What can I do to protect my PC from the Meltdown and Spectre flaws?

The massive design flaw detected in computer processor and the manufacturers are working over night to fix it up. Still, there is no clear cut patches in this. There are two security holes detected in computer processors and only one hole is patched. The problem is that intel chips used in Windows and Mac computers makes it slower.

Slowly, it is evident that these flaws are not related to Intel chips alone but this also spreads to AMD and other computer chips. Two major security flaws shows in these chips and these are called as “Meltdown” and “Spectre”.

Meltdown and Specter security flaw:

Meltdown security flaw is related with specifically Intel processors and the most difficult is that it affects processors of previous years to the modern day Intel processors. Specter is the most fundamental security flaw in all chips beginning from Intel, AMD and ARM. It demands overhaul making of CPU’s and the most console part is that it is very difficult to exploit and for this most of these hardware with Specter vulnerability remains safer so far.

Developers have way out to fix it and they are working on fixing Specter and the future computer chips should be built with it while considering this fix. What is most difficult is that the presence of Meltdown makes the core of chips easier to exploit and that makes developers work most difficult. Meltdown does not affect AMD processor but it does affect some high-end ARM and Intel chips of yesteryear’s and of present years.

Patching of Meltdown vulnerabilities in operating system is currently going on and it is under the process of fixing it. Most of this modern operating system provides dynamic level of security permissions to different programs that runs in memory of operating system. Kernel efficiently uses these restrictions of processors to implement these restrictions. Hardware security implementation is easier and faster and that is why most of operating system uses such privileges.

Modern processors and especially of ARM and Intel processors does not bother to check whether the specific restrictions should be investigated first or not and in order to provide efficient speed and dynamism to it most of modern processors leave this to central processing unit of computers. Then comes another level and generations of modern processors and central processing units where we do see the presence of creation of CPU cache in order to speed up restrictions enforcement and provide super fast computing at hand.

It on the other hand, what makes it worse is that it creates core problems for processors where both of these operating system faults lies with CPU’s cache. It aims to make the running of application faster as it can read the instruction from cache but at the same time it creates two major security flaws such as Meltdown and Specter. It provides route for speculative execution and that creates the most problem. Caching makes these speculative execution faster but still it makes your computer vulnerable as attackers can easily map the entire process of computing to take advantage of this.

What it makes most severe is that when hardware acceleration is enabled and the mere small java script code which is running on your favorite web browser can easily read memory without even accessing it. With the presence of one app it can virtually take the full control of company’s website in which the same processors are running up.

On the other hand when these extra checks into these processors are added such as extra patches and this means more security checks and ultimately the computer processors are going to be slowed down more so even if these security holes are patched still it makes computer slower. Which means slower processor which can make computer slower.

Google Chrome has already amends it to make it more difficult for hacker to implement it and developers are planning hard to implement such security codes that would make the hacker most difficult to gain advantage into enterprise systems.

“Increase security with site isolation

 

When you turn on site isolation, Chrome offers more security protections for your browser.

 

Chrome will load each website in its own process. So, even if a site bypasses the same-origin policy, the extra security will help stop the site from stealing your data from another website. Learn more about site isolation.

 

On your computer, open Chrome.

In the address bar at the top, enter chrome://flags/#enable-site-per-process and press Enter.

Next to “Strict site isolation,” click Enable.

If you don’t see “Strict site isolation,” update Chrome.

Click Relaunch now.”

Source:

It will increase Chrome’s memory and thus it would make life difficult for hackers to invade into deeper into hardware processor.

Mozilla Firefox also implement new security measures in its latest versions of web browser so that, new class of mitigation landing of timing of attack will be slower and thus the processor is to be well protected against Meltdown and Specter security attacks.

“Several recently-published research articles have demonstrated a new class of timing attacks (Meltdown and Spectre) that work on modern CPUs.  Our internal experiments confirm that it is possible to use similar techniques from Web content to read private information between different origins.  The full extent of this class of attack is still under investigation and we are working with security researchers and other browser vendors to fully understand the threat and fixes.  Since this new class of attacks involves measuring precise time intervals, as a partial, short-term, mitigation we are disabling or reducing the precision of several time sources in Firefox.  This includes both explicit sources, like performance.now(), and implicit sources that allow building high-resolution timers, viz., SharedArrayBuffer.

 

Specifically, in all release channels, starting with 57:

 

The resolution of performance.now() will be reduced to 20µs.

The SharedArrayBuffer feature is being disabled by default.

 

Furthermore, other timing sources and time-fuzzing techniques are being worked on.

 

In the longer term, we have started experimenting with techniques to remove the information leak closer to the source, instead of just hiding the leak by disabling timers.  This project requires time to understand, implement and test, but might allow us to consider reenabling SharedArrayBuffer and the other high-resolution timers as these features provide important capabilities to the Web platform.

 

Update [January 4, 2018]: We have released the two timing-related mitigations described above with Firefox 57.0.4, Beta and Developers Edition 58.0b14, and Nightly 59.0a1 dated “2018-01-04” and later. Firefox 52 ESR does not support SharedArrayBuffer and is less at risk; the performance.now() mitigations will be included in the regularly scheduled Firefox 52.6 ESR release on January 23, 2018.”

Source

 

How to Check if Your PC or Phone Is Protected Against Meltdown and Spectre

These bugs were first discovered by Google’s Project Zero team. On January 9 Microsoft releases some updates and according to Microsoft the affected personal computers will be slight second slowdown which will not be noticeable by computer users.

Open Opera web browser and then on its address bar write ‘opera:flags’ without quotes and then press enter and then in its search box, search for ‘enable-site-per-process’ and enable it. Then relaunch Opera. Warning: Experimental features ahead! By enabling these features, you could lose browser data or compromise your security or privacy. Enabled features apply to all users of this browser. Highly experimental security mode that ensures each rendered process contains pages from at most one site. In this mode, out-of-process iframes will be used whenever an iframe is cross-site.

Microsoft says its fix will impact very less on Windows 10 users but if Windows 7 and Windows 8 users are affected by it then system performance will be slower after these updates as it reduces multi-threading of processes to a considerable level. Some estimates that, PC games becomes slower but still personal computer users will see it hardly impacting but the computer users with older Intel processors may find it more difficult to use it and their personal computer performance will become slower in times to come.

For clouds computing most of these central servers are loaded with Intel processors will see hardly meltdown as most of times the amount of use in these clouds are not enough to reach to its maximum capacity. What it summarizes that your computer is not going to be faster with these updates but it will become slower and if it has Intel chips then it is going to be slower in days to come.

Microsoft, Apple, Chrome books have already, patched this and Microsoft has patched this for some computers and the patches will come for more computers. There are also BIOS and UEFI updates available, and this is needed for most of Specter fixes to run computer efficiently. Though it works efficiently but advent of these flaws are still there and in future if both central processing units and chip processors are not working hard to fix it then it will stay there for longer times and this could impact the performance of computer to a larger extent.

Specter is most difficult to hack and it is related with cloud computing rather than that of individual computers. The slowness towards cloud computing in the future could impact it further if these flaws are not rectified and corrected on time.

Related Articles

2 thoughts on “What can I do to protect my PC from the Meltdown and Spectre flaws?

Leave a Reply

Your email address will not be published. Required fields are marked *

362 Views