Processors
Intel® Processors, Tools, and Utilities
14575 Discussions

Why has Intel failed to provide exploit detection microcode patches as an alternative to 'preventive' patches for processor vulnerabilities?

tthom36
Beginner
‎02-03-2020 11:09 PM
746 Views

Security exploits are almost always designed to penetrate specific operating systems. Microcode patches sometimes impose significant performance penalties on end-users. Why hasn't Intel provided end users with the option of installing operating-system specific means of passively detecting intruders, thereby facilitating identification of the perpetrators of the attacks?

0 Kudos

Link Copied

3 Replies
AlHill
Super User
‎02-03-2020 11:18 PM
602 Views

This issue has been asked before, amid all of the claims of significant performance penalties, which were unfounded.

 

If you have actual, verifiable, reproducible proof of such a significant performance impact, show it. And, not some link to some professor with a theory.

 

Doc

 

0 Kudos
Copy link
tthom36
Beginner
‎02-04-2020 12:26 AM
602 Views
In response to AlHill

So, you dispute the statement 'Microcode patches sometimes impose significant performance penalties on end-users...'

And, according to you, '...all of which were unfounded.'

 

(Why did I expect a forum at intel.com to attract a more erudite audience, with an interest in discussing matters of substance in a thoughtful productive manner ?;)

 

Maybe you could start by identifying which processor, which patch, which OS, and which claimed performance penalties you believe to have been unfounded. (?)

 

Keeping in mind, even if a given patch imposes a negligible impact on performance, failure to provide passive detection options to user communities is an egregious status-quo on the part of Intel and AMD at a minimum. And, BTW, passive detection code would certainly impose performance penalties as well -- which goes directly to the point of the post (which you obviously missed).

In response to AlHill
0 Kudos
Copy link
AlHill
Super User
‎02-04-2020 05:24 AM
602 Views

If you have actual, verifiable, reproducible proof of such a significant performance impact, show it.

 

Doc

 

0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.