Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Why is Intel allowing this?!?

levicki
Valued Contributor I
9,552 Views
I am not sure if this is the right forum for this topic, but given that it concerns new CPUs such as Kaby Lake I decided to start it here. Feel free to move it elsewhere, but I feel it is appropriate that people dealing with latest ISA extensions know what is going on. As you may or may not be aware, Microsoft has decided to prevent people with Kaby Lake CPU from obtaining Windows security updates if they are using Windows 7 or Windows 8.1: "The processor is not supported together with the Windows version that you are currently using" error when you scan or download Windows updates "Big deal" I hear you saying already "everyone should be on Windows 10 by now", but please, hold your horses and let me explain why everyone should be up in arms. Windows 7 is in an extended support phase which means no new features, but it should still receive security updates until End Of Life just like Windows XP did. Let's say that even though it marks a disturbing change in vendor behavior this is somewhat less important and somehow expected and move on to the crux of the problem which is Windows 8.1. Windows 8.1 is still in a mainstream support phase which ends on January 9th, 2018 and at least until then they should not only provide security updates but also feature updates. Security updates should be available until January 10th, 2023: Windows 8.1 Pro Lifecycle Now take a look at this screenshot and then take a look at the calendar: unsupported-hardware.png That's right, someone who paid for a Windows 8.1 license is denied support almost 9 (nine!) months before mainstream support end just because they happen to have Kaby Lake CPU! Same goes for some Sky Lake systems as well which makes the whole thing look even more stupid and arbitrary. Everyone in this forum surely understands that the message above is a pile of stinking bovine excrement and here is why: 1. Kaby Lake CPU does not have enough architectural difference compared to Sky Lake CPU to justify this artificial software block. 2. Every Sky Lake CPU has the basic set of features needed to run Windows 8.1, yet some of them are also blocked from receiving security updates. 3. Given that all Intel CPUs released after those which were lacking LAHF/SAHF instructions are 100% backward compatible there are no special tests those new security updates would need to go through to support new CPUs on old operating systems. 4. It makes sense to cut support for old hardware, not for new, 100% backward compatible, hardware. Given Microsoft's desktop OS monopoly I expected such a dick move from them -- after all, they want everyone to upgrade to their Windows 10 spyware so in addition to those 200 USD or EUR they extort for an OS license they can also monetize our personal data. But what I would like to understand is why is Intel allowing this? How is this in Intel's best and/or long term interest? Shouldn't all Intel's customers regardless of the CPU model enjoy the best possible security on every OS/platform which is still in mainstream support? I think that letting OEMs and Microsoft collude and do things like this should be met with legal penalties, because this is a typical bait and switch -- i.e. "Buy Windows 8.1 and you will get 5 year support... oh sorry you have Kaby Lake CPU now? No more support for you, but if you buy this shiny new Windows 10, you will get 5 year support...". Putting the reasons not to upgrade to Windows 10 aside for the moment, Intel should not allow Microsoft to get away with this one. Allowing this to go through is the same kind of mistake like the one where Intel allowed OEMs to decide whether hardware virtualization option was available in BIOS or not. Why? Because the message most consumers will get out of this is that Intel latest CPU is not compatible with older software which can't be further from the truth and it will just serve to damage Intel's brand. Somebody do something about it before it is too late.
0 Kudos
1 Solution
gaston-hillar
Valued Contributor I
9,190 Views

Igor,

Thanks for sharing the information you provide in this post.

I know that it is still necessary to have computers that run Windows. When you are a software developer, you have to use the platform that some projects require. However, due to the issues you mention in this post and other dozen issues, I've moved to macOS as my primary software development platform many years ago. After working with Windows, Linux and previously Unix flavors for dozens of years, I know that my Macs will upgrade to the newer operating systems and will provide me with security updates without issues. Macs run on Intel architecture and you can run most of Intel products without issues. I don't miss Visual Studio and any other piece of software written by Microsoft. Whenever, I am forced to use products that run on Windows, I use a Windows computer. However, the rest of my time, I enjoy working with a stable OS running on Intel CPUs.

