Caught in the center of a security vulnerability storm, Intel has done the unthinkable and understated the severity of the problems.
Yes, there is a lot of blame to go around here.
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
It was wrong for The Register (no link, deliberate) to publish information about these CPU flaws before the industry could issue all of the fixes it was readying, for example.
And it was dumb of AMD to brag—literally—that it saw almost no impact from these flaws in its own chipsets.
But if I were to point the finger of blame at one company here, and I will, it would have to be Intel. The microprocessor giant has behaved in an irresponsible manner that is just hard to explain.
Consider just three of the quotes from the microprocessor’s statement, which I reported on yesterday. Each of these claims is technically true to some degree. But oh so wrong in all the ways that are important.
“Intel believes these exploits do not have the potential to corrupt, modify or delete data.”
Intel probably does believe that. But the firm left out the most important bit: Exploits based on the revealed flaws have the ability to steal your data. And this can happen in cloud-based servers, which makes the flaws particularly dangerous.
“Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect.”
It’s unclear why Intel put quotes around the words “bug” and “flaw” since there are in fact two bugs—or flaws—in all of its microprocessors. Are they unique to Intel chips? No. But Intel is hit the hardest here, because it has the most affected microprocessors still in use in the market, in particular in server and cloud workloads. And there is no fix for one of the flaws.
“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
Put simply, the fixes that are required will impact the performance of the CPU and thus the system of which it is part. And there is an evolving understanding of what this impact will be across those workloads, yes. So while it is probably fair to say that the performance impact on end-user PCs will be “not significant,” this comment neatly leaves out the most important bit. The performance impact to Linux-based servers—which power about 30 percent of the Internet—could be as high as 30 percent.
Put simply, each of these statements is irresponsible. And Intel needs to be held accountable for this misinformation.
chump2010
<p>So when do you apologise Paul for backing Intel – by saying that they were playing it down and its nothing to see here just yesterday. </p><p><br></p><p>You did not have the facts, but you quoted them like they were facts. You gave a quote from Intel, then interpreted it and backed it. </p><p><br></p><p>For instance:</p><p><br></p><p><strong>And third, and perhaps most importantly, reports about “30 percent” performance declines after the fix are also erroneous.</strong></p><p><br></p><p>“Contrary to some reports, any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”</p><p><br></p><p><br></p><p>You did not say Intel believe or some such, you were giving your own take on it like it was fact. At the moment nothing is fact. At most you should have quoted a statement from Intel, and not said anything more. By saying something more, you give the impression like you know more. When in fact you don't – which makes you just as irresponsible as The Register.</p><p><br></p><p><br></p><p>By the way, the fact that Microsoft had the patches ready, all ready to go, clearly makes me think they did not think it was such a serious flaw. They have done many critical out of date patches, but on this one, they did not think it was worthwhile. Except for Windows 10 of course which had their patches released today.</p><p><br></p>