Tails 3.14: OS performance hit unlikely in defense against ZombieLoad vulnerability

Top to Tails

UPDATED Tails 3.14 launches today (May 21), complete with kernel updates to mitigate the new Microarchitectural Data Sampling (MDS) vulnerabilities such as ZombieLoad.

As previously reported by The Daily Swig, ZombieLoad is a hardware security vulnerability affecting Intel CPUs.

Comparable to the infamous Spectre security flaw, the newly discovered vulnerability creates a means for attackers to read secrets from the memory of vulnerable systems.

Existing defenses rolled out in the wake of Meltdown and Spectre last year fail to defend against attacks, hence the need to apply microcode and kernel updates for the Tails operating system.

Responding to the flaw means it is necessary to disable SMT (Hyper-Threading), which can reduce performance on systems by up to 20%, depending on the workload.

“While disabling SMT can reduce performance (by up to 20% in worst case scenarios), it really is necessary to prevent trivial cross-process memory reads,” Tails forum contributor ‘cypherpunks’ commented.

“Luckily this only reduces the maximum performance when all CPU cores are maxed out, not the average performance, so unless a Tails user is doing some heavy compute job that is maxing out all cores, it won't be a major impact. Google’s Chromebook went with this option and disabled SMT.”

However, a representative of Tails told The Daily Swig that most users in the vast majority of scenarios will not incur a performance hit from disabling hyper-threading. Only the most intensive, number crunching workloads are likely to be affected. “Nobody from the team who run Tails 3.14 noticed any reduction in performance,” a Tails representative said. “Disabling hyper-threading can have serious performance costs when doing heavy computation but we don't expect most Tails users to notice the change.”

Start me up

Linux providers and Microsoft released operating system updates in response to ZombieLoad last week. Exploits based around this flaw have also been shown to work on Tails, necessitating the update, even though Spectre and Meltdown mitigation has been a feature of Tails since the 3.4 release in January 2018.

Tails is a privacy-focused, Debian-based Linux distribution designed to boot up on any computer and load up from either a USB stick or a DVD.

In April, Tails OS was started more than 733,000 times – more than 25,000 boots a day on average.

Tails aims to preserve the privacy of anonymity of its users, as well as offering a means to circumvent censorship.

All connections to the internet are directed through the Tor network. The operating system also bundles cryptographic tools to encrypt your files, emails, and instant messaging.

Launching today, Tails 3.14 also includes an update to the Tor browser (to version 8.5) and Linux (to version 4.19.0-5) under the hood, alongside various bug fixes and minor improvements.

The latest release of Tails has been trimmed down to remove excess fat, a Tails representative explained.

“In Tails 3.14, we're removing a bunch of applications that were less popular or more obscure (like Gobby, Pitivi, and Traverso), as a way of making the download a bit lighter for everybody. People who want more applications can now use the Additional Software feature (introduced in September with Tails 3.9).”

This story was updated on 22 May to add comments from a representative of the Tails development team