12.5 C
New York
Thursday, August 13, 2020
Home News In the battle between AMD and Intel, which processors are more secure?

In the battle between AMD and Intel, which processors are more secure?

The horse-race between AMD and Intel is fun to follow, but when it comes to security, there’s far more at stake than framerates in games. There looms a ghostly apparition that’s easy to forget. Speculative execution exploits like Spectre and its variants, as well as ZombieLoad and a number of other side-channel attacks, are still as scary as ever. 

Intel has seen the brunt of the blame for the vulnerability, but AMD processors aren’t exactly in the free either. Far from it. 

Both companies have been forced to implement mitigating patches and hardware fixes of their own to make sure users stay safe from these potentially nasty exploits. But with all that’s been done, which is the safer, more secure option for 2019: Intel or AMD?

Fighting from day one

The very first exploits revealed during the last painful year and a half of bug revelations, were Spectre and its variant, Meltdown. But where much of AMD’s back catalog was affected by Spectre alone, Intel chips released as far back as 2008 were vulnerable to both. Other exploits that would come to light in the months that followed, including Foreshadow, Lazy FPU, Spoiler, and MDS, were all viable attack vectors on Intel CPUs, but not on AMD’s.

To Intel’s credit, it has been fighting the good fight for its users since these exploits come to light, releasing microcode fixes and mitigation through software partners like Apple and Microsoft, that largely make these exploit paths redundant. 

Intel has also begun to implement much more permanent, hardware fixes to some of these exploits into its latest processors. These fixes work independently of microcode and software updates and make select processors safe and protected from those particular attacks by virtue of their design. These are products which do not feature the same flaws as earlier processors and represent the best effort yet to stop attacks like Spectre in its tracks. 

Intel began implementing hardware fixes in its chips with the release of eighth-generation Whiskey Lake-U CPUs, including the Core i7-8665U, i7-8565U, and i5-8365U, which are protected against Meltdown, Foreshadow, and RIDL thanks to hardware changes.

It’s comforting to know Intel is designing its future products with security in mind.

Its desktop lineup of ninth-generation chips, like the 9900K, 9700K, and 9600KF, all include the same hardware mitigation. The entire 2nd-generation of Intel Xeon processors, based on Intel’s Cascade Lake design, however, enjoy the most comprehensive collection of hardware fixes of all Intel’s CPUs so far, with only Spectre v1 v2, and V4, requiring some software protection.

Further fixes will be coming down the pipe with the gradual proliferation of 10nm Ice Lake mobile CPUs throughout the rest of the year.

Walden Kirsch/Intel Corporation

In a discussion with Digital Trends, Intel made it clear that there is no substantial difference in security between the microcode/software fixes and the hardware mitigations.

But it’s important to note that the end user has to take no action to be protected by hardware fixes. Where operating system or software updates are required, there’s a chance they may not be installed and that could leave users vulnerable. 

The only strategy that Intel has articulated pushes the problem off on to software in a way that the software developers aren’t equipped to handle.

Hardware fixes are a much more permanent solution to the problem and, according to Intel, “Future Intel processors will include hardware mitigations addressing known vulnerabilities.” It’s comforting to know Intel is designing its future products with security in mind, but those hardware fixes will not be exhaustive.

As Paul Kocher, senior technology advisor at Rambus, told Digital Trends earlier this year, “When you’re dealing with the most basic variant one of Spectre, the only strategy that Intel has articulated pushes the problem off on to software in a way that the software developers aren’t equipped to handle […] The proposed solution is everything you have a conditional branch, so an “if” statement in a program, that could lead to trouble if it was mispredicted. You’re supposed to put an instruction called “L Fence! in. Even with the new design, putting in L Fence has to stop speculation from occurring and that has a performance impact.”

Although not as affected as Intel, AMD is also bringing hardware fixes to bear on its new-generation hardware. Its Ryzen 3000 processors all feature hardware fixes for Spectre and Spectre V4, alongside operating system protections.

The price of safety

Hardware fixes aren’t just important because they make sure that anyone with that chip has the same fixes right out of the box, but because hardware fixes don’t have the same performance losses as some of the software patches. In some cases, they have to effectively turn off important features in order to protect against certain attacks.

