Nearly every computer manufactured in the past 20 years is affected by Meltdown and Spectre, two momentous computer bugs. And the rollout of the patches is not going well, leading an expert in the field to say it will take years for full implementation.
Fixes for Processor Flaws a Long Way Off
One of those experts is Paul Kocher, who was part of the research team that discovered Spectre. He told Selena Larson of CNN Money, “If you look at how long it’s going to take for all of the relevant software on your PC, including the drivers and such are updated, you’re probably looking at many years before that process is done.”
Small businesses that rely on computers for their daily operations don’t have years. So the questions are what are these bugs, how vulnerable is your computer and are the patches working?
What are Meltdown and Spectre?
Explaining Meltdown and Spectre is a bit complicated. But basically, here is what takes place. When the processor on your computer performs speculative execution and caching, the data is supposed to be isolated and protected.
Speculative execution is used by computer chips to essentially predict the future enabling them to execute functions faster. It starts working on probabilities before you make a choice by tackling multiple logical branches.
Caching is used to speed up memory access by using a small amount of memory storage called CPU cache. Because it lives on the CPU and speculative executions are also stored in cache, issues with protected memory arise.
If this vulnerability is exploited, hackers can gain access to data which until the discovery of these bugs was deemed protected.
You can take a look at the video by RedHat to get another perspective on the bugs.
Affected Computers
The flaw in the processors goes back 20 years so most if not all brands will be affected. Intel did introduce a fix but later warned computer companies to wait before implementing the patches. Microsoft, Apple, Google, and Firefox have issued fixes so you can go to their sites and get more information by clicking on the name of the respective company.
If you want a more detailed explanation, the Google Project Zero team has the information here.
Photo via Shutterstock
Steve jarvis
Hi, You may not be aware that the Spectre issue requires that you update the BIOS of your computers’ motherboard. Intel the CPU manufacturer is creating the microcode that will form the basis of the BIOS updates for the last 10 years worth of its CPU’s. However the motherboard manufacturers are showing signs of not providing BIOS updates for any but their more recent motherboards. If your readers have a completely functional but not really that new computer they could be in the position of not having a BIOS update being made available. That would be a disaster.
Without the updates millions of business machines could be left vulnerable to attack by script kiddies, criminals and even dangerous governments. I think that pressure needs to be applied to the motherboard manufacturers to step up to the plate and provide BIOS updates for older equipment.
Regards Steve Jarvis
Michael Guta
Hi Steve,
Thank you very much.