Security exploits are almost always designed to penetrate specific operating systems. Microcode patches sometimes impose significant performance penalties on end-users. Why hasn't Intel provided end users with the option of installing operating-system specific means of passively detecting intruders, thereby facilitating identification of the perpetrators of the attacks?
This issue has been asked before, amid all of the claims of significant performance penalties, which were unfounded.
If you have actual, verifiable, reproducible proof of such a significant performance impact, show it. And, not some link to some professor with a theory.
So, you dispute the statement 'Microcode patches sometimes impose significant performance penalties on end-users...'
And, according to you, '...all of which were unfounded.'
(Why did I expect a forum at intel.com to attract a more erudite audience, with an interest in discussing matters of substance in a thoughtful productive manner ?;)
Maybe you could start by identifying which processor, which patch, which OS, and which claimed performance penalties you believe to have been unfounded. (?)
Keeping in mind, even if a given patch imposes a negligible impact on performance, failure to provide passive detection options to user communities is an egregious status-quo on the part of Intel and AMD at a minimum. And, BTW, passive detection code would certainly impose performance penalties as well -- which goes directly to the point of the post (which you obviously missed).