Microsoft disputes chip-fix claim
Intel’s view too optimistic on computing slowdowns, it says
Microsoft Corp. said fixes for security flaws present in most processors may significantly slow down certain servers and dent the performance of some personal computers, the softwaremaker’s first assessment of a global problem that Intel Corp. initially downplayed.
Microsoft’s statement suggests slowdowns could be more substantial than Intel previously indicated.
Intel Chief Executive Officer Brian Krzanich opened his keynote talk Monday night at the annual CES International gadget show in Las Vegas by addressing the hard-to-fix flaws disclosed by security researchers last week. At an event known for its technological optimism, it was an unusually sober and high-profile reminder of the information security and privacy dangers lurking beneath many of the tech industry’s gee-whiz wonders.
Some researchers have argued that the flaws reflect a fundamental hardware defect that can’t be fixed short of a recall. But Intel has pushed back against that idea, arguing that the problems can be “mitigated” by software or firmware upgrades. Companies from Microsoft to Apple have announced efforts to patch the vulnerabilities.
And Krzanich promised fixes in the coming week to 90 percent of the processors Intel has made in the past five years, consistent with an earlier statement from the company. He said updates for the remainder of those recent processors should follow by the end of January. Krzanich did not address the company’s plans for older chips.
“Security is job No. 1 for Intel and our industry,” Krzanich said Monday, also urging everyone to download software updates as soon as possible.
To date, he said, Intel has seen no sign that anyone has stolen data by exploiting the two vulnerabilities.
Intel shares fell $1.12, or 2.5 percent, to close Tuesday at $43.62 in New York trading. Microsoft stock fell 6 cents
to $88.22.
Microsoft cautioned in a blog post that servers, the computers that underpin corporate networks, used for certain tasks may show “more significant impact.” Not all servers will be affected, it said. Microsoft, which didn’t provide specific numbers, said it is testing a variety of systems and will update users on what it finds.
Personal computers running Windows 10 and sold since 2016 will face slowdowns of less than 10 percent, which Microsoft said will probably not be noticeable to users. Customers with older Windows 10 computers will notice some slowness because those machines contain older chips. Machines running Windows 7 and Windows 8 from 2015 or earlier will be the most affected with users noticing a decrease in system performance, Microsoft said.
On Jan. 3, Intel confirmed its chips contain a long-standing feature that makes them vulnerable to hacking. There are two main flaws, dubbed Meltdown and Spectre, and one or both are present in almost all of the billions of processors that run personal computers, servers and phones and could give attackers unauthorized access to data. The world’s largest technology companies are releasing software updates to patch these security holes, and there’s been intense debate about how much this will affect performance.
The increasingly dire assessments of the problem mean some customers will have to accept worsening computer performance in the name of security, forcing them to add more servers to get back to where they were before applying the security updates. It also shows the challenge of patching such widespread hardware flaws.
Intel has more than 99 percent
market share in servers, and its chips are in more than 90 percent of laptops and 88 percent of desktops sold.
Krzanich said late Monday that patches from companies like Microsoft may slow computers. Previously, Intel had played down such concerns, saying tests showed minimal or no impact on performance, although certain unusual workloads may be slowed by as much as 30 percent.
In a statement on Tuesday, Intel maintained its stance that most typical personal computer users won’t see a “significant” impact. Based on tests of computers using the latest components, slowdowns will be 6 percent or less, it said, while noting that results ranged from 14 percent to 2 percent.
It conceded that for servers, the whole picture is not yet clear and said that slowdowns will vary according to the technique used to protect machines.
“We still have work to do to build a complete picture of the impact on data center systems,” Intel said. “In some cases there are multiple mitigation options available, each with different performance implications and implementation specifics.”
Microsoft is offering more data about the impact so its corporate customers can decide whether it is worth it to apply the security fixes. In certain cases, where servers aren’t at risk from data theft, companies may decide speed is more important than security.
“We’re also committed to being as transparent and factual as possible to help our customers make the best possible decisions for their devices and the systems that run organizations around the world,” Windows chief Terry Myerson wrote in the blog.
Information for this article was contributed by Dina Bass of Bloomberg News; by Matt O’Brien of The Associated Press; and by Hayley Tsukayama of The Washington Post.