Intel® ISA Extensions
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Why is Intel allowing this?!?

levicki
Valued Contributor I
12,756 Views
I am not sure if this is the right forum for this topic, but given that it concerns new CPUs such as Kaby Lake I decided to start it here. Feel free to move it elsewhere, but I feel it is appropriate that people dealing with latest ISA extensions know what is going on. As you may or may not be aware, Microsoft has decided to prevent people with Kaby Lake CPU from obtaining Windows security updates if they are using Windows 7 or Windows 8.1: "The processor is not supported together with the Windows version that you are currently using" error when you scan or download Windows updates "Big deal" I hear you saying already "everyone should be on Windows 10 by now", but please, hold your horses and let me explain why everyone should be up in arms. Windows 7 is in an extended support phase which means no new features, but it should still receive security updates until End Of Life just like Windows XP did. Let's say that even though it marks a disturbing change in vendor behavior this is somewhat less important and somehow expected and move on to the crux of the problem which is Windows 8.1. Windows 8.1 is still in a mainstream support phase which ends on January 9th, 2018 and at least until then they should not only provide security updates but also feature updates. Security updates should be available until January 10th, 2023: Windows 8.1 Pro Lifecycle Now take a look at this screenshot and then take a look at the calendar: unsupported-hardware.png That's right, someone who paid for a Windows 8.1 license is denied support almost 9 (nine!) months before mainstream support end just because they happen to have Kaby Lake CPU! Same goes for some Sky Lake systems as well which makes the whole thing look even more stupid and arbitrary. Everyone in this forum surely understands that the message above is a pile of stinking bovine excrement and here is why: 1. Kaby Lake CPU does not have enough architectural difference compared to Sky Lake CPU to justify this artificial software block. 2. Every Sky Lake CPU has the basic set of features needed to run Windows 8.1, yet some of them are also blocked from receiving security updates. 3. Given that all Intel CPUs released after those which were lacking LAHF/SAHF instructions are 100% backward compatible there are no special tests those new security updates would need to go through to support new CPUs on old operating systems. 4. It makes sense to cut support for old hardware, not for new, 100% backward compatible, hardware. Given Microsoft's desktop OS monopoly I expected such a dick move from them -- after all, they want everyone to upgrade to their Windows 10 spyware so in addition to those 200 USD or EUR they extort for an OS license they can also monetize our personal data. But what I would like to understand is why is Intel allowing this? How is this in Intel's best and/or long term interest? Shouldn't all Intel's customers regardless of the CPU model enjoy the best possible security on every OS/platform which is still in mainstream support? I think that letting OEMs and Microsoft collude and do things like this should be met with legal penalties, because this is a typical bait and switch -- i.e. "Buy Windows 8.1 and you will get 5 year support... oh sorry you have Kaby Lake CPU now? No more support for you, but if you buy this shiny new Windows 10, you will get 5 year support...". Putting the reasons not to upgrade to Windows 10 aside for the moment, Intel should not allow Microsoft to get away with this one. Allowing this to go through is the same kind of mistake like the one where Intel allowed OEMs to decide whether hardware virtualization option was available in BIOS or not. Why? Because the message most consumers will get out of this is that Intel latest CPU is not compatible with older software which can't be further from the truth and it will just serve to damage Intel's brand. Somebody do something about it before it is too late.
0 Kudos
1 Solution
gaston-hillar
Valued Contributor I
12,394 Views

Igor,

Thanks for sharing the information you provide in this post.

I know that it is still necessary to have computers that run Windows. When you are a software developer, you have to use the platform that some projects require. However, due to the issues you mention in this post and other dozen issues, I've moved to macOS as my primary software development platform many years ago. After working with Windows, Linux and previously Unix flavors for dozens of years, I know that my Macs will upgrade to the newer operating systems and will provide me with security updates without issues. Macs run on Intel architecture and you can run most of Intel products without issues. I don't miss Visual Studio and any other piece of software written by Microsoft. Whenever, I am forced to use products that run on Windows, I use a Windows computer. However, the rest of my time, I enjoy working with a stable OS running on Intel CPUs.