I was never a big fan of Apple. However, after Windows Vista, Windows 8.x, I made the move and I never looked back again. Macs are more expensive but Windows as a platform for software developers is a nightmare. I still cannot believe Windows 10 doesn't allow you to disable automatic updates. As software developers that care about performance, we run benchmarks. Windows 10 doesn't care you are running benchmarks and starts installing updates and consuming CPU and disk. A nightmare. You can configure active hours. However, Windows 10 and Cortana do whatever they want with your computer whenever they want to. Windows 10 is the worst piece of software after Windows Vista.

 

View solution in original post

0 Kudos
40 Replies
jimdempseyatthecove
Honored Contributor III
6,349 Views

Excellent post Igor, I agree with your sentiments (not MS's apparent centsiments). You might want to consider CC-ing this to one of those law firms that deal in class action lawsuits. The bait and switch point is valid. I would venture to guess though that as prior updates came in that a new set of Terms and Conditions came with it effectively prohibiting the user from upgrading their system. That T&C (if present) would also violate a "fair use".

Go for it. I'm sticking with Window 7 until I am convinced that Windows 10 is solid, easy to use (for a developer), and does not come with unwanted intrusions into what I do. I too am interested in updating my CPU.

Have you tried using an older CPU system to download the version of the updates for use by system administrators to update multiple PC's (you would only update one or two). The "unsupported..." may only inhibit the download and not the actual install.

Jim Dempsey

0 Kudos
levicki
Valued Contributor I
6,356 Views

Hi Jim, thanks for the comment, and welcome to this discussion.

The way I see this issue is as follows:

EITHER

1. Microsoft gets to claim Intel Kaby Lake and Sky Lake are not 100% backward compatible

OR

2. Intel gets to claim Intel Kaby Lake and Sky Lake are 100% backward compatible

It just can't be both at the same time -- either Microsoft is lying, and Intel is effectively enabling that by staying silent, or Microsoft is telling the truth, and Intel is falsely advertising their new CPUs as 100% backward compatible. In both cases Intel's behavior looks dishonest toward consumers and developers alike.

Both Microsoft and Intel should realize that by doing this they will, first and foremost, prevent developers from testing their existing applications for backward compatibility issues with Windows 8.1 and Windows 7, because developers are not stupid and will not run unpatched OS even if it is in a VM.

If you consult this graph, you will see that Windows 7 still has 49% of market share worldwide. Both Microsoft and Intel can try to ignore the reality, but the reality won't change itself because of their wishful thinking.

Manually downloading MSU packages and possibly also having to defeat arbitrary, artificial software limitations just to stay up to date when it comes to security in the age of constant 0-day exploits on an OS which I paid to use and which is on mainstream support is just not how I imagine my daily computer use.

As for Windows 10, all I have to say is this -- Microsoft has forgotten that the PC their OS is running is mine. If I don't want to install one of the updates it is my choice to make, not theirs. If I want to run a 3D render or a lengthy calculation which takes more than 18 hours to complete, I don't want OS rebooting to install updates to destroy my work. I also don't want my PC to be used for experimentation by default, and I don't want privacy intrusion to be an opt-out. I don't want OS telemetry which cannot be disabled, and I don't want it spreading into vital system components such as display drivers (I am looking at you, NVIDIA). I don't want a self-absorbed OS that will kick me out of full screen activity just to tell me "You have updates". I hate being bossed around and I hate the condescending tone of all system messages. I don't want an OS which believes it knows better than me which particular driver to install for a piece of hardware I own. I don't want it removing my applications and preferences on major upgrades -- they had decades to get that right and they still fail to upgrade even within the same OS version, let alone from 7 or 8.1. I don't want a horrible, harsh on the eyes, mobile-centric, UI on a desktop computer. And above all, I don't want to spend time changing my habits instead of using the damn thing.

0 Kudos
andysem
New Contributor III
6,356 Views

Igor, while I wholeheartedly agree with your sentiment, I believe your description of the problem is not accurate. Microsoft doesn't have to claim that Kaby Lake is not backwards compatible. Windows is a Microsoft's product, and Microsoft is free to choose the direction of evolution for its product. Obviously, the limitation is mostly for marketing reasons ("mostly" because Kaby Lake has a newer iGPU, which requires updated drivers). Marketing reasons alone may be perfectly enough for Microsoft to make that dick move, and I suspect Intel may have little leverage to change that. We can only guess on what legal agreements and contracts are in effect between the companies, but I'm struggling to imagine what Intel could potentially do to force Microsoft retract the limitation. It can't prohibit Windows execution on a future processor, for example, even ignoring the negative ramifications of such limitation for Intel itself if this was possible.

