Intel has put a lot of stock in their CPUs, with their new eighth generation line offering up higher performance than ever before. However, most devices sold now are running seventh generation versions, and it appears that a large CPU bug has been uncovered in a variety of Intel chipsets. Presently, programmers are working to fix the problem in Linux’s virtual memory system. macOS users on 64-bit hardware will also need to ensure their systems are updated as the problems are with Intel’s x86 hardware. The issues can’t be fixed with just a small update, and you will either have to update the OS or buy a new processor without the issue at some point.
The bug is a chip-level security issue and opens the door to vulnerabilities that haven’t been revealed yet due to an embargo. However, some information has been released about the bug despite that. The bug is in Intel processors produced over the past decade and allows programs, including browsers, to discern the contents of what would normally be protected kernel memory. The fix involves separating the kernel’s memory completely from whatever the end user is doing.
The issue crops up whenever a running program needs to do anything, like write to a file as the kernel is present at every stage of the process. It’s invisible, but still there and when a program makes a call to the system, the processor goes to kernel mode and enters the kernel. When the process is done, the CPU goes back to user mode and in user mode, the kernel’s code is out of site – but still present. The fix moves the kernel into a separate space so it isn’t there. The flaw is believed to be due to Intel allowing kernel access protection to be bypassed, but exactly how that is being done isn’t clear.
The fix is great because it will prevent the issue from happening – but it does have a major downside. This separation of the process is time-consuming since it involves it being done for every call to the hardware. They force the processor to dump cached data and reload information from the memory bank. This increases the kernel’s overhead and will naturally slow down the computer. This means that an Intel-powered machine will now be slower, with current estimates going from 5% to 30%. A 5% drop in performance isn’t too bad in theory, but if you have just spend $1,000 on a new rig either in core parts or in buying a pre-built machine, it hurts big-time because it automatically gives you a massive bottleneck.
There are ways to get around a weakened CPU slower your computer down – you can add more RAM either with physical RAM or by using a USB drive as a substitute. The former is definitely your best option, but if you’re lean on money or simply don’t have time to go searching for RAM that is compatible with your computer, it will work in a pinch. For Windows users, this is as easy as buying a USB drive for ReadyBoost and going through a few right click-involved steps to enable it. Using some of the stick is okay for a minor boost, but to get the most out of this method, you should devote the entire drive to it. If you have a thumb drive lying around collecting dust, you have nothing to really lose by doing this. Even buying a new drive just for this purpose shouldn’t be too costly since 32 GB drives go for around $10 regularly. For major slowdown, this is akin to filling a gaping hole with chewing gum – but it should help ease the burden a bit as a short-term fix.
The security vulnerability itself could be used by malware to gain access to a user’s computer, while hackers could use it for things like banking or medical information. It could also be used by programs or other users to read the contents of the kernel memory. Kernel memory is usually hidden from things like passwords and files, but if a piece of malware can gain access to kernel-protected data, then that’s one more layer of security that a user can’t rely on. In this increasingly digital age, that’s a particularly scary thought. Cloud services like Azure and Amazon will get security fixes soon, with Microsoft stating that Azure will get an update on January 10 while Amazon Web Services users can expect an update on January 5.
AMD processors use different security protections and won’t be affect by performance hits. This means that users who opted to go with things like the new Ryzen chipset wound up making a very sound decision in the long run – even if they may have gone back and forth on whether to use Intel or AMD hardware before. By not having this major issue, AMD can give itself a huge pat on the back publicly and also boost its sales while Intel is stuck doing damage control. Intel has been dealing with quite a few security issues over the past year and it seems to indicate a greater problem.
The company has been at war with AMD so much that they may very well have lost sight of what matters in the long run – taking care of their customers. Many companies get obsessed with winning an on-paper war and it affects their bottom line in the long run because they lose the confidence of consumers. With security problems and memory leaks coming out in just the past year, it’s harder to recommend Intel hardware because it seems less secure than AMD’s equivalents. While benchmarking tests may put Intel’s hardware above AMD’s at times, paying a bit more for AMD may be worth it in the long run for consumers trying to decide what to buy since it generally has far fewer problems to contend with. Intel needs to gets itself together for 2018 and make sure that they put out the best possible product instead of trying to win a war with a company in AMD that they are now working with selectively to make better chipsets.