I was never a big fan of Apple. However, after Windows Vista, Windows 8.x, I made the move and I never looked back again. Macs are more expensive but Windows as a platform for software developers is a nightmare. I still cannot believe Windows 10 doesn't allow you to disable automatic updates. As software developers that care about performance, we run benchmarks. Windows 10 doesn't care you are running benchmarks and starts installing updates and consuming CPU and disk. A nightmare. You can configure active hours. However, Windows 10 and Cortana do whatever they want with your computer whenever they want to. Windows 10 is the worst piece of software after Windows Vista.

 

View solution in original post

0 Kudos
40 Replies
levicki
Valued Contributor I
4,170 Views

zeffy's patch works beautifully so far...

Once Microsoft digitally signs wuaueng.dll it's game over.

I'm sure that for every MS patch to "correct" this, there will be a new patch to bring our freedom of choice back.

As I also wrote on GitHub, the problem is that crippling or outright disabling security measures to be able to install security patches doesn't make sense -- people even suggested disabling signature enforcement, but you need to keep the original goal in mind and that is improving security by installing hotfixes, not opening the doors for becoming an easy malware target.

Windows Update error message is like...

Sorry, but even I who started this topic have to disagree here with you -- Windows 10 is crap when it comes to user interface (ugly, inconsistent, things duplicated in old and new interface, important settings burried deep behind dozens of screens). It is also crap because of telemetry, privacy intrusions and forced updates. However, it is superior when it comes to security (it uses hypervisor features to protect account passwords from being extracted from LSA process memory), it can certainly better handle new CPU features and schedule threads, has DirectX 12 support, and it brings support for Linux bash which is tremendously useful for developers and system admins alike.

In other words, feel free to slander the part which is really bad (privacy, forced updates, telemetry), but give credit where credit is due.

Intel's driver installer won't let me...

Compared to CPU only functionality, believe it or not, display drivers are a bit different. If you want to know more about what has changed between Windows 7 and Windows 10 Creators Update, read this article about WDDM.

At this point with all those complex features added it is not really easy to have driver architecture such that you can support different WDDM versions with a single driver hence the decision to cut support in this case is somewhat justified.

 

0 Kudos
jimdempseyatthecove
Honored Contributor III
4,183 Views

I wonder if MS has opened itself up to being responsible (liable) for security breach when an otherwise perfectly usable security patch/update is unnecessarily inhibited from installing.

Jim Dempsey

0 Kudos
SergeyKostrov
Valued Contributor II
4,183 Views
>>By Gregg S ( Intel ) >>...Kaby Lake is probably backward compatible all the way back to DOS or OS/2... I'm not surprized to see such a move from Microsoft ( it acts in a very rude way ), everybody should remember an infamous MS Update KB3035583, but my concern is a response from an Intel employee Gregg S. Dear Gregg, I don't want to go too far personally and my questions are when did you start your career as a software developer, or a software engineer, and if you ever implemented at least a couple of code lines for 16-bit MS DOS operating systems? Since times of Intel 4004 4-bit CPU released in 1971 Intel Never designed a CPU for a particular OS. It always worked, and still works, in opposite way! OS designers use Intel CPUs and, for example, Apple's move from PowerPC architecture to Intel architecture is a clear demonstration of Intel's achievements in that area of technology. AMD wasn't selected as you see! Kaby Lake is 100% compatible with x86 ISA ( not probably! ) and since MS DOS and OS/2 source codes are compiled for x86 ISA then Kaby Lake CPU will execute their binary codes. Microsoft's statement is a clear disrespect of Intel. Once again, Intel has Not designed Kaby Lake for Windows 10 and Intel designed a next generation of CPU. Period. I think you crossed a red line of Code of Conduct of Intel Corporation and I don't think your manager or Intel's CEO authorized you to make a statement: >>..."Maybe you" should stop putting words in other people's mouths. But if you don't want to buy new processors because of >>an affinity to an older OS, I doubt anyone at Intel or AMD is going to lose any sleep over it... Igor did Not force us at all and he is absolutely right because Microsoft is forcing people to move to Windows 10 in a blatant way. Even if Microsoft's message is fuzzy it is a clear insult for Intel, and for all the rest guys who are loyal to Intel technologies. Gregg, you can't make such statements on behalf of Intel Corporation. Microsoft is set to damage relations with Intel and it is not a secret that it has an agreement with AMD. That is why Microsoft's C++ AMP technology is presented in AMD's APP SDK.
0 Kudos
NPiri
New Contributor I
4,183 Views
gaston-hillar wrote:
I still cannot believe Windows 10 doesn't allow you to disable automatic updates.
That's especially true for the Windows 10 home editions. Though in the Professional, Education, Enterprise & Enterprise LTSB editions of Windows 10, those users can delay or defer updates. But there are some ways to unofficially disable auto updates in Windows 10: http://www.windowscentral.com/how-stop-updates-installing-automatically-windows-10 And check out this Ghacks.net article: https://www.ghacks.net/2017/04/28/microsoft-needs-to-stop-blocking-updates-on-windows-7-and-8-1-pcs/ Seems like some old Intel Dual-Core CPUs like the E3500 & E5400 are being blocked by Microsoft's April 2017 security updates; if that's true then this is a major embarrassment for both Microsoft and Intel.
0 Kudos
gaston-hillar
Valued Contributor I
4,183 Views

