst excuse for an operating system I have seen in my 40 years of computing.
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-21 20:03 · Score: 0

Oh and also I hope you enjoy your OS subscription because it's coming. Office went subscription for enterprise customers first but later went subscription for everyone. If you think Windows 10 isn't following suit, then you are naive and/or stupid beyond comprehension.
That's not even mentioning how Microsoft is using users as unpaid QA and making them suffer the consequences, such as every single Windows 10 "update" breaking something, destroying data or even destroying hardware because the "developers" are incompetent morons who copy and paste code from other sources into spaghetti without even understanding what it does. When you see a piece of software that receives updates very rapidly, you know the developers behind that software are crap.
Re: Use APK Hosts File Engine instead... apk by emil · 2018-10-21 22:10 · Score: 1

It is unlikely that subscription charges to Windows 10 will ever be enforced. ChromeOS and Android have supplanted Windows as the main consumer OS, and Microsoft likely will not want to see their market share decay any more rapidly than necessary. It is more likely that adware will be introduced on systems that do not have corporate subscriptions.
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-22 02:14 · Score: 0

"You might be able to "disable" a few, but you cannot actually remove them."
Simply not true. Look online into the use of the powershell commands:
remove-appxpackage and remove-appxprovisionedpackage *
You can easily remove almost all the Windows Store style apps from your account with the first, then remove them from the cache that installs them on newly created accounts with the second.
The apps that can't be removed are few: depending on the particular version of Windows family , you may or may not be able to remove Store. Edge (and IE - although it's not a Store "app") can be hidden but they are baked in because the WinAPIs rely on some of the underpinning components. But just about everything else can not only be disappeared, but removed. On Pro, Enterprise etc., whether or not you can remove Store, you can disable the Store outright via Group Policy.
* Please note there's more than one way to employ those commands, which allows for differing results. Read up.
Retpoline? by Anonymous Coward · 2018-10-22 04:17 · Score: 0

Retpoline? That sounds like a hair oil used in the 1920's! And brought back in the 1950's.
Greasers forever!
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-22 04:39 · Score: 0

Just about very single mainstream OS major update of any OS for desktop / laptop / workstation computers breaks something, and that since the beginning of time: OSX, Windows 95 thru Server 2019, most Linux distros, macOS etc. etc.
br.
Stop being all indignant, it's silly.
c6gunner's impersonating me & lying by Anonymous Coward · 2018-10-22 04:58 · Score: 0

See subject: c6gunner's name on this post as submitter yet signed "APK" https://linux.slashdot.org/com...
* I never say hosts cure Spectre/Meltdown OR it'd be on the Start64.com download page & I do NO MacOS X one!
APK
P.S.=> You say hosts = shit https://slashdot.org/comments.... ?
FACTS: /.ers & security pros + RESULTS say DIFFERENT:
1st: /.ers https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments.... https://slashdot.org/comments....
2nd: SECURITY PROS https://slashdot.org/comments....
3rd: REAL RESULTS w/ hosts vs. threats https://slashdot.org/comments....
EAT YER WORDS
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-22 10:25 · Score: 0

Those are old instructions that don't work for many apps any more. Microsoft "fixed" that a long time ago.
Re:Use APK Hosts File Engine instead... apk by Anonymous Coward · 2018-10-22 10:29 · Score: 0

They might break minor, unnoticeable things, they don't change all of your settings, erase your files, fry your video card and kill your hard drive like Windows 10 has.
Glad it wasn't included in 1809 by sydbarrett74 · 2018-10-23 17:18 · Score: 1

[from TFS] "The bad news is that Microsoft didn't include the Retpoline fix in the latest Windows 10 October 2018 Update Redstone 5, or RS5, release, even though, according to CrowdStrike researcher Alex Ionescu, it could have," reports ZDNet.
Not such bad news in light of 1809's data-losing file system bugs. I'd like to see something like this much more thoroughly tested, given the grave security implications.

--
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman
Re:MS: what about Server OSes? And why so slow? by sydbarrett74 · 2018-10-23 17:20 · Score: 1

My guess is that it will be prioritised for inclusion in Server 2019, then back-ported to 2016.

--
'He who has to break a thing to find out what it is, has left the path of wisdom.' -- Gandalf to Saruman