The Rise of Spectre and Meltdown
January 20, 2018
Along Came A Spectre
Unless you have stayed away from all things technology in the last month, you likely have heard about the recent computer flaws discovered by researchers at Google and Rambus (among others). The flaws have been cleverly code-named ‘Spectre’ and ‘Meltdown’, and other than loving how cool those names are, I am here to say that this is not great news. Though the name ‘Spectre’ sounds just cool enough to be intriguing (“Hello, Miss Moneypenny!”), the ‘Meltdown’ moniker leaves nothing to the imagination: total world annihilation, lock up your children, shred the documents and find an underground shelter! Ok, ok...maybe I’m blowing things out of proportion. However, this is a serious development. The two flaws are being labeled by many authorities as “two of the worst security threats we’ve ever witness.”
Let me quickly explain what’s going on...
[Tip: If you are all caught up on Spectre and Meltdown, jump to our “Tips” section at the bottom of this blog, which will tell you how to deal with this. Even better, book an appointment so that we can make sure your computer is updated and is protected]
What it is:
At first glance, Meltdown seems like the more serious of the two problems because it affects all devices that contain Intel processors, aka ‘chips’. “Wait, doesn’t Intel provide processors for almost all computers in the world”? Yep, exactly. Practically all computers...in the whole wide world. However, while Meltdown affects Intel processors only, Spectre affects all modern processors. (Think of processor as being similar to the engine of a car...without it, it’s just a box) The list of devices at risk include all modern Macs, PCs, iPhones, Android phones, iPads and Apple TVs (the Apple Watch is not affected). And though most computer makers have provided fixes for these flaws, many of those fixes can slow down your computer dramatically, sometimes by up to 30%. Without getting into the nitty-gritty of what is at risk, I will just say this...these vulnerabilities can allow a nefarious program to access your data, such as passwords, emails, documents, photos, etc. Everything. All of it. The whole shebang (but don’t fret...there are ways to protect yourself..keep reading!).
A computer is made up of two main components: hardware & software. Hardware is something you can touch, like the screen or the hard drive or the keyboard. Software is the code that displays your Word document, photos and screensaver. Here is why this is a big deal: Meltdown and Spectre are hardware based flaws, meaning, these flaws are located on a physical part of the computer or device. The only way to truly fix the flaw is to replace that part of the computer. However, computer makers don’t yet know how to make the “non-flawed” part, and it could easily take years to develop. Think of it this way: Imagine that someone discovered that automobile tires had a major design flaw that could cause all cars to crash, and that flaw was because the tire was round. In order to fix that, you’d literally have to reinvent the wheel. That’s sort of what’s going on here. It’s not an easy fix.
There is some good news. There have been no reported instances of hackers using the Meltdown or Spectre vulnerabilities. Yay! Also, Apple, along with all other major computer makers, has already released updates to all of its devices to address this vulnerability. Double Yay!! A positive for Apple users is that they do not need to worry about an impact on performance. According to Apple, Meltdown will have no measurable reductions in performance on Macs, iPhones or iPads after you run Apple’s updates. Also, consider this: this ‘hack’ can’t just happen randomly. You, or someone who has control of your computer, must download or install software from the bad guys in order for the scary stuff to happen. Therefore, you are still in full control of your computer safety, as long as you are aware of what to look out for.
How does it happen?
Imagine this: If someone comes to your door and asks to come in, you have a choice of whether to let them in or not. If you trust them, you will let them in. If you don’t, you won’t let them in (and in our scenario, they can’t force themselves in). However, what if someone pretends to be a friend, or pretends to be a friend of a friend, and they want to come in? If you think the person is telling the truth, you will likely let them in. But if you let them in and later find out they were lying, now you could be in trouble (think Philip Seymour Hoffman in Mission Impossible 3 tearing off his skin-mask to reveal that he’s really Tom Cruise!...oh...sorry...spoiler alert) This is how you have to view your computer now, always making sure that any program you install or download is a “friend”. In the past, if you downloaded a malicious program on your Mac, the consequences were generally minor and more annoying than anything (lots of pop-ups...ick!). Spectre and Meltdown make the consequences of being wrong far more dangerous. Hackers could gain access to anything they want.
How to fix it:
Funny you should ask! Below are our tips for all computer users. Note: some of these tips will sound familiar to any of you who have had us in your home or business before. In fact, some of you will be rolling your eyes knowing that we've been preaching these tips for years!...YEARS, I SAY!...and now, we finally have a potential worldwide computer meltdown (pun intended) to back us up!!
Too soon? ;-)
1) run your updates (yes, even those of you who hate updates and who are terrified that updates will ruin your computer...do it. The alternative is...a melt down.
2) don’t install apps or programs unless you are 100% sure they are safe (when in doubt, call, email or text us. We’d even accept a carrier pigeon message...which would be really cool)
3) don’t click on links in emails unless you are 100% sure they are safe or legitimate (or make sure you have your gas mask on before you click….KIDDING!).
4) update your passwords. UPDATE YOUR PASSWORDS!! (Sorry, my cat stepped on the SHIFT key). But seriously...update your passwords. All of them. Do it. It’s really important.
5) CALL US and book an hour maintenance appointment so that we can make sure your computer is updated and protected. If all, part, or even none of the above is daunting...get in touch with us!
We can help with all of these things and talk through how to stay safe in this dangerous online world. The steps you need to take are not difficult, and you can live your life normally. But they are important steps.