Intel and Microsoft sow confusion over chip security flaw

Chipmaker talks down impact on PC users from fixing Meltdown and Spectre issues

Intel, the world’s biggest chipmaker, has painted the Meltdown and Spectre security flaws as an industry-wide problem that affects most modern processors. Photograph: David Paul Morris/Bloomberg

The tech industry is struggling to send a clear message about the fallout from a security problem affecting most of the world's computers, as Intel on Thursday talked down the impact on PC users, in contrast to comments earlier in the week from Microsoft.

Their statements sow further confusion for businesses struggling to decide how to respond to the revelation of the Meltdown and Spectre security flaws, following mixed messages from different chipmakers about how widespread or serious the problem is.

The contrasting responses have included a highly unusual suggestion from a Microsoft executive that some customers might be better off not even trying to secure their computers, if they felt the security gains were more than offset by performance losses. The comment came from Terry Myerson, head of the Windows and Devices group, who urged server users to "balance the security versus performance trade-off for your environment".

Intel, whose processors act as the brains in most PCs, said on Thursday that any slowdown in PC performance from the software patches needed to protect machines “should not be significant”. It has tried to minimise the effect since the news last week of a common processor design flaw that exposed many computers and devices – from smartphones to “smart” washing machines – to data loss.

READ MORE

‘Significant impact’

That was in contrast to Microsoft, which warned that “most users” of all but the most up-to-date PCs running Windows 10 and using the latest chips would “notice a decrease in system performance”. Microsoft also suggested that some servers running its software would show a “significant impact”, though Intel has yet to publish performance results for these machines.

Intel was quick to point out late last week that the big cloud-computing companies, including Amazon Web Services and Google, had said they were experiencing little or no slowdown from the remediation needed to protect their systems, and that most companies would see only minimal impacts.

By the start of this week, however, it appeared to have changed its stance. Intel chief executive Brian Krzanich warned that some software programs were seeing "a larger impact than others".

The conflicting messages come after tech companies tried to mount a co-ordinated industry-wide response.

Intel, the world’s biggest chipmaker, has painted the problem as an industry-wide one that affects most modern processors. However, one of three vulnerabilities uncovered by security researchers applies only to Intel’s chips. – Copyright The Financial Times Limited 2018