Now, if you have some legal leverage on Microsoft, like a sold copy of Windows that doesn't say that it isn't compatible with Kaby Lake, and that is still supported by Microsoft, you might test your luck in court. Honestly, I'm feeling skeptical, as I'm sure Microsoft lawyers are very capable and have probably checked if this limitation is legally possible.

Personally, I moved away from Windows quite a few years ago and my advice to everyone is to do the same. I cannot trust Windows neither my personal data nor business. Right now Linux is my choice.

 

0 Kudos
levicki
Valued Contributor I
6,356 Views

Microsoft doesn't have to claim that Kaby Lake is not backwards compatible.

What they are claiming is that NEWER Intel CPUs cannot handle the security updates which OLDER Intel CPUs can handle without issues.

If that doesn't spell out "NEW Intel CPU is not 100% backward compatible with OLD Intel CPU" then I am Santa Claus. To me it screams fraud and Intel here is complicit by not protesting it and asking that all Intel customers get equal security because all of its CPUs are equally capable in that regard.

Windows is a Microsoft's product, and Microsoft is free to choose the direction of evolution for its product.

At the time of purchase of Windows 8.1 back in 2014 I had no idea that future CPUs may be denied security updates before going out of mainstream support. If I knew that, I wouldn't have completed that purchase.

I am expecting Intel to put a stop to this because it is setting a dangerous precedent which involves a critical computer resource and which happens to be their main product. Never in the history of computing has a new x86 CPU been denied updates. Hell, not even old x86 CPU has been denied updates -- I can still compile latest OpenSSL to get best the possible connection security on Pentium III.

I can understand graphics card manufacturers shoving us to new OS -- after all DirectX 12 required considerable changes to OS kernel and core libraries and I can understand Microsoft not wanting to backport all that to an older OS which will soon enter extended support.

However, I can choose not to use DirectX 12, and my DirectX 12 GPU will still work and get driver updates. But no security updates on a new CPU? Come on, somebody slap some Microsoft exec with a cold, urine-soaked cloth in the face and scream in their ear until they wake up from whatever amount of coke they have been snorting when they decided to do this.

I am appalled by what is going on in the IT industry, and even more than that, I am appalled by people, especially engineers, being so numb and not protesting things like this. Do you people have no spine anymore?!?

0 Kudos
andysem
New Contributor III
6,356 Views

What they are claiming is that NEWER Intel CPUs cannot handle the security updates which OLDER Intel CPUs can handle without issues.

That's not what the message on the screenshot says. It says that the installed Windows version does not support the installed CPU. The fact that it will miss security updates is a consequence.

I can understand graphics card manufacturers shoving us to new OS -- after all DirectX 12 required considerable changes to OS kernel and core libraries and I can understand Microsoft not wanting to backport all that to an older OS which will soon enter extended support.

Given that the same functionality is available in OpenGL and Vulkan across all Windows versions since Windows 7, DirectX 12 being locked to Windows 10 is also very likely a marketing limitation more than anything.

 

0 Kudos
levicki
Valued Contributor I
6,356 Views

It says that the installed Windows version does not support the installed CPU...

If you want to be pedantic about what it exactly says, it says two things:

1. Your PC uses a processor that is designed for the latest version of Windows.

Replace "a processor" with "Kaby Lake", and "the latest version of Windows" with "Windows 10" and you get the first part of a frivolous claim:

1. Your PC uses Kaby Lake that is designed for Windows 10.

Did Intel really design Kaby Lake only for Windows 10? Or it was meant to be 100% backward-compatible?

But let's process the second part of the message too:

2. Because the processor is not supported together with the Windows version you are currently using your system will miss important security updates.

