Processors
Intel® Processors, Tools, and Utilities
15548 Discussions

Why has Intel failed to provide exploit detection microcode patches as an alternative to 'preventive' patches for processor vulnerabilities?

tthom36
Beginner
964 Views

Security exploits are almost always designed to penetrate specific operating systems. Microcode patches sometimes impose significant performance penalties on end-users. Why hasn't Intel provided end users with the option of installing operating-system specific means of passively detecting intruders, thereby facilitating identification of the perpetrators of the attacks?

0 Kudos
3 Replies
AlHill
Super User
820 Views

This issue has been asked before, amid all of the claims of significant performance penalties, which were unfounded.

 

If you have actual, verifiable, reproducible proof of such a significant performance impact, show it. And, not some link to some professor with a theory.

 

Doc

 

0 Kudos
tthom36
Beginner
820 Views

So, you dispute the statement 'Microcode patches sometimes impose significant performance penalties on end-users...'

And, according to you, '...all of which were unfounded.'

 

(Why did I expect a forum at intel.com to attract a more erudite audience, with an interest in discussing matters of substance in a thoughtful productive manner ?;)

 

Maybe you could start by identifying which processor, which patch, which OS, and which claimed performance penalties you believe to have been unfounded. (?)

 

Keeping in mind, even if a given patch imposes a negligible impact on performance, failure to provide passive detection options to user communities is an egregious status-quo on the part of Intel and AMD at a minimum. And, BTW, passive detection code would certainly impose performance penalties as well -- which goes directly to the point of the post (which you obviously missed).

0 Kudos
AlHill
Super User
820 Views

If you have actual, verifiable, reproducible proof of such a significant performance impact, show it.

 

Doc

 

0 Kudos
Reply