Meltdown and Spectre are definitely the stars of this start of the year from a computing perspective. We are talking about the bugs that have literally invaded the world of processors. At first it seemed that the problem in question only affected Intel processors and then spread to billions of devices, including chips in smartphones and cars. The flaw found would allow a program to be written to access the computer’s virtual memory by collecting passwords and information about running processes and applications.
Meltdown is the bug that affects Intel processors: a patch has been released in this regard, but it seems to be the cause of slowdowns (from 5% to 30% on processors produced before 2015), as to circumnavigate the risk of exposing sensitive data hidden in system memory, the processor makes a longer turn and, therefore, takes longer to perform the same operation. Spectre, on the other hand, affects all processors and depends on a design flaw that the chip-maker world has been carrying around for more than 20 years. There is currently no solution for Spectre other than rethinking the way processors are designed, which could take up to a decade.
Resorting to patches, however, is only the first step in defending computers against a possible hacker attack aimed at digging into system memory. A firmware update from processor manufacturers will also be needed. It is therefore a general mobilization that has led Microsoft to organize also a guide so that users can verify that all the main protections against this security problem are active. The main precautions that the Redmond-based company recommends taking are:
- make sure to use a supported anti-virus when installing system or firmware updates;
- apply all available system updates, including the January 2018 security updates;
- apply the firmware update provided by the manufacturer of the device in use.
Starting tomorrow, Tuesday, January 9, Microsoft patch KB4056892 will be available for all Windows 10 users. At a later date this patch will also be made available for Windows 7 and 8.1. However, as anticipated earlier, this is not the only countermeasure to be taken to curb the problem. As far as the installed anti-virus is concerned, as suggested by Microsoft, it is advisable to check its compatibility with the patch: currently, compatibility has been verified with anti-virus programs such as Avast, Avira, EMSI, ESET, Kaspersky, Malwarebytes, Microsoft and Symantec.
News is being updated.
Sara Avanzi