Again, replace "the processor" with "Kaby Lake" and "the Windows version you are currently using" with "Windows 8.1" and you get the second part of a frivolous claim, the part I dispute here:

2. Because Kaby Lake is not supported together with Windows 8.1 your system will miss important security updates.

Now let's refresh our memory of what the term backward compatibility means:

Backward compatibility is a property of a system, product, or technology that allows for interoperability with an older legacy system, or with input designed for such a system, especially in telecommunications and computing.

In this context, "Windows 8.1" is an older legacy system so the sentence "Kaby Lake is not supported together with Windows 8.1" implies that Kaby Lake is not backward-compatible, because if it were backward-compatible, there would be no reason to block it from receiving security updates.

Intel staying silent on this issue is the same as allowing Microsoft to claim that:

1. Kaby Lake is designed for Windows 10
2. Kaby Lake is not backward-compatible

Given Intel's commitment to open-source community and active involvement in Linux kernel development, not to mention billions of computer users relying on backward compatibility, neither of those two claims look good on their portfolio.

0 Kudos
andysem
New Contributor III
6,356 Views

Igor, as I've previously opined, this limitation has nothing to do with backward compatibility, so IMO, you're attributing Microsoft words they didn't say. For example, Microsoft could have just as well said they don't support AMD processors, no matter how compatible they are. (In fact, reportedly, they have indeed enforced the similar limitation wrt. AMD Ryzen.)

Kaby Lake is not supported together with Windows 8.1

This piece of text that you conveniently highlighted says pretty much all of it - Kaby Lake, no matter how compatible it is to the previous CPUs, is not supported with Windows 8.1 (and older). Given the Microsoft's agenda, it is likely that the "not supported" actually means "will not work", but even if it will, you're on your own with any problems that may appear with this combination.

In any case, I don't see much point in discussing Microsoft policy on Intel forum.

 

0 Kudos
Gregg_S_Intel
Employee
6,356 Views

"Backward Compatibility" and "Supported" are not synonyms.  Kaby Lake is probably backward compatible all the way back to DOS or OS/2.  Doesn't mean anybody supports it.  Backward compatible means legacy software can run on the hardware.  It is technically feasible.  No instructions were dropped.  That's all.

0 Kudos
levicki
Valued Contributor I
6,356 Views

"Backward Compatibility" and "Supported" are not synonyms.  Kaby Lake is probably backward compatible all the way back to DOS or OS/2.  Doesn't mean anybody supports it.  Backward compatible means legacy software can run on the hardware.  It is technically feasible.  No instructions were dropped.  That's all.

OK, let me rephrase that.

Windows 8.1 is legacy software, right? And it can run on Kaby Lake? But a security update to said legacy software does no longer qualify as legacy software itself, so all of a sudden it cannot run on Kaby Lake?

You can all twist and turn words and redefine their meanings to try and justify this, but nowhere in Windows 8.1 Professional SLA does Microsoft say they won't support future CPUs, yet that is what they are doing -- removing support for a 100% backward-compatible CPU.

Sure, you can split hairs and claim how saying something is not supported does not imply the reason, but the alternative of just dropping support without a good reason is even worse. If they just said it is not supported and allowed you to continue installing the updates after agreeing not to hold them liable for any potential issues, that would be the real meaning of "not supported". This is not "not supported" -- it is "actively blocked" and in software you only block things when something is not compatible.

In case it isn't clear, I am discussing Microsoft's support policy here because this particular policy has everything to do with Intel's main line of products.

0 Kudos
Gregg_S_Intel
Employee
6,356 Views

The security update can run on Kaby Lake, as in it is technically feasible.  The hardware has all the instruction needed.  However, support takes time, money, and effort. The owner of the software chooses whether they want to support a particular platform.  Hardware claims of backward compatibility have nothing to do with it.

Many operating systems run on Intel's products.  You don't like the one from Redmond, then don't buy it.

 

0 Kudos
levicki
Valued Contributor I
6,356 Views

The security update can run on Kaby Lake, as in it is technically feasible.

Except that it can't because it is blocked.

However, support takes time, money, and effort.

What additional QA validation need that takes time, money, and effort can you claim for Kaby Lake (or any other future or past x86 CPU for that matter) with a straight face?!?

People paid 200$ / 200€ for a licensed product which at the time of purchase promised support until January 9th, 2018.

