Breaking Down Spectre and Meltdown
By now, many of you will have heard about the Spectre and Meltdown vulnerabilities. But what exactly are they and how do they affect you? Our IT Specialist, Shane Doucette, has a brief overview of the Spectre and Meltdown issues and some steps for resolving them.
What are Spectre and Meltdown?
They are vulnerabilities in modern CPUs that allow a carefully created, bad-acting program to read computer memory that it shouldn't be able to. Normally, this computer memory is only accessible by the kernel (a special piece of software that acts as a central controller for everything in a computer system). These exploiting programs take advantage of the fact that a CPU pre-calculates code to speed up execution. As such, these programs give the CPU code to run that exposes pieces of the memory holding this pre-executed code.
What is being done?
Companies and groups that develop operating systems have known about this vulnerability and have been working quickly to patch their software to mitigate it. Apple, Microsoft, and the Linux kernel developers have all released patches in the past few days that address it. In order to do this, though, they had to write patches telling the CPU to NOT execute code ahead of time, trying to predict the outcome of branches. This means that, once patched, your computers and tablets may run a little slower than what you might be used to. For those that use their computer mainly for basic office documents, emails, and simple tasks, the slow down will not be as noticeable. You should also make sure that your web browsers and similar software is up to date as they will include important security patches preventing exploiting programs from reading kernel memory.
Here to Help!
Businesses should also ensure that the latest security patches have been applied to their servers (as we have already done for all our wonderful clients). Like your personal computers slowing down a little bit, you may also notice a slow down of some websites. Unfortunately, there's not a lot that can be done to offset the site slowdowns without considerable work or incurring costs. Chipmakers will be looking for ways to offset this issue, and to close the vulnerabilities, bringing hardware back to speeds we're used to.