Friday, 5 January 2018

"Meltdown" & "Spectre" are in the news. What are they and what should you do about them?

So, Happy New Year. Unhappily new viruses are again in the news.

You may well have heard about "Meltdown" and "Spectre" which have been mentioned on the news recently. Just yet another virus scare? Not really, this time it's quite serious.

What are they?

These two bugs, flaws, vulnerabilities (call them what you will) are related, which is why the news programmes have lumped them together.

Effectively both of them can compromise the security of the main "Central Processing Unit", or CPU, in a computer device; (Server, Desktop, Laptop, iPad, Tablet, Smartphone, Toaster, Heating Controls, Smoke Alarm, CCTV) - all of these and many more contain a CPU, also known as a Processor.

The main difference appears to be that Meltdown affects only Intel Processors, whereas Spectre affects all Processors.

Why does it affect me?

Computers are built as a compromise. Manufacturers want to make computers that are as fast, as secure and as cheap as possible. But, effectively, you can only choose to have any 2 of the 3. As consumers we have been demanding fast and cheap, so that's what the manufacturers have built and sold to us.

Sadly, this means that security has been somewhat compromised. In any computer device the CPU has to deal with all of the data traffic. That obviously must include a lot of very sensitive data, such as passwords, online banking details, etc etc.

The CPU should be built to separate the data that is created by each piece of software, so that any piece of software only gets to see its own data. Had security been a greater criteria for CPU makers, they would have had to sacrifice some speed or to increase costs. They didn't do so.

So what?

So a malicious piece of software, such as a virus, could take a look at data from a legitimate programme and steal that information. As all data passes through the CPU it has now been discovered that such data may be at risk of being read.

Why do we only know this now?

Computers, and the manufacturing process of CPUs, are still very much an on-going science. Even though we have had personal computers since the mid-1990's it is still a fairly new science, and one which is hurtling ahead at breakneck speed. It would seem that the CPU manufacturers have not really been paying as much attention to security as they should have been doing, (see cheap, fast, secure above).

What can I do now?

The major software companies, such as Microsoft and Apple, are bringing out patches to their operating systems to combat the problem. But, such patches may cause their own issues with some software already installed on your computer. This is likely to especially be the case with anti-virus software. You should check with your anti-virus company whether, or not, their software is compatible. (We are Webroot Anti-Virus suppliers and this is compatible.)

Also, the CPU makers will be releasing "firmware" patches, to improve the way their hardware acts. You should check with the support website of your computer manufacturer, to see if they have any "Driver" updates for your computer - especially any "BIOS" updates. 

These may not be available immediately as it can take some time to produce such patches. They need rigorous testing to ensure they don't cause more problems than they solve. So you should check every week or so for the next couple of months.

It is thought that any patches which affect the way that the CPUs work are likely to slow down the computer, by anywhere from 5% to 30%. I would think that the cheaper the computer, the greater the effect will be.

How can The IT Dept help?

Call us, if you're based in Lancashire, and we can arrange audits of your IT equipment to see what is likely to be vulnerable and to carry out the necessary checks for updated drivers, etc.




Call us now on 01257 42 92 16 
or see our website at https://the-it-dept.uk

Keeping IT Simple!

____________________________________________________
The IT Dept offers computer support services in Lancashire, including Monthly On-Site or Remote Support Contracts; Secure Online Data Backup; Domain Hosting; Server and Desktop Sales; Software Supply & Installation. We cover all of Lancashire, including Chorley, Preston, Blackburn, Darwen, Bolton, Wigan, Blackpool, etc.
© Michael Donkin 2018