The owner of the software chooses whether they want to support a particular platform.

Except that it is the same platform -- AMD64 (or Intel64 or x64 or x86_64 however you want to call it), and the owner cannot make that choice after the fact. If I sold you software and cut your support 9 months short just because I can you would scream bloody murder.

You don't like the one from Redmond, then don't buy it.

Are you really that dense, or you are just trolling? Don't you think I would notice if someone invented a time machine?

Windows 8.1 purchase for many people including me happened in 2014. How do you suggest we "don't buy it" now?!?

Maybe you believe Microsoft will honor our refund request? I doubt it, given how they are backpedaling on their promised mainstream support.

Or maybe you are suggesting we don't buy new Intel CPUs if we want to keep running the previous OS version? That is an advice I could get behind because if Intel stays silent on this, they are complicit in misleading the public.

0 Kudos
Gregg_S_Intel
Employee
6,356 Views

Again, backward compatibility is a technical hardware specification, and nothing more.  "Blocked" has nothing to do with backward compatibility.

It is not the same platform.  It is the processor formerly codenamed Kaby Lake, a thing which did not exist when you bought your software license.  Your license is still good for the hardware it targeted.  Enjoy.  (Not saying anything one way or the other about the wisdom of this particular software vendor's choice.)

"Maybe you" should stop putting words in other people's mouths.  But if you don't want to buy new processors because of an affinity to an older OS, I doubt anyone at Intel or AMD is going to lose any sleep over it.

0 Kudos
levicki
Valued Contributor I
6,356 Views

It is not the same platform.

Oh, but it is, read on.

It is the processor formerly codenamed Kaby Lake, a thing which did not exist when you bought your software license.

Neither did Skylake, but it seems some versions will be supported.

Look, I don't know what your position is with Intel, but it seems to me like you know little of CPU architectures.

Kaby Lake is the same thing as Skylake -- it is a (mostly manufacturing process) optimization of an existing micro-architecture. The Coffee Lake which will replace Kaby Lake is also going to be an optimization, not new architecture.

Moreover, you could go back all the way to Sandy Bridge (to 2011, three years before my license purchase), and be hard-pressed to find any significant differences when it comes to core OS functionality between all of them.

I mean look, this is what Wikipedia has to say about Kaby Lake:

Kaby Lake is the first Intel platform to lack official driver support from Microsoft for versions of Windows older than Windows 10.

If that's the association Intel wants consumers to make with their brand, if sowing confusion among customers, setting bad precedents, and alienating developers and enthusiasts alike is somehow beneficial to your shareholders, then who am I to stand in the way? Proceed with shooting yourselves in the foot, but be careful -- some of you might already have said foot in your mouth.

0 Kudos
Gregg_S_Intel
Employee
6,356 Views

If Kaby Lake is same platform as Skylake (you just said it is), then run your software on Skylake, problem solved.

As to the influence you imagine a hardware OEM should have on your software problem, you might want to read up on United States antitrust laws.

 

 

0 Kudos
levicki
Valued Contributor I
6,356 Views

...run your software on Skylake, problem solved.

So, if someone already has a Skylake CPU, and has to replace it in the next 8 months, they must buy another Skylake CPU if they want security updates for Windows 8.1 even though all 100 series mainboards work with Kaby Lake CPU, and the price is the same for a newer product? Yeah, that really makes sense.

...you might want to read up on United States antitrust laws.

Microsoft already has a monopoly on the desktop OS market, it doesn't get any worse than that.

0 Kudos
gaston-hillar
Valued Contributor I
9,191 Views

Igor,

Thanks for sharing the information you provide in this post.

I know that it is still necessary to have computers that run Windows. When you are a software developer, you have to use the platform that some projects require. However, due to the issues you mention in this post and other dozen issues, I've moved to macOS as my primary software development platform many years ago. After working with Windows, Linux and previously Unix flavors for dozens of years, I know that my Macs will upgrade to the newer operating systems and will provide me with security updates without issues. Macs run on Intel architecture and you can run most of Intel products without issues. I don't miss Visual Studio and any other piece of software written by Microsoft. Whenever, I am forced to use products that run on Windows, I use a Windows computer. However, the rest of my time, I enjoy working with a stable OS running on Intel CPUs.

