Meltdown and Specter security issues

Meltdown and Specter are really serious hardware vulnerabilities in very, very many modern processors. There is no one hundred percent protection against them. It is best to install updates for all-all programs, firmware, OS and drivers and hope that these vulnerabilities will not affect you. These are really such serious vulnerabilities that they had to come up with their own "brands" to facilitate the promotion and dissemination of information about them. At the moment, these are perhaps the most serious problems in the field of information technology, if not in the entire history of IT.

/G_Overview/E_Meltdown and Specter security issues

What is affected by these vulnerabilities?

The researchers state that vulnerabilities in one form or another are present in many processors released since 1995. In particular, AMD, ARM, Intel and IBM products have problems. Products of other companies, such as NVIDIA, are also indirectly affected. The exceptions are Intel Itanium processors (you have hardly ever encountered them at all) and old versions of Intel Atom (before 2013), as well as processors "Baikal", "Elbrus", MIPS, RISC-V, SPARC.

What devices are at risk?

It is difficult for a layman to tell which devices are vulnerable, so it is best to suspect all of them just in case. In general, almost all computers, laptops (and their descendants, netbooks, chromebooks, ultrabooks and all other "beeches"), tablets, smartphones, NAS or DAS, set-top boxes and even modern smart TVs, as well as servers and a bunch of other equipment. In general, almost all "smart" equipment that surrounds us more and more can be vulnerable.

What are the essence of these vulnerabilities?

Without going deep into the technical details, these vulnerabilities allow some programs to steal information from other programs without permission and completely invisible to everyone. In the case of Meltdown, we are talking about stealing data right from the very core of the operating system, the most protected software component, where no one, in theory, has the right to intrude. But since the vulnerabilities are exactly that hardware, it is possible to do this. In the case of Specter, everything is at first glance simpler, since it only concerns the communication of programs among themselves, and not with the OS kernel. But in practice, Specters are the most dangerous now, because they are much more difficult to counter than Meltdown.

Why are these vulnerabilities dangerous?

The fact that your important data can potentially be stolen: passwords, banking information, personal data, and so on. Information security companies have seen a sharp increase in the number of malware samples attempting to exploit Meltdown and Specter. The account goes into the hundreds! Moreover, the user does not even need to download and / or install something - there are options for attacks that work directly in the browser, that is, it is enough to go to the website. Even familiar sites may contain malicious blocks (advertising, for example). In addition, now there are many applications that mimic real programs, but in fact also work in a specially created browser. So it's still worth installing protection against Meltdown and Specter, but it's up to you.

How to protect against Meltdown and Specter on Linux, iOS and Mac OS, Android?

Apple users are the most fortunate - to ensure security, they need to update the operating system on all devices to macOS 10.13.2, iOS 11.2 and tvOS 11.2 (or older), and update Safari to at least version 11.0.2. Alas, old devices that have not received their OS updates to these versions will remain vulnerable.

The situation with Android is much worse. Operating system fixes are released by device manufacturers. And they do not always update the OS on devices on time, and patches for devices older than a couple of years appear very rarely. So they will also remain vulnerable. You can check for updates, as a rule, in the settings, in the About section: "About the device" or "About the phone / tablet". Sometimes there is also a separate built-in program called "OS Update" or something else in the same spirit.

If you use Linux, then you probably already know that you need to update the kernel to version 4.14.11 and older, and at the same time update all other programs with drivers.

How to protect against Meltdown and Specter on Windows?

The situation is more complicated here. Updates were released only for Windows 7 SP1, Windows 8.1 and Windows 10, as well as for Internet Explorer and Edge browsers. If OS updates are enabled, then they have probably already been installed. But just in case, you can check. In Windows 7, in the Control Panel, you need to select the Windows Update item, in the left menu click Search for updates, wait, select all updates with checkmarks and install them. In Windows 10, in the Start menu, in the Settings section, select Updates and Security and also check for patches. It is also advisable to enable the update function for other Microsoft products, if this has not been done previously.

What else needs to be done to defend against Meltdown and Specter?

For older versions, almost certainly no firmware or BIOS / UEFI updates will be released. But it is still worth looking for information on the official websites of manufacturers somewhere in the sections News, Support and Downloads. Alas, there is no simple recipe. This applies in general to all your "smart" devices.

In addition, regardless of the device and OS, it is highly desirable to install and / or update the antivirus. All other programs, especially browsers, should also be updated to the latest version. It is advisable to do this before installing updates to the OS itself - to avoid compatibility problems. Among other simple protection measures, you can, as usual, recommend not visiting unfamiliar sites, installing an ad blocker, and not downloading or running files from unknown people or from suspicious sources.

Google Chrome also has an experimental feature to help protect against Specter. To enable it, go to the settings section (address chrome://flags/), enable the Strict site isolation option and restart the browser.

×
Сделать репост:
Back call
© 2021 EasySite
Информация на сайте представлена в ознакомительных целях и не является публичной офертой
На сайте используется cookie и определяется ваш IP-адрес для сбора статистики о посещаемости страниц сайта
Control panel