Spectre and Meltdown, One Very Large Technology Tragedy

in Technology

Meltdown, a vulnerability that primarily affects Intel and ARM based chips, and Spectre, a vulnerability that affects all processors, have been known about for 7 months.  They are, for the most part, the largest security vulnerabilities that have ever been exposed.

Rumors have been going around that Meltdown only affects Intel, ARM, and APPLE processors and not AMD.  It seems that AMD processors may still be affected as well, although only marginally so.

Meltdown (a CPU vulnerability)

For Meltdown, most people, after all firmware and kernels have been upgraded to prevent a possible hack, will only notice that their computer has become slower, at least on Microsoft operating systems.  Linux system administrators are already complaining about the performance loss as well, and Apple users aren’t immune either.  Meltdown affects every operating system that has an Intel processor generally speaking.

Meltdown basically is a security vulnerability that allows a hacker to see all of the content on the user’s memory.  Any server now can allow a hacker to “peek” into it’s memory and steal things like passwords, usernames, and keystrokes.  It basically takes advantage of how a computer stores both “kernel” and “process” information at the same time.  The fix separates the kernel information from the process information so that it isn’t all stored together and more vulnerable basically.

Spectre (a Browser vulnerability)

Spectre is a little different.  It allows a hacker to plant itself inside of a website, and steal passwords, usernames, and keystrokes, from the user’s memory.  This means users that find themselves on websites that are hacked, could have Java Script run in the background, and take memory from their computer.  Let’s say you just logged into your Amazon account, and then on a separate tab you went to an infected website; basically the hacker could have your logon information for the Amazon account, for example.

So What does it Mean?

Unfortunately, for the “Meltdown” vulnerability, if you have older hardware that was slow to begin with, you can expect it to get even slower.  In some workloads, 30% or more could be expected.  If you have an older operating system, like Windows 8 and Windows 7, expect it to be worse then Windows 10.  If your computer is newer or fast to begin with, I wouldn’t worry about it too much.  You probably couldn’t tell the difference if you are performing regular workloads, as long as you have hardware that has been successfully patched and safe from the vulnerability.

For the Spectre vulnerability, we can assume that in a few months or earlier, the most modern browsers like Google Chrome will be patched and be completely immune to Spectre.

To tell if your computer is able to implement the fix (or already has) and you have a Windows Operating System, follow the instructions at this site.

For Apple, it’s a little more simple, just go to this site and follow their instructions.