Shortly after New Years, technology companies everywhere learned of the latest security vulnerabilities affecting possibly all x86 based processors, and definitely all recent Intel based CPU's.  The reason these threats are so dramatic is because these vulnerabilities effect information stored deep inside your computer and exposes it to a hacker.  These two threats have been dubbed Meltdown and Specter, and we're here to tell you everything you should know about these two bugs which effect nearly all computers.

How Does it Work

Official documentation has been released including names, logo's, and details were released by security researchers earlier this month.

These two vulnerabilities effect the computers Central Processing Unit (CPU), specifically adhering to the CPU's architecture.  The "architecture" of the CPU is how the millions of transistors, and logic units cooperate and and interpret instructions, essentially reading and writing all those ones and zeros.  In today's architectures there are certain spaces set aside in which data passes through in a raw, unencrypted way, such as in the system kernal, or in system memory set aside from other programs.

This data is supposed to be protected by powerful security measures which prevents programs from reading any of or interfering with said data.  Meltdown and Specter are ways in which researchers have been able to get passed these protections, exposing nearly all data the computer processes like passwords, encrypted messages, proprietary information, and more.  Meltdown specifically affects Intel processors by breaking the barrier which stops programs from accessing locations in the kernal memory that it shouldn't.  Specter works in a similar fashion, but effects multiple processors including Intel, AMD, and ARM.  This means that more than computers are effected, because devices like mobile phones and even baby monitors run one of those three types of CPU's.

The assumption going forward should be that all untested devices should be considered vulnerable, according to TechCrunch.

CPU's dating as far back as 2011, and potentially as early as 1995 have been tested and found to carry the vulnerabilities affected by Meltdown and Specter.  Because these vulnerabilities are at the CU level, it effects Mac OS X, Windows, Linux, Android, and typical software protections like Anti-Virus software can not protect against these issues.

How to Protect Yourself

Many software manufacturers such as Microsoft, Apple, and Google have already been slowly pushing out updates that are meant to help protect their OS's from falling victim to these vulnerabilities.  Although experts expect the updates to only partially fix the problems facing their operating systems, and the updates are expected to come very slowly.

If you are a Natural Networks Managed IT client, then the good news is we will automatically be patching your workstations and servers as updates become available.  If you manage your own systems, then watch out for updates as they become available and be sure to do them.

Unfortunately however, the fix is expected to cost your computer in performance.  The updates that address Meltdown specifically are accomplished by building a stronger barrier around the kernal.  Because the OS expects the kernal to act in a certain way, and that way will now be different, systems patched for Meltdown are expected to take a significant hit to performance.

The news regarding Specter is even more grim.  There is no expected fix for the Specter vulnerability, because it relates so fundamentally to the way the CPU works.  Researchers stated "While the stop-gap countermeasures described in the previous section may help limit practical exploits in the short term, there is currently no way to know whether a particular code construction is, or is not, safe across today’s processors – much less future designs."

What's to Come

A fix for Specter will essentially require a brand new way of designing the architecture of the CPU.  It will take a long time, and career professionals will have to throw away decades of computer science and CPU manufacturing standards to address the problems Specter has brought forth.  Optimistically speaking though, this is a chance to start fresh and build a new, amazing CPU that could push boundaries we once didn't think were possible.

We're looking forward to seeing whats to come, and how manufacturers will mitigate these problems in the future.  If you have any questions, or are interested in Managed IT with Natural Networks we encourage you to reach out to us today!