I was never a big fan of Apple. However, after Windows Vista, Windows 8.x, I made the move and I never looked back again. Macs are more expensive but Windows as a platform for software developers is a nightmare. I still cannot believe Windows 10 doesn't allow you to disable automatic updates. As software developers that care about performance, we run benchmarks. Windows 10 doesn't care you are running benchmarks and starts installing updates and consuming CPU and disk. A nightmare. You can configure active hours. However, Windows 10 and Cortana do whatever they want with your computer whenever they want to. Windows 10 is the worst piece of software after Windows Vista.

 

0 Kudos
levicki
Valued Contributor I
6,356 Views

Gastón,

Thank you for saying what had to be said long time ago. Microsoft and Intel obviously intend to derail and crash the PC desktop train soon, it's time to get off. I am also in the process of moving to mac OS, and if Apple gets any bad ideas from Microsoft there is always Linux or BSD as a last resort.

To me, the main problem in the IT industry at the moment is the corporate greed.

You pay $200 for an OS license and the OS vendor by default takes all your personal data in order to monetize you even further because $200 is obviously not enough. But wait, there is more -- you pay $700 for a video card, and then the video card vendor adds telemetry to display drivers in order to monetize you even further, because for them $700 is also not enough. What is worse, the OS you can uninstall and use another, but $700 video card without proprietary drivers is just an expensive paper weight and driver digital signature enforcement just means you cannot patch out the intrusive parts.

Then there is this issue of outright cutting off support you paid for 8 months early, and you realize that they absolutely do not have any respect for you as a customer. Tell me why should I write software for their platform again? To help them get even more money? I know this might sound idealistic, but I'd rather write free software until I die than another Windows application ever again. And it looks like I won't have to, with this year's San Francisco IDF cancelled and all big vendors moving to cloud subscription based services it won't be long before developers lose interest in Widnows (especially desktop) as a platform.

0 Kudos
gaston-hillar
Valued Contributor I
5,400 Views

Jim,

Thanks for sharing this link. It is nice info to have.

0 Kudos
Eneko_C_
Beginner
5,213 Views

zeffy's patch works beautifully so far and they're currently looking at ways of patching in memory so as to not tamper with system files, which is nice. I'm sure that for every MS patch to "correct" this, there will be a new patch to bring our freedom of choice back.

Windows Update error message is like "Hey, since you have a powerful processor, use our latest operating system because we know that while it's basically crap, with your processor the experience won't be as bad as with an old one; and yeah, we want your money, and so we will purposefully hamper your usage (even though we're supposed to still support it) of our older and more efficient OS in your new processor so that you'll be forced to buy our last crappy OS. So to sum up, we will just be totally hypocrital and say your processor and OS aren't compatible or whatnot, okay buddy? ;)"

Anyways, I'm just a bit astonished with all this and it's being a really frustrating experience specially if like me you just want to enjoy your new laptop and stumble upon all this.

I'm also trying to install latest Intel graphics drivers and Intel's driver installer won't let me because they don't provide drivers for HD graphics 620 for 7th generation processors for Windows 7 for some reason that escapes my comprehension. But they do provide them for Windows 10. So correct me if I'm wrong because I'm no expert, but if the layer that talks to the hardware is coded in 64 bits and it's already there for Windows 10, it shouldn't be too hard to add or modify the layer that talks to the OS for Windows 7, right? And even not having a clue as I don't, I even suspect they could be pretty much the same or just the same anyways.

So this all makes me believe both MS and Intel are into this, and it's part of some commercial agreement between the two parties. This is not just the worst move in MS history, it's also a bad move from Intel in case. They can fool the general computer consumer to an extent, but eventually, all these not so techy people go to their techy friends and family for help, and they do as they say. So when we get pissed enough we'll advice to completely avoid buying this or that, or somebody will come up with a convenient image with patches for everything and it will be common place.

Really, really, crappy move there.

Edit: I'm 100% positive an intermediate driver/patch/whatnot can be built to translate or make available Windows 10 only drivers for Windows 7. That is, if it's actually even needed. But if it's not, then it would be nice driver installers wouldn't hamper our option to install them comfortably.

0 Kudos
Reply