Jan 3, 2018

Computer security world buzzing about a big Intel bug



The IT industry is bracing for the disclosure of a major bug in Intel chips that could affect processors going back a decade and require significant updates to Windows, Linux and cloud operating systems.

The big question: Making the software changes needed to mitigate the security risk could result in a significant performance drop, though the amount is unclear. Prominent security researcher Dan Kaminsky says that the worst-case scenario fears of a 30% performance hit is unlikely.

"Let's be a bit cautious about presuming to know the impact of the x86 page table vulnerability," Kaminsky said on Twitter. "This is pretty clearly a big deal, but the right people have been working on it. They're not the kind who would blithely ship a 30% across the board (performance) hit."

What we're hearing: Kaminsky told Axios that there could be some scenarios in which the performance impact is that high, but said that it is unlikely to be that severe for typical computing tasks.

Intel declined to comment.

Be smart: The first fixes might not be the last word on this. With a bug this widespread, there is significant incentive to explore multiple ways to solve the security issue and see which method would have the least impact on performance.

Go deeper