Last week we provided a very quick explanation of the Meltdown & Spectre CPU flaws which you can read HERE. However, much more is now known and so here are the current answers to Meltdown & Spectre Frequently Asked Questions:
Spectre and Meltdown are related security holes in nearly all CPU’s (including Intel, AMD and ARM). They are HARDWARE problems and therefore apply to all operating systems (OSX, Linux, iOS, Chrome, Android and even Windows).
The difference between Spectre & Meltdown is which memory they expose (that could contain things like your financial data or your passwords or… anything else). Meltdown exposes the Operating Systems ‘Kernel’ memory where are Spectre exposes other programs memory.
Spectre & Meltdown are NOT viruses and there is NO MALWARE TAKING ADVANCE OF THEM YET. They are simply security holes in the CPU that a virus MIGHT take advantage of in the future.
In a word, Governments; only the Chinese, Russians, Americans, French, North Korean… governments have the time, money and skills required to take advantage of the flaws. The problem is once the virus code is written and released by a Government (most likely trying to hack another Government), anyone can take the virus code and apply it to you.
Yes, these flaws have been baked into CPU’s for about 20 years.
Because this is a HARDWARE flaw, the problem will always exist on existing hardware. Intel, ARM, AMD, IBM and others will produce new CPU’s that do not have the vulnerability in the future, but for now the only work around is to have the Operating System (i.e. OSX, Windows 10, Android…) block access to the holes.
Protecting your computer, cell, tablet… from this issue is still a work in progress as OS Patches are being developed. Today the best you can do is to patch your PC, Mac, cell, tablet… a few days after your device tells you there is an update.
Even though Microsoft, Apple and others have been developing work arounds for Spectre & Meldown for months, they have apparently not extensively tested them and some updates are causing real problems. It is likely best to wait a few days (or even a week) before patching to let others ‘beta test’ the patches before you risk your PC.
Yes, Spectre & Meltdown patches will try to disable an important CPU function that makes it perform better. It is expected that most PC’s are so overpowered that typical users (and even gamers) will not notice, but these patches will likely have a very notable performance hit on corporate servers (particularly database servers).
This is exactly like Y2K; in both the Y2K and today’s Spectre & Meltdown scares, there is a very large problem that needs to be fixed quickly. If everyone does their job, like we did for Y2K, nothing much will happen and people will ‘blow it off’ as just another Y2K fake security event; if this does not get fixed, Spectre & Meltdown will be ‘weaponized’ causing untold problems.
This video explains the current Spectre & Meltdown situation at a reasonable level of technical detail:
.
This website uses cookies.
View Comments
The question is, how in the world was that exploit around for 20 years without anyone discovering it?