Meltdown and Spectre fixes cause problems – Understatement!
It’s been four weeks since one of the worst IT security vulnerabilities in history was announced, and consumers are still receiving mixed messages about how to protect themselves. We often encourage users to install software security updates as often as possible, but when it comes to Meltdown and Spectre, that advice comes with an asterisk.
Unsecured data storage
Spectre and Meltdown are the names given to two hardware flaws deep in the Intel, AMD, and ARM microprocessors, which are the brains of most PCs, Macs, Android, and iPhones. These vulnerabilities allow hackers to see any piece of information stored on your computer. Although slightly different in execution, both vulnerabilities take advantage of a hardware feature that computer chips use to access and store private information. For the last 20 years, security experts believed this information could not be stolen or spied on by malicious software, but that assumption was proven false on January 3, 2018.
Now that the Spectre and Meltdown vulnerabilities are public information, hackers can use them to create programs that steal passwords, social security numbers, credit card numbers, and anything else you type into your computer. Also, because these problems are hardware-based, none of the updates will be able to secure the vulnerable storage; they’ll simply prevent your computer from storing anything in these exposed areas.
Currently, there are patches for Windows, macOS, and Linux, as well as for Web browsers Chrome, Firefox, Safari, Edge, and Internet Explorer. There are also patches for the chip firmware itself, which are low-level programs installed on the processor.
If you’re using an Apple computer, these updates are relatively easy to install. Unfortunately, if you’re using a Windows or Linux-based computer, these patches may cause your machine to freeze, reboot unexpectedly, or significantly slow down.
Why should I wait to install the updates?
Intel, one of the chipmakers responsible for the Spectre and Meltdown flaws, has provided contradictory recommendations on more than one occasion. As recently as January 18, Intel recommended waiting for an updated patch, but in the same announcement also recommended “consumers to keep systems up-to-date.”
Experts believe detecting an attack that is based on one of these flaws will be relatively easy and represent an alternative to installing updates that could render your computer unusable.
What should I do?
IT support experts will be able to quickly and easily assess what is the best option for your computers. For example, I asked our Technical Manager at IntelliSystems, Chris Hurley, and he indicated that we can determine if your hardware will conflict with the current patches, and either install them, or set up a detection strategy that will help you mitigate the risks without ruining your computer.