Computer Security just got Crazier
Just yesterday tech news media started reporting on two very widespread computer security flaws in modern CPUs. The names for these vulnerabilities are Meltdown and Spectre. Patches for these vulnerabilities are being worked/released as of this writing, but how will they effect your computer? First let’s explain what these vulnerabilities are.
Meltdown is a vulnerability that is currently known to be unique to Intel Processors manufactured from 1995 to today, which make up a large portion of the PC and Server Markets. It breaks the protection between applications that the you use and your operating system. This lets anyone view the memory of other programs and your operating system, and thus any sensitive information. If your computer has a vulnerable processor and your operating system is unpatched, you should not work with sensitive information. Your antivirus in theory could be able to block this type of attack, but it is highly unlikely because a Meltdown attack is hard to determine from a regular application.
Although this sounds very scary, it should be noted that patches for this attack have already been released. If you are on Windows and macOS, you should already have an update or will be getting an update shortly. If you are on Linux ($CURRENT_YEAR is the year of the Linux Desktop), a patch is available here, or your distro will automatically push one to you. There is a catch to these patches, as they will slow down your computer. Performance loss ranges from 5%-30%. PLEASE UPDATE EVEN THOUGH THERE IS PERFORMANCE LOSS. The loss of performance is necessary to make sure your computer is secure.
Spectre is the largest reaching of the security flaws, as it theoretically affects every modern processor, including smartphone processors. This includes Intel, AMD, and ARM. There is a bit of good news to this vulnerability. It is harder to exploit than Meltdown. But this flaw is also harder to fix. Spectre works by breaking any isolation between applications, letting an attacker fool programs into leaking information. This works even on the most error-free programs. Patches are currently being worked on for this exploit.
What can you do
You are most likely affected by these security flaws. Best practices to minimize the damage to your computer security from these issues include checking for the latest security updates from your operating system as well as making sure your applications are updated. Having a managed services provider also helps tremendously. We at ActivPC proudly provide such services, and will help you minimize any downtime you experience from running these updates by scheduling them at times convenient to you. To learn more about our managed services, click here.
To learn more about the vulnerabilities discussed, the following links will be of use: