CRN Exclusive: Intel Bests ARM and AMD For Its Spectre, Meltdown Exploit Response


Solution providers are applauding Intel for its response to the Spectre and Meltdown security flaws – including more support and patching services over competitors ARM and AMD, according to an exclusive CRN survey.

"Intel is trying to give its partners as much information as possible in a way that can't be matched … we think that they have continued to handle this in the right way," said Michael Goldstein, president and CEO of Fort Lauderdale, Fla.-based LAN Infotech.

According to the CRN survey, 17 percent of respondents said that Intel's response to the Spectre and Meltdown security flaws was "excellent," while only 9 percent gave AMD such high marks and 4 percent had the same response for ARM.

[Related: HP Is Bringing Apple's iPhones, iPads And MacBooks To Its Device-As-A-Service Offering]

CRN conducted an online poll of 190 members of the CRN Channel Intelligence Council, a panel of solution providers representing the broad channel ecosystem in North America. In the survey, solution providers ranked the vendor responses to the Spectre and Meltdown vulnerability issue on a scale of one to five, with five being the top mark, or "excellent."

A full 28 percent of survey respondents rated Intel's response as a "4" or "good" while 22 percent had the that description for AMD and 12 percent had that rating for ARM.

Intel partners had high praise for Intel's support, technical and patching services in the wake of the Spectre and Meltdown security flaws, which were revealed in January and have impacted chips from multiple vendors, including Intel, AMD and ARM.

The flaws, which account for three variants of a side-channel analysis security issue in server and PC processors, potentially could enable hackers to access protected data.

Intel has worked to issue patches for these exploits, but the company in January acknowledged that some companies are reporting reboot issues with both older and newer chips – including Skylake chips – for both client compute and data center after they patched their devices.

Most recently, the Santa Clara, Calif.-based company opened a Bug Bounty program focused specifically on side channel vulnerabilities through Dec. 31, 2018 – with an award for disclosures up to $250,000.

AMD, meanwhile, first claimed in January that there is currently "near-zero risk" to its processors related to the Spectre and Meltdown security flaws. However, the company later reversed its statement, acknowledging that two variants of the Spectre vulnerabilities apply to its processors and that it will issue microcode and OS patch updates to protect customers.

On ARM's end, the chip design company said that the "majority of ARM processors" are not impacted by Spectre and Meltdown. However, the company said that exploits are dependent on "malware running locally which means it's imperative for users to practice good security hygiene by keeping their software up-to-date and avoid suspicious links or downloads."

Partners said that Intel's communication was key to the vendor being the most helpful, particularly as the channel is emerging the trusted advisor between manufacturers and customers in the fallout of Spectre and Meltdown.

"We're staying in touch with our Intel reps, and as soon as we hear something from them, we're going back to our customers," said Barrett Lamothe, federal sales team lead at MicroAge, a Tempe, Ariz.-based Intel partner. "Intel has been extremely easy to work with, and has been transparent with the channel through this process. We know that they have all their security guys working on this issue."

Intel declined to comment. ARM and AMD did not respond to requests via email for comment.

Partners also cheered Intel CEO Brian Krzanich's pledge to release processors later this year aimed at eliminating the threat posed by the Spectre and Meltdown exploits.

"Intel did the right thing assuring shareholders and partners that they were 'security first' and announcing that they would replace their technology so customers don't have to worry about the security flaws," said Goldstein.

One partner, who wished to remain anonymous, said that Intel has "been communicating very well" with the channel – but all chip manufacturers could do a better job in being transparent with the public.

"The channel's role so far has been to talk with our customers about this," said the partner. "I think the channel can say things that Intel and AMD cannot. We have been working with vendors on some patches, but the real threat right now is more about consumer confidence."