Meltdown and Spectre: What you need to keep your computer safe
Intel said: “Check with your operating system vendor or system manufacturer and apply any available updates as soon as they are available. Following good security practices that protect against malware in general will also help protect against possible exploitation until updates can be applied.”
“There’s the potential that applying the patches could impact the performance of the machines,” Honan said, noting that older machines or those already under a lot of pressure may be particularly affected.
He described the situation as a “Catch 22″ as people won’t know if their device’s performance has been affected until they install the patch.
However, Honan said the pros of installing the patches outweigh the cons, stating: “This issue is so widespread it’s only a matter of time before it’s used in attacks.”
Some researchers have said any fix could slow down computer systems by 30% or more. Responding to this, Intel said: “Any performance impacts are workload-dependent, and, for the average computer user, should not be significant and will be mitigated over time.”
Last year, Google’s Project Zero team discovered serious security flaws caused by a technique used by most modern processors to optimise performance.
Researcher Jann Horn demonstrated that malicious actors could take advantage of the technique, known as speculative execution, to read system memory that should have been inaccessible.
In a statement, Google said: “For example, an unauthorised party may read sensitive information in the system’s memory, such as passwords, encryption keys or sensitive information open in applications.
“Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.”
How to Protect Yourself From Meltdown
The Meltdown flaw, luckily, is already being patched by companies like Microsoft and Google. To ensure you’re up to date, follow the instructions for your operating system.
has already released an update for Windows 10 patching the vulnerability, and is releasing patches for Windows 7 and Windows 8 soon. If you’re having trouble installing the automatic security update, Microsoft suggests your anti-virus might be the culprit. If so, turn off your anti-virus program and use Windows Defender or Microsoft Security Essentials (or edit your registry
if you’re confident you won’t mess it up). If you’re on Windows 10
, chances are you’ve either automatically downloaded the update, or are scheduled to update on a set schedule. Advanced users can check if they’re affected by running Microsoft’s verification test in your command line
: While Apple has yet to comment on the flaw, Alex Ionescu
, Windows security expert, noted a fix was present in a new 10.13.3 update
: Google Chrome
, Mozilla’s Firefox
, and Microsoft Edge have all updated or scheduled updates to patch the security flaw. You can update Google Chrome to its latest, patched version on January 23, or download Firefox’s latest update
: Android users running the most recent version
of the mobile operating system are protected, according to Google.
How to Protect Yourself From Spectre
While you can protect yourself from Meltdown, it’s harder to defend against the more invasive Spectre flaw. According to researchers
involved in discovering and reporting on the two exploits, software updates to patch particular flaws in Spectre are possible, though none are available yet, or are able to address the exploit completely without a redesign of the operating system and the microprocessor itself.]]>