GLENDALE, CA, September 11, 2018 – In mid-August, Intel Corporation announced a first round of patches to counter Foreshadow/Foreshadow-NG, a weakness in chip design that could allow an attacker to access encrypted data being held in an isolated area of the chip meant to keep sensitive information out of the reach of other software, including malware. With Foreshadow, the data in a supposedly secure enclave could, in theory, be copied elsewhere and then accessed. Foreshadow-NG might also be used to read information stored in other virtual machines running on the same third-party cloud, presenting a risk to cloud infrastructure.1 “There’s no evidence that anyone has actually exploited this design flaw,” says James D’Arezzo, CEO, Condusiv Technologies, “and Intel, Microsoft, and other vendors are rapidly developing security patches.”2 D’Arezzo, whose company is a world leader in I/O reduction and SQL database performance, adds, “However, many of these security patches can significantly degrade system speed and performance.”
Problems with microcode security patches emerged early in the year, when the computer industry began reacting to a pair of chip design weaknesses called Meltdown and Spectre. By late January, according to Spiceworks, a professional network for people in the IT industry, 70% of businesses surveyed had begun patching against the flaws. Of those, 38% reported experiencing problems with the fixes, including performance degradation and computers crashing. The study also found that of the 29% of large companies who expected to spend more than 80 hours addressing the issue, 18% expected to spend more than $50,000 to fix them.3
Then came Foreshadow, which, according to security researchers, could affect all Intel hardware released after 2015. Researchers also note that users will mostly likely not be able to detect if they have been affected by the new attack, as Foreshadow does not leave traces. Intel has already released a patch that it says will stop the issue, and says that future processors will be tweaked in order not to be affected by Foreshadow.4
Per D’Arezzo, this is simply part of doing business in today’s computer industry. Vulnerabilities and flaws are inevitable. They will keep emerging, companies like Microsoft and Intel will continue to generate patches for them, and users will continue to struggle with poor performance.
An invaluable tool for these users is input/output (I/O) reduction software, which works steadily in the background, optimizing the flow of data in and out while situations change around it. Condusiv is the world leader in this area and users of its software solutions can more than double the I/O capability of storage and servers, including SQL servers, in their current configurations.
About Condusiv Technologies
Condusiv® Technologies is the world leader in software-only storage performance solutions for virtual and physical server environments, enabling systems to process more data in less time for faster application performance. Condusiv guarantees to solve the toughest application performance challenges with faster-than-new performance via V-locity® for virtual servers or Diskeeper® for physical servers and PCs. With over 100 million licenses sold, Condusiv solutions are used by 90% of the Fortune 1000 and almost three-quarters of the Forbes Global 100 to increase business productivity and reduce data center costs while extending the life of existing hardware. Condusiv Chief Executive Officer Jim D’Arezzo has had a long and distinguished career in high technology.
Condusiv was founded in 1981 by Craig Jensen as Executive Software. Jensen authored Diskeeper, which became the best-selling defragmentation software of all time. Over 37 years, he has taken the thought leadership in file system management and caching and transformed it into enterprise software. For more information, visit https://www.condusiv.com.
Follow us on Twitter and Like Us on Facebook
- 1. Dunn, John E., “‘Foreshadow’ flaw found in Intel CPUs-what to do,” Naked Security, August 17, 2018.
- 2. Allan, Darren, “Windows 10 gets Intel’s patches for worrying new Foreshadow flaw,” TechRadar, August 23, 2018.
- 3. Larson, Selena, “All computers are flawed-and the fix will take years,” CNN, January 26, 2018.
- 4. Moore, Mike, “Intel reveals more major chip security flaws,” TechRadar, August 15, 2018.