Don’t install Intel’s patches for Spectre and Meltdown chip vulnerabilities.
Intel on Monday warned that you should stop deploying its current versions of Spectre/Meltdown patches, which Linux creator Linus Torvalds calls ‘complete and utter garbage.’
Spectre and Meltdown are security vulnerabilities disclosed by researchers earlier this month in many processors from Intel, ARM and AMD used in modern PCs, servers and smartphones (among other devices), which could allow attackers to steal your passwords, encryption keys and other private information.
Keeping these problems in mind, Intel has advised OEMs, cloud service providers, system manufacturers, software vendors as well as end users to stop deploying the current versions of its patches until the chip giant develops ‘a solution to address it.’
“We have now identified the root cause for Broadwell and Haswell platforms, and made good progress in developing a solution to address it,” Intel said in a press release published on Monday.
“Over the weekend, we began rolling out an early version of the updated solution to industry partners for testing, and we will make a final release available once that testing has been completed.”
Linus Torvalds Calls Intel’s Meltdown/Spectre Patches ‘Garbage’
Meanwhile, in a public email conversation, Linus Torvalds complains that he is not happy with the Intel’s approach of protecting the Linux kernel from Spectre and Meltdown flaws, saying:
“They do literally insane things. They do things that do not make sense… I really don’t want to see these garbage patches just mindlessly sent out. … I think we need something better than this garbage.” Torvalds said.
Intel patches require users to manually opt-in and enable the fix while their computers boot up when the security patches for such a critical flaw should be applied automatically.
It’s because the ‘Indirect Branch Restricted Speculation’ or IBRS—one of three new hardware patches offered as CPU microcode updates by Intel—is so inefficient that it would result in widespread performance hits if rolled out worldwide.
So in other words, to prevent bad performance in benchmark tests, Intel is offering users to choose between performance and security.
New Intel patches will be available soon. Stay tuned.