Oh, AMD (Premium)

No one should be surprised that AMD is also impacted by the industry-wide security vulnerabilities that have dominated the headlines in recent weeks. My concern, ultimately, is with this company's ham-handed response to this crisis. AMD is making Intel look responsible by comparison.

As you may recall, Intel has botched its response to the Meltdown and Spectre vulnerabilities, which is astonishing given that the firm had over six months to fix the flaws and prepare its public response. After an initial statement in which it downplayed the impact of the flaws---really, the impact of the fixes that would be necessary to mitigate the flaws---Intel was found to have lied. And yet it kept parroting the same misleading information, stating after it had been called out that it would somehow make its chips "immune" from both exploits.

Intel is an embarrassment on a number of levels, but the reason this is so serious is that Intel's chips---and, thus, the PCs, servers, and cloud data centers that rely on them---represent the biggest volume of devices that will be impacted. (Some are pointing to phones for some reason, but unlike PCs and servers, phones are replaced all the time, and have a natural and speedy schedule for being made obsolete. The impact there will be minimal at best.)

But the impact on PCs and servers is very real: Up to a 30 percent performance hit, depending on workload. Microsoft is now advising its customers to simply upgrade to the latest OS version, Windows 10, and the latest hardware, where it sees the least impact. Ironically, this will end up helping Microsoft---and Intel, and PC makers---thanks to the previously unexpected upgrade cycle that these vulnerabilities will no doubt trigger.

Like many, I've downplayed AMD's role in these security vulnerabilities, despite the fact that they are, in fact, not limited just to Intel. Instead, they target a basic design of most modern microprocessors, which use in-kernel caching to improve performance. That's the reason the fixes impact performance: Once you remove the cache from the kernel, data access is a lot slower.

Anyway, AMD has gotten a pass here on Thurrott.com only because this company is an also-ran. AMD microprocessors just aren't popular and they are only used on a low single-digit percentage of PCs, and in zero servers or cloud data centers, so the impact is comparatively low. Remember, AMD's failure is why Windows 10 on ARM exists: Microsoft needs two viable microprocessor vendors that can make each other do better work.

But AMD has gotten a pass elsewhere because it lied about the impact of these flaws on its chipsets, describing "a near-zero risk to AMD processors." And that is something I did call them out on: "It was dumb of AMD to brag---literally---that it saw almost no impact from these flaws in its own chipsets," I noted early on.

You don't brag about your supposed invulnerability to an industry-wide problem, AMD, and that's true even if yo...