Yellowstone Computing
(715)-669-6136
  • Home
  • Services
  • Support
  • Contact
  • Blog
  • About
  • Reviews
  • Repairs

Spectre and Meltdown Exposed

3/1/2018

 
Picture
Severe design flaws in modern CPUs were recently discovered and made public. These flaws put users and businesses alike at risk of attacks known as Spectre and Meltdown, where private data can be called up and stolen. Chip manufacturers including Intel and ARM have responded by working with software developers to correct the flaws, however these fixes are affecting computer performance. Discover exactly how this vulnerability works, how you’ll be impacted, and what you can do to protect your systems.

What Are Spectre and Meltdown?

 
In a bombshell report as we entered 2018, researchers revealed that nearly every computer chip is affected by a set of vulnerabilities called Spectre and Meltdown. The impact is so widespread because it’s not a software issue from one developer, it’s a flaw in the way computer chips were designed. All devices, including those made by Apple, Microsoft, Google, Amazon and others, share a similar chip structure. What’s more, the flaws extend to servers, including Amazon Web Servers and Google Cloud.

How Do They Work?
Your computer’s CPU (its brain) does something called “speculative execution”. It’s part of the way processors were first designed, over 20 years ago. When your computer notices you do a task often, it tries to complete that task in the background, so it’s ready before you need it. This speeds up your experience and makes your work easier.
Imagine strolling into your local coffee shop where they know your order is the same every day. Eventually, they anticipate that you’ll be arriving at 8am sharp and have your coffee ready on the counter. However, if you change your mind and decide to order something else, they’ll need to throw that coffee away.
 
Your CPU is doing the same thing. It’s loading information like your credit card number or passwords, ready for you to do your usual tasks. If you change your routine and that information isn’t needed, your CPU throws it away. Just like at the coffee shop though, the trash doesn’t disappear immediately, so your credit card number and password are simply sitting there in a section of memory called the ‘cache’, waiting to be cleared away.
 
The Spectre vulnerability allows attackers to trick the processor into performing these speculative operations (loading up your private data), so that Meltdown can scoop it up from the trash.
 
How You’ll Be Impacted
Fortunately, this vulnerability isn’t easy to exploit, and there have been no known attacks as yet. However, when the researchers went public with their discovery, it also alerted hackers to an opportunity. For them to get access to your system at this level though, they would first need to infect your computer with malware.
 
Developers Are Releasing Emergency Updates
Most major companies such as Google, Apple and Microsoft were able to issue security updates before the flaw was announced. They’re also working closely with Intel, ARM and AMD, the main chip manufacturers, to mitigate the problem via software.
 
Recall how the flaw exists due to speculative execution, a process designed to speed up your computing experience? The patches and updates are changing the way your CPU uses memory, essentially putting the brakes on this shortcut. Developers are aware that slowdowns will occur but aim to keep the impact to a minimum. Windows 7 and 8 computers will be the most impacted, but Windows 10 is safer from Spectre and Meltdown. Microsoft was quick to release updates for Windows 7, Windows 8.1, Windows 10 and various Windows Server versions. Updates for older operating systems and are not being released.
 
How You Can Stay Protected
Antivirus
As any attack will first need to come through malware such as viruses, be extra vigilant with your virus protection. Update your antivirus software regularly and set your system to run full scans each week. Likewise, keep an eye out for phishing links that don’t look quite right.

Run All Updates
While nobody likes the idea of their computer slowing down, not even a fraction, it’s better
than having your credit card details or passwords stolen by a hacker. Be sure to run
updates as soon as they are released.

Update Firmware
Microsoft has advised that patches and updates aren’t the complete fix to the Spectre and   Meltdown vulnerabilities, suggesting you also update your BIOS and firmware. As this can be a tricky process, we recommend that only trained technicians do this.
Upgrade Your System
If your system is too old and won’t receive an emergency update, you’ll need to upgrade. This might mean switching to a newer smartphone, faster CPU or supported operating system.
 
Where to Now?
As dire as it all seems right now, this flaw has been around for over 20 years. The sky isn’t falling and there’s no reason to panic. Remember, there have no known instances of a Spectre/Meltdown attack yet, the tech world is simply closing ranks against hackers to ensure your risk is minimized. Developers and manufacturers are working together to help protect your system, and so are we. You’re in good hands.
 
Our Service Plans can help keep you safe from Spectre/Meltdown.
Call us today on 715-255-0325 to discuss.

Comments are closed.

    Yellowstone Computing

    To read about us, click here!

    Archives

    December 2021
    September 2021
    August 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    November 2016
    October 2016
    December 2015
    September 2015
    July 2015
    May 2015
    April 2015
    March 2015
    February 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    August 2014
    July 2014
    June 2014
    May 2014
    April 2014

    Categories

    All

    RSS Feed

Visit Us!

What Our Clients Are Saying

Joe is really in tune with what our business needs are... what a great guy with amazing skills... - Grassland Veterinary Service

Yellowstone Computing goes above and beyond for their customers! Joe is very knowledgeable and will go the extra mile to make sure his customers not only get what they asked for but also makes sure they are taken care of for many years to come! Between the great business services they provide and their involvement in the Thorp Chamber I'd highly recommend doing business with Yellowstone Computing! Whether you are an individual looking for computer or other technology help or a large employer who needs to either supplement your current IT support or completely outsource it Yellowstone Computing should be one of your first calls! - Justin Z.