@Noel,

Thanks for the links. I'll take a look at them. However, I have a brand new Lenovo laptop, Intel Core i7 Inside, Windows 10 brand new, a software developer computer, definitely not a Home Computer to just surf the Web. Windows 10 doesn't ask me to download and install updates. It never happened to me with any other Windows version.

I know there are unofficial ways of making the preinstalled Windows 10 version to stop making updates whenever Windows wants. It is unacceptable for an operating system that is used by developers. Windows 10 is preinstalled and recommended by both Lenovo and Intel for this extremely powerful mobile workstation that will be used by professionals.

As a result, I spend most of my time working with macOS. I didn't mention Windows 10 telemetry compatibility service and Cortana, that end up eating resources when you are benchmarking. I do believe Intel should work hard to make sure Microsoft stops making big mistakes in the operating systems. I really expect Microsoft to apply a patch for Windows 10 to allow users to decide when they want to update.

Of course, I'm forced to use Windows 10 to do some specific jobs. However, most of my time, I'm on macOS and my life is easier. Less time tweaking, more time being productive, and you do have Intel CPUs inside Macs. :)

0 Kudos
gaston-hillar
Valued Contributor I
4,183 Views

@Noel,

BTW, Thanks again for the link. Just in case you thought I was not happy with the link. I'll definitely use the info you provided me. :)

0 Kudos
Yuhong_B_
Beginner
4,183 Views

This is a good time to mention from https://blogs.windows.com/business/2016/08/11/updates-to-silicon-support-policy-for-windows/ : "This change is made possible through the strong partnership with our OEM partners and Intel who will be performing security update validation testing and upgrade testing for 6th Gen Intel Core [Skylake] systems running Windows 7 and Windows 8.1 through the end of support dates."

I think what Igor is pointing out is that the distinction is entirely artificial.

0 Kudos
levicki
Valued Contributor I
4,183 Views

I think what Igor is pointing out is that the distinction is entirely artificial.

Of course it is artificial. The article you linked says it all:

This change is designed to help our customers purchase modern hardware with confidence, while continuing to manage their migrations to Windows 10.

Emphasis mine.

Intel's shareholders want us to trash perfectly good 6th generation hardware, and buy 7th generation hardware which has absolutely no performance and/or feature benefit over the previous one (even power savings claims enabled by new modes in Kaby Lake are still unproven).

Microsoft's shareholders want you to trash Windows 8.1 which is working just fine and do so 6 (six!) years before official end of support.

The question is, what the hell are they smoking? I want some.

I work for an international company with about 850 employees in several countries. As a person who is also an IT liaison for my country I am involved in equipment budgeting and purchasing as well as in software licensing. Let me tell you this -- we are not migrating to Windows 10. Why? Because we still haven't migrated from 7 to 8.1 fully, and our existing EA does not cover upgrade from 8.1 to 10 -- we would have to buy new OS licenses, which is of course totally unjustified spending for fiscal year 2018 given that Windows 8.1 was supposed to be fully supported until January 10, 2023.

Now comes the problematic part. We have a 5 year hardware replacement cycle. Last one was in 2013 so 2018 is the year when my country should refresh its workstations and laptops. Big OEMs such as Dell, HP and Lenovo have started clearing out their inventories, and it is already a problem to order a workstation or a laptop with 6th generation hardware. If in 2018 we purchase 7th generation hardware and continue using Windows 8.1, for the next 5 years we will be sitting ducks when it comes to OS security.

So, what will be the net result from Microsoft's attempt to force us to spend money and migrate to an OS which is unstable, hard to control even in enterprise version, and requires both personnel re-training and validation as well as potential replacement of any custom software tools our employees might be using?

