Security updates can slow down computers.
Continued: Intel said that there is a vulnerability not only in its processors.
Intel chips have discovered a vulnerability that allows attackers to gain access to passwords, files, and data stored in the kernel’s memory. The manufacturer cannot fix the bug himself: it can be closed only by developers, having reworked the architecture of the kernel at the system level.
The remaining details of the vulnerability are hidden for security reasons, but the AMD engineer suggested that the problem is the principle of operation of Intel processors: they are trying to predict the code that will be executed further, and for the sake of speed they do it without the necessary security checks. This makes it possible to run malicious code at the kernel level.
The essence of the fixes is to completely separate the kernel memory from user processes. However, because of this, many applications may start to work slower since some tasks are processed most quickly through the kernel.
In the past two months, programmers have been working on updating the OS, which closes the security hole in Linux and Windows. Judging by the test builds of the Windows Insider program, Microsoft may release a patch for its system on January 9th. The Linux kernel update has already been released , however, distribution developers may not have time to add it to their systems.
The Register publication noted that upgrades can reduce the performance of Linux-based computers by 5–30%, depending on the processor models and tasks: more recent chips are less susceptible to reduced power. Researcher Andres Frond (Andres Freund) conducted his own experiment, which showed that, at best, productivity drops by 17%, and at worst, by 30%.
Patches will be required for users of other systems, including macOS: apparently, Intel cannot solve the problem only with the help of firmware updates for the chip.
Detailed information about the vulnerability remains secret: Linux developers have specially edited comments on updates, and Windows, in principle, does not disclose the details of work on fixes. This is done so that attackers cannot reproduce the bug, since users have not yet received patches.
AMD processor manufacturer said that its chips are not vulnerable, since their architecture does not provide for such manipulations. Shares of the company rose amid problems with competitor processors.
Intel has not publicly commented on the situation. However, it is known that the company’s director general, Brian Krzhanich, in the middle of December sold 889 thousand shares of Intel, leaving only 250 thousand shares in his hands. He saved from this 54 million dollars.