Any Computer That Has “Intel Inside” from 2007 Until Now Is Hackable!
Intel ZombieLoad Transcript
Oh my goodness, we’ve had various Intel vulnerabilities over the last year, and some of them have been pretty big ones, frankly.
Right now, Intel is busy downplaying the latest vulnerability. And this vulnerability affects almost every computer that has an Intel CPU in it made since 2011. Unfortunately, it affects many Intel chips going back to 2007.
Intel has come out with a patch. Microsoft has released a patch that uses the microcode. Apple released their patch. All of the major vendors have released patches. Although, initially, the Microsoft patches were terrible and caused blue screens death. Okay, so as is typical with Microsoft updates, don’t do them right away. Wait and make sure that Microsoft didn’t mess it up yet again. Ya know, I don’t get it, those guys seem to mess it up more than their fair share.
Well if you can believe it, Microsoft had 19 critical patches in this months patch set for Windows. 19 Critical patches!
So, what has happened here, I’m not going to get into all the details. It’s pretty complicated. But security researchers are rating this as a 9.5 out of 10.
Keep an eye out, if you are on my email list watch for an email from me telling you when Microsoft has a stabilized patch set available, and it is safe to do these updates.
But make sure you do the update.
Now, let’s talk about what this updates going to do.
I found a great tweet from a guy over on Twitter. His name’s Quentin.
“FYI, as a cloud provider, we lost about 25% of CPU performance, over the last 18 months due to different security issues on Intel CPU’s limiting their capacity using microcode, etc., etc.”
So here he is reporting a 25% reduction. Apple is saying that they have seen as much as a 40% reduction in performance. That’s using tests that included multi-threaded workloads, public benchmarks, etc.
Wow! Now the actual results are going to vary based on the model configuration usage and other factors. So, Intel is advising people to turn off hyperthreading on their CPUs.
Now, let’s get real, where it does this matter? Where does it not matter? Well, you know, if you get hacked, it’s going to matter to you, right?
Obviously, it might be a big deal if your business goes out of business, due to this vulnerability, called zombie load.
However, if you’re not going to do the right thing and turn off hyperthreading and apply the patches because you cannot afford a 20 to 40% slowdown on your computer. I understand, just a little. It’s like buying an i7 that performs like an i5.
Okay, just to give you an idea, you paid extra for an i7, for that higher end Intel CPU. However performance wise you now have an i5, and it’s not even as good as the i5 was when it was first released. But you know, you paid extra. So there you go, right. Let’s downgrade all of these CPUs.
It really bugs me. Intel, by the way, isn’t about to give you an upgrade. They’re not. They’re not going out there saying Oh, guys, sorry about that. Here we go. Here’s a brand new CPU is fully compatible, just plug it right in. And you will be fine. No, no, no.
Intel is saying they will not issue anything sort of fix for any CPUs made between 2007 and 2011. Four years worth of CPUs now. It’s not all of the CPUs is just some of them. However, it’s pretty much all since 2011.
So thanks, Intel, now that I paid you extra for your latest and greatest chip just to get as much as 40% reduction in performance because you could not get your CPU code right. It’s absolutely, crazy!
Fortune has a great article on this. I will have it up on my website at CraigPeterson.com. Intel is saying that this vulnerability is only 6.5 on a 10 point scale. Whereas, the security researchers are rating this as a 9.5.
As I said, Intel’s playing the game here. They’re downplaying the seriousness of it. However, at the same time, they’ve offered to pay the security researchers more than they’ve ever paid anyone ever before. It appears to be a kind of a keep quiet type thing. That is what it looks like is going on here.
So what do you do? If the if you are a cloud service provider, and you have a mixed load, you have to turn off hyperthreading, you absolutely have to. If however, you have a desktop computer or desktop computers at your office, and you’re using advanced malware protection, like what we use from Cisco, I’m not talking about the crap, you know, the semantic the Norton stuff, okay, that that doesn’t count, okay, that will not protect you. But if you have AMP, and you have a properly configured, next-generation firewall that’s monitoring all the data coming in and out. You’re relatively safe. Okay, so I’m not telling you you’re safe. I’m not saying you don’t have to worry about it. I’m just telling you, you’re relatively safe for those people who can’t afford to get a significant cut in your performance. There you go. So Intel, basically, they’re just trying to get you to buy more machines.