Since the major processor-based Spectre and Meltdown vulnerabilities came to light earlier this month, technology companies have been working to develop and deploy patches across millions, if not billions, of devices. In the meantime, chipmakers Intel, ARM, and AMD face an uphill battle to minimize and contain the long-term damage created by the flaws in their processors.
While researchers who identified Spectre and Meltdown had warned that software patches could cause device performance hits of up to 30 percent, companies rolling out fixes are finding the impacts can vary widely. For example, Google yesterday reported that it had developed a “moonshot” mitigation for Spectre that has no material effect on the workload performance of its cloud customers.
In the meantime, Microsoft this week said it has “temporarily paused” patches for Windows customers running AMD processors after some users reported seeing the “blue screen of death” after the update was applied.
As work continues on short-term fixes, many experts agree the technology industry faces a wholesale reckoning of long-established practices that led to these vulnerabilities in the first place. For instance, cryptographer Paul Kocher told Scientific American this week that Meltdown and Spectre demonstrate a “failure of thought and attention” by chipmakers looking to balance security and performance needs. Kocher was one of the researchers who identified the Spectre vulnerability.
Heavy Fallout for Intel
Intel appears likely to see the greatest fallout from Spectre and Meltdown, as the latter vulnerability affects its processors most of all. Patches should be available for most of its chips made in the past five years, CEO Brian Krzanich said at the CES trade show in Las Vegas this week. He added that Intel is working with other companies to minimize the impact those patches will have on user workloads.
Meanwhile, Krzanich is under fire for having sold…