Although not directly comparable to the mitigation’s effects on Windows PCs, Phoronix has conducted extensive testing on how they’ve affected the Linux platform. It notes a noticeable drop in performance in a variety of tests. In the cases where hyperthreading was turned off entirely, which companies like Apple and Google recommend, there was an average drop off of 25 percent in overall performance.

AMD wasn’t immune to performance loss with software mitigation in place. Phoronix’s testing noted a few percent drop in most cases, though they were typically far less impactful than Intel’s. That was true in the latest round of testing with Ryzen 3000 CPUs too, where Intel chips started out faster in some cases but became noticeably slower after mitigation.

When we reached out to Intel to discuss the performance hit from its exploit mitigations, it downplayed the impact, suggesting that, “Generally speaking, while performance impacts have been observed on select data center workloads, to the average consumer the impact of these fixes is minimal.”

It also pointed us to a report by security blog, The Daily Swig, which collected a number of statements on the performance hit from Spectre variant mitigations. The results were mostly positive on the Intel front, with a number of Swig’s sources suggesting the impact on end-users was minimal. It did, however, showcase that in certain cases, particularly in datacenters and cloud servers, some tests saw an impact of 10-15 percent from the fixes.

The greater concern is that device manufacturers won’t implement the mitigations for fear of their device appearing less capable than the competition.

As much as it’s disappointing to lose performance on a processor, the greater concern is that device manufacturers won’t implement the mitigations for fear of their device appearing less capable than the competition. Intel has made patches an optional implementation for device manufacturers and end-users. That’s something that Linux creator, Linus Torvalds, was heavily critical of in early 2018

When we asked Intel whether this practice would continue moving forward, it suggested that it wouldn’t mandate security patches for its partners, but that, “As always, Intel encourages all computer users to make sure they keep their systems up-to-date, as it’s one of the best ways to stay protected.”

Getting anyone to do so, whether it’s a smartphone or a laptop, is something that many companies struggle with, even if it is one of the most important ways to keep your devices safe from hackers and general malware. So the fact that these particular patches can cause performance dips makes it an even harder sell. Especially since there is very little evidence to suggest any speculative execution attacks have actually taken place in the wild.

In our discussion with Intel on the matter, it again downplayed the severity of these exploit paths, stating that “Exploiting speculative execution side channel vulnerabilities outside of a laboratory environment is extremely complex relative to other methods that attackers have at their disposal.”

It also pointed to a Virginia Tech study from 2019 that highlighted how an average of just 5.5 percent of discovered vulnerabilities were actively utilized in the wild. 

Don’t be scared. Be considerate

As much Spectre and its ilk are scary, Intel’s claims should temper that fear. Spectre is unlikely to have been leveraged in the wild, so far. It is also likely that anyone looking to hack your particular system will utilize other methods before they even consider an attack path like Spectre and its variants. There are just much easier ways of doing it. Not least just giving you a call and trying to social engineer you into giving up your private information.

But that doesn’t mean we shouldn’t factor in our concerns for Spectre when it comes to buying new hardware. The fact remains that Intel hardware is more susceptible than AMD’s, simply because there are a greater number of potential exploit paths on Intel CPUs and more of a reliance on software patches that may or may not have been implemented.


Newer hardware from both companies is safer and less impacted by mitigations than older chips. You’ll find more hardware fixes in both the latest Ryzen 3000-series processors and Intel’s 9th-generation chips. Ice Lake promises ever greater numbers of fixes and Intel’s rumored Comet Lake S chips in 2020 will no doubt include further fixes still.

If you are concerned about Spectre, upgrading your processor to either of the latest-generations of chips from Intel and AMD is definitely worth considering. If you’re particularly concerned or don’t want to worry about software patches, then AMD CPUs are less affected by these attacks. 

For now, there is unlikely to be much of a real world impact for the average person when it comes to these sorts of bugs.

It’s also worth pointing out that most experts we’ve spoken to think that we haven’t seen the last of these sorts of exploits, with more potentially coming down the pipe. That is, until Intel and its contemporaries develop a new, preventative strategy — perhaps like a secure core right on the die. Those potential new, undiscovered exploits could lead to further performance degradation on existing hardware too.

This is all just speculation; perhaps an apt way to look at the future of a speculative execution bug. For now, there is unlikely to be much of a real world impact for the average person when it comes to these sorts of bugs. But, if you have to choose a winner in terms of security and performance, there’s no denying that AMD hardware currently has the lead. Intel hardware is still great in so many ways, but this is one where its strengths are turned against it.


