If you follow the news you have probably already heard of the Meltdown and Spectre security vulnerabilities affecting a large portion of the processors used in computers, tablets and smartphones. But you may be asking yourself, what are they really? Am I at risk? What can I do about it?
What are Meltdown and Spectre?
No, they aren't James Bond movies (technically one of them was). Meltdown is an exploit that allows attacks to bypass the layer between applications and hardware to access the computer's memory. This allows data to be captured and exploited. Spectre on the other hand, allows hackers to trick applications into giving up protected information, such as a password.
Am I at risk?
If you use a PC, MAC, tablet or smartphone, the short answer is yes. It even affects servers both locally and hosted with popular services likes Amazon Web Services and Microsoft Azure. The only modern devices not affected are small devices like your internet connected treadmill or refrigerator.
Thanks for scaring me, so now what?
Update your devices! Security patches from Microsoft and Linux are already available. Most smartphone companies have also issued patches. Don't ignore them, don't delay them, update them!
But I heard these patches will slow my computer, is that true?
Yes, these patches change the way your processor talks to the operating system and memory. This adds another layer of complexity and will add a performance hit to most devices. How much will typically depend on how old the device is. For newer devices estimates are in the single digit percentage for performance degradation, while some older processors are showing as much as a 30% performance hit. This is not across the board though as different applications use memory and processor differently. So your you may not notice any difference in a lot of cases but things that require intensive reads or write to disk may slow a bit. Regardless, patching is worth the inconvience of slightly slower performance. You might want your computer to run faster, but you don't want to do it at the risk of having your bank account emptied because someone stole your account information.
Beringer Technology Group, a leading Microsoft Gold Certified Partner specializing in Microsoft Dynamics 365 and CRM for Distribution. We also provide expert Managed IT Services, Backup and Disaster Recovery, Cloud Based Computing and Unified Communication Systems.
For more information or help with patching your systems, please reach out to Beringer at 800-796-4854.