The result will be that not only we won't be buying new Microsoft OS licenses -- we will be replacing existing licenses with open-source solutions anywhere we can, and we will also be foreced to delay new hardware purchases and I am sure we won't be the only company to do so. This underhanded industry move means both Microsoft and Intel will lose money long-term because they wanted short-term savings by cutting support costs.

0 Kudos
Techno_S_
Beginner
4,183 Views


What if I say that Ivy Bridge (5 years old platform!) has been banned from security updates as well?
Can anyone from Intel or M$ try to comment this?


0 Kudos
SergeyKostrov
Valued Contributor II
4,183 Views
>>...The result will be that not only we won't be buying new Microsoft OS licenses -- we will be replacing existing licenses with open-source >>solutions anywhere we can... Dell ( Canada & US ) sells computer systems with pre-installed Linux Ubuntu operating system for more than 10 years. I don't know if some hardware IT vendor in Europe does the same.
0 Kudos
Gregg_S_Intel
Employee
4,189 Views

Sergey,

Not sure what you're disagreeing with as we are both saying Kaby Lake is backwards compatible and indeed shares an identical instruction set with Skylake.  (For what it's worth, I've been at this since a certain company in Redmond was only known for its BASIC interpreter and Typing Tutor.) 

Kaby Lake has some significant changes outside the ISA which need OS hooks to function properly or optimally: Hyperthreading, updates to Intel SpeedShift(tm) technology, Intel Turbo Boost Max Technology 3.0 which directs workloads to the fastest core available.

"Intel spokesman Scott Massey told [The Register], 'per Microsoft's support policy, they made the decision that Windows 10 would be the only Windows OS supported on 7th-gen Intel Core' processors. He added: 'The Microsoft support change obviously doesn't impact other operating systems.' "

 

 

0 Kudos
levicki
Valued Contributor I
4,183 Views

Gregg S. (Intel) wrote:
Kaby Lake has some significant changes outside the ISA which need OS hooks to function properly or optimally: Hyperthreading, updates to Intel SpeedShift(tm) technology, Intel Turbo Boost Max Technology 3.0 which directs workloads to the fastest core available.

1. None of the features mentioned have anything to do with security updates.

2. Even without OS hooks CPU should work in backward compatible mode (no SpeedShift, Turbo Boost 2.0, old HyperThreading behavior).

In other words, pure marketing bullshit.

 

0 Kudos
WWayn1
New Contributor I
4,183 Views

Time has passed since the thread was created and now it is "Coffee Lake" and everyone knows that the infamous MS message is an actual example of real "Fake News". Also contrary to Igor's statement above, it was discovered that it is easily possible to fool the Intel video driver into allowing one to install it on Windows 7 on Kaby Lake and it works just fine - more evidence that it was all a con with Intel and Microsoft in bed together on shoving users to Windows 10. I only wish someone would figure out how to run Windows 7 on Coffee Lake's GPU...because everything else runs just fine on it

0 Kudos
levicki
Valued Contributor I
4,183 Views

Wayne B. wrote:
Also contrary to Igor's statement above, it was discovered that it is easily possible to fool the Intel video driver into allowing one to install it on Windows 7 on Kaby Lake and it works just fine...

Ummm... contrary to what statement?

If you are referring to "hence the decision to cut support in this case is somewhat justified" part of one of my previous posts then maybe I was not clear enough. I never said it is not possible, just that I can understand them not wanting to support that combination since it definitely takes more Q&A effort compared to security updates.

Wayne B. wrote:
I only wish someone would figure out how to run Windows 7 on Coffee Lake's GPU...

And I wish people would stop giving money to Intel.

Why?

Because Intel obviously needs to lose their footing in the PC market and eat a giant, sour piece of humble pie, before they can finally show some respect for their customers again.

Not only has Intel allowed Microsoft to screw us over those security updates, not only they refused to provide support for their own products for older OS, not only their CPUs remained outrageously expensive generation after generation with miniscule performance gains, but they also sat on a fatal CPU design flaw (Meltdown) and fumbled their thumbs since June 2017 before attempting a fix in microcode which they released with fatal bugs that cause random system reboots and only after the flaw was already publicly disclosed.

