SOLVED: Quick FAQ’s For Meltdown & Spectre CPU Vulnerabilities

Last week we provided a very quick explanation of the Meltdown & Spectre CPU flaws which you can read HERE.  However, much more is now known and so here are the current answers to Meltdown & Spectre Frequently Asked Questions:

spectre-meltdown-cpu-vulnerabilityWhat are Spectre & Meltdown?

Spectre and Meltdown are related security holes in nearly all CPU’s (including Intel, AMD and ARM).  They are HARDWARE problems and therefore apply to all operating systems (OSX, Linux, iOS, Chrome, Android and even Windows).

What is the difference between Spectre & Meltdown?

The difference between Spectre & Meltdown is which memory they expose (that could contain things like your financial data or your passwords or… anything else).  Meltdown exposes the Operating Systems ‘Kernel’ memory where are Spectre exposes other programs memory.

Are Spectre & Meltdown Viruses?

Spectre & Meltdown are NOT viruses and there is NO MALWARE TAKING ADVANCE OF THEM YET.  They are simply security holes in the CPU that a virus MIGHT take advantage of in the future.

Who Would Write A Virus For Specter & Meltdown?

In a word, Governments; only the Chinese, Russians, Americans, French, North Korean… governments have the time, money and skills required to take advantage of the flaws.  The problem is once the virus code is written and released by a Government (most likely trying to hack another Government), anyone can take the virus code and apply it to you.

I Have a Really Old Computer, Should I Worry?

Yes, these flaws have been baked into CPU’s for about 20 years.

When Will Spectre & Meltdown Be Fixed?

Because this is a HARDWARE flaw, the problem will always exist on existing hardware.  Intel, ARM, AMD, IBM and others will produce new CPU’s that do not have the vulnerability in the future, but for now the only work around is to have the Operating System (i.e. OSX, Windows 10, Android…) block access to the holes.

How can I Protect My Computer from Spectre & Meltdown?

Protecting your computer, cell, tablet… from this issue is still a work in progress as OS Patches are being developed.  Today the best you can do is to patch your PC, Mac, cell, tablet… a few days after your device tells you there is an update.

I Heard Some Meltdown & Spectre Patches Are Causing Big Problems, Whats That About?

Even though Microsoft, Apple and others have been developing work arounds for Spectre & Meldown for months, they have apparently not extensively tested them and some updates are causing real problems.  It is likely best to wait a few days (or even a week) before patching to let others ‘beta test’ the patches before you risk your PC.

Do the Meltdown & Spectre Patches Slow Your Computer Down?

Yes, Spectre & Meltdown patches will try to disable an important CPU function that makes it perform better.  It is expected that most PC’s are so overpowered that typical users (and even gamers) will not notice, but these patches will likely have a very notable performance hit on corporate servers (particularly database servers).

Is This Another Y2K Scare About Nothing?

This is exactly like Y2K; in both the Y2K and today’s Spectre & Meltdown scares, there is a very large problem that needs to be fixed quickly.  If everyone does their job, like we did for Y2K, nothing much will happen and people will ‘blow it off’ as just another Y2K fake security event; if this does not get fixed, Spectre & Meltdown will be ‘weaponized’ causing untold problems.

Is There a Short Video Explaining This?

This video explains the current Spectre & Meltdown situation at a reasonable level of technical detail:

.

Comments

  1. Avatar
    George April 24, 2018 at 2:44 am

    The question is, how in the world was that exploit around for 20 years without anyone discovering it?

Questions or Comments?