AMD has taken the opportunity to twist the knife regarding Intel’s current security woes , reminding customers (and potential buyers) that it doesn’t suffer from any of the latest vulnerabilities to have plagued the latter’s chips. While at the same time, news has emerged that Intel’s mitigations across all speculative execution vulnerabilities have a much heavier performance impact than AMD’s.
In a statement, AMD reminded us all that its processors do not suffer from ZombieLoad or similar ‘MDS’ (microarchitectural data sampling) variants because they are protected at the hardware level.
AMD noted : “At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’, ‘RIDL’ or ‘ZombieLoad Attack’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.”
Is your router a cybersecurity risk?
We've chosen the best internet security suites
How to protect your devices against ZombieLoad
So there you have it – and note the rather barbed first line suggesting that security perhaps isn’t foremost at the front of its rival chipmaker’s mind.
Tom’s Hardware also spotted some perhaps worse news, in that Phoronix, a Linux tech site, has done some performance testing to see how much of a slowdown is caused by Intel’s recent mitigations for ZombieLoad, and indeed other patches for speculative execution vulnerabilities like Meltdown and Spectre .
In Phoronix’s tests under Linux (so not Windows) across all these vulnerabilities, with hyper-threading enabled on the processor, the average slowdown in terms of Intel performance was 16%, while AMD only dropped by 3%.
We must of course remember this is just one set of tests on Linux, so doesn’t necessarily represent the full overall picture – but it gives us a good idea of the gulf between Intel and AMD in this respect, and it really doesn’t look too clever for the former.
Note that AMD doesn’t need patches for ZombieLoad, as previously noted, but the firm’s CPUs did require mitigations against Spectre, which is where the measured performance hit comes in.
More mitigation, more problems…
Perhaps even worse for Intel is the fact that Apple recently stated that the only way Mac owners can be sure of ‘full mitigation’ against ZombieLoad on their machines – ensuring watertight protection in cases where security is paramount – involves disabling hyper-threading on top of any patches.
And in Apple’s estimation that could mean a performance hit of up to 40% in a worst-case scenario (with demanding applications running on multi-core processors).
All this adds up to a suitably big headache for Intel, particularly as AMD is about to unveil its third-generation 7nm Ryzen processors possibly led by a 16-core beast according to the latest speculation.
And Apple, of course, is rumored to be looking at ditching Intel and making its own processors for Macs, and these sort of vulnerabilities could well be another good reason to push Apple down this path.
Also see how to protect against the Meltdown and Spectre CPU security flaws