Gmail redesign with Chat, Rooms, and Meet integration begins rolling out

Google is taking on Slack and Microsoft Teams with the new "integrated workspace" in Gmail.What you need to knowGoogle has

England is launching a public trial for its contact tracing app

England is finally launching its contact tracing app...kind of.What you need to knowEngland is launching public testing of its contact

ROCKUBOT: Sterilizing robot kills germs and bacteria

We live in a dangerous time. Well, okay, maybe not dangerous, but a cautious one at the least. Germs and bacteria are everywhere and we’re more aware of it than ever before.We’re routinely wiping things down, washing hands, and cleaning on a more rigorous basis. And a lot of us are also sterilizing the things we touch. UV-C wands and lights are becoming commonplace in many households.The ROCKUBOT, available for just $99, is the sort of home companion that keeps a vigilant eye on your environment. It automatically traverses over surfaces with its UV-C light and ultrasonic wave technology to help eliminate 99.99% of bacteria, germs, viruses, and mites. All in a matter of seconds.The ROCKUBOT has 24 smart sensors that can help it avoid obstacles or power through terrain. And like your smart robot vacuum cleaner, it has a mapping and navigation feature. Similarly, it can also detect slopes, cliffs, and obstacles.Use the ROCKUBOT to clean a bed or room quickly, efficiently, and quietly, too. Or, take it into manual mode and clean smaller items like your phone, tablet, keyboard, and mouse.But Wait, There’s More!Tucked inside of the ROCKUBOT is a 5,000mAh battery. Yes, you can also take this device with you to keep your phone and other gadgets charged on the go.If that’s not enough to pique your interest, maybe you’d like the “Music Playing Version” of the ROCKUBOT. Priced just $108.99, it houses a Bluetooth speaker. It’s a Tom Haverford dream come true.Order Yours TodayPurchase your ROCKUBOT from the AG Deals Store for only $99.99 right now, saving about $30 in the process. Or, for a few bucks more go all-in with the version that houses a Bluetooth speaker. It’s a bigger savings at around $50 off today!Best SellersEarn Credits!For every $25 you spend in the AG Deals Store you get $1 credit added to your account. And, if you refer the deal via social media or an email that results in a purchase, you’ll earn $10 credit in your account.First Time Buying?If this is your first time buying, you are also eligible for 10% discount! Just be sure to subscribe for email updates.Free StuffNot looking to spend any money today? No worries. You can still visit the AndroidGuys section for freebies and pick something anyhow.

Microsoft Surface Duo pre-orders arrive ahead of September 10 availability

Nearly one year after teasing the device, Microsoft has made its Surface Duo official. While it technically works as a phone, Microsoft’s built the unit as an all-purpose multi-tasking product for professionals. Indeed, it’s like a shrunken down Surface experience that just happens to work as a phone, too.Powered by Android 10, the device features a pair of 5.6-inch OLED displays connected by a narrow 360-degree hinge. Together they form an 8.1-inch display.As one might expect, users can run multiple apps at the same time. Run them side-by-side and you’ll dial up the productivity. Or, in select instances, expand the app to let it take advantage of the larger tablet-like space.Microsoft has taken steps to customize the software and suite of apps, giving it a blend of the best of Android and Windows. Included are Office, Outlook, OneNote, Edge, and a host of other titles, many of which are built with two screens in mind.Key hardware includes a Qualcomm Snapdragon 855 processor, 6GB RAM,and a choice of 128GB/256GB storage.Additionally, the Surface Duo has USB-C, video output via DisplayPort HDMI, a fingerprint reader, and an 11-megapixel camera with 1080p video conferencing/4K video capture. A 3,577mAh battery runs the show and supports 18W fast charging.As a company, we are focused on delivering purposeful innovation – pushing the boundaries of existing categories to not just move technology forward, but to move people forward.While it doesn’t have the hardware that rivals flagship phones, the Microsoft Surface Duo is more about the capabilities. It’s definitely not for everyone and has a very targeted audience.The Surface Duo will launch September 10 with a $1,399 starting price. It supports 4G networks for AT&T, Verizon, and T-Mobile. Pre-orders are available now at Microsoft’s website.