Virtualization Technology News and Information
Condusiv: Patches for CPU Security Flaws Can Affect System Performance

In mid-August, Intel Corporation announced a first round of patches to counter Foreshadow/Foreshadow-NG, a weakness in chip design that could allow an attacker to access encrypted data being held in an isolated area of the chip meant to keep sensitive information out of the reach of other software, including malware. With Foreshadow, the data in a supposedly secure enclave could, in theory, be copied elsewhere and then accessed. Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure. "There's no evidence that anyone has actually exploited this design flaw," says James D'Arezzo, CEO, Condusiv Technologies, "and Intel, Microsoft, and other vendors are rapidly developing security patches." D'Arezzo, whose company is a world leader in I/O reduction and SQL database performance, adds, "However, many of these security patches can significantly degrade system speed and performance."

Problems with microcode security patches emerged early in the year, when the computer industry began reacting to a pair of chip design weaknesses called Meltdown and Spectre. By late January, according to Spiceworks, a professional network for people in the IT industry, 70% of businesses surveyed had begun patching against the flaws. Of those, 38% reported experiencing problems with the fixes, including performance degradation and computers crashing. The study also found that of the 29% of large companies who expected to spend more than 80 hours addressing the issue, 18% expected to spend more than $50,000 to fix them.

Then came Foreshadow, which, according to security researchers, could affect all Intel hardware released after 2015. Researchers also note that users will mostly likely not be able to detect if they have been affected by the new attack, as Foreshadow does not leave traces. Intel has already released a patch that it says will stop the issue, and says that future processors will be tweaked in order not to be affected by Foreshadow.

Per D'Arezzo, this is simply part of doing business in today's computer industry. Vulnerabilities and flaws are inevitable. They will keep emerging, companies like Microsoft and Intel will continue to generate patches for them, and users will continue to struggle with poor performance.

An invaluable tool for these users is input/output (I/O) reduction software, which works steadily in the background, optimizing the flow of data in and out while situations change around it. Condusiv is the world leader in this area and users of its software solutions can more than double the I/O capability of storage and servers, including SQL servers, in their current configurations.

Published Tuesday, September 11, 2018 7:55 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2018>