With rushed (but how can something be "rushed" after 6 months of advance notice?) microcode updates they have screwed mainboard and system vendors who had to re-release UEFI updates, they have screwed virtualization providers which were at the biggest risk yet were the last ones to find out, they have screwed corporate IT administrators who had to roll back whole fleets of workstations, they have pissed off Linus Torvalds and screwed kernel developers who had to patch Meltdown and Spectre on the OS side, and finally, they have screwed all the customers with performance drop ranging from 4% to 23% depending on the workload.

One thing is certain, until things change Intel won't get any endorsement from me.

As far as I am concerned let them burn to the ground, hopefully together with that Satanic cult from Redmond they are in bed with.

0 Kudos
WWayn1
New Contributor I
4,183 Views

Igor I am on your side here. I completely agree with you. But my point is still valid - the fact that you can get iGPU working on Windows 7 with Kaby Lake very easily and running 100% shows that the related architecture (and related R&D) has not changed. It is pure nonsense that it is "something new" that needs to have a branch development for Windows 7. They just crippled it by removing the relevant sections in the installation inf file. Nothing more than that. You put those back and it works fine.

0 Kudos
TimP
Honored Contributor III
4,183 Views
As to continued use of Windows 7, I was surprised that 30 days after reverting from windows 10 it says I must buy a new product key. They have blocked the old one. It continues to run with the black background and activation reminder on each startup. I wonder if a new key will last another 8 years. I reverted from 10 when it crashed irrepairably during update. As for my laptops, Microsoft allowed the oems to drop their halfway efforts to provide win10 drivers.
0 Kudos
levicki
Valued Contributor I
4,183 Views

Tim P. wrote:

As to continued use of Windows 7, I was surprised that 30 days after reverting from windows 10 it says I must buy a new product key. They have blocked the old one. It continues to run with the black background and activation reminder on each startup. I wonder if a new key will last another 8 years. I reverted from 10 when it crashed irrepairably during update. As for my laptops, Microsoft allowed the oems to drop their halfway efforts to provide win10 drivers.

Did you reinstall Windows 7 from scratch and entered the old, pre-migration, key?

If you have a legitimate key you should call the phone support and ask for key to be unblocked.

Second option is to keep using Windows 10. If you remove Cortana, Windows Defender and all metro applications including the Store and disable all spying and tracking stuff using policy editor you should be ok for a while even if you let it install updates. However, if you go down that path you should commit yourself to reinstalling the OS from scratch manually every six months when new release is out and redoing all the apps and settings or trusting it that it won't fuck up your setup by auto-upgrading it on it's own.

There is also a third option -- get a Mac. Apple OS updates are seamless and non-intrusive, they don't reset your settings, don't experiment with your computer, hell they even managed to convert the filesystem from HFS+ to APFS without data loss. Oh, and they also don't need a product key and are not shoving useless junk such as Candy Crush Saga onto your computer. If you are tied to Windows because of Office and Visual Studio they now both exist for Mac. Finally, most Windows applications can be run under Wine or Mono or have good enough replacements. Switch if you can and don't look back.

That is, unless you are gamer and "need" DirectX 12 for the latest titles. That's about the only reason why someone would be using Windows today.

0 Kudos
Aziz__Umair
Beginner
4,183 Views

100% agreed with this statement "I think that letting OEMs and Microsoft collude and do things like this should be met with legal penalties" . Consumers shouldn't be trashed like this.  Further Microsoft is filled with incompetent fools who are only pushing their evil vision of spying everyone's daily life and with every update fail to deliver a usable OS.  Clutter which is dispatched along with windows 10 is twice the size of OS and puts load on the hardware. The crowd of newbies is supporting this useless OS without understanding any of the objectives behind this. Windows 7 or even 8/8.1 can boost the user experience upto 2 - 2.5x as they do not reside any additional clutter or continuous stats-sending services inside. I wish that intel could finally release drivers for windows 7 and 8/8.1 and do not play role in this kicking-dirt game.

0 Kudos
viveksandurekar
Beginner
3,984 Views

Yes! I'm using windows 10 regularly  But, still, the thing is  I'm using windows 7 and this is one of the common issue we still face during our work. The main cause is due to the generation processors and later updates are barrier to move further.

 

0 Kudos
AlHill
Super User
3,976 Views

Only Windows 10 is supported on 7th gen and later processors.  This is a Microsoft restriction.  Your complaints and concerns should be directed to Microsoft.

 

0 Kudos
Reply