What You Need to Know About Spectre and Meltdown

CS Square-1793

What You Need to Know About Spectre and Meltdown

CS Square-1793

The tech world is buzzing with the news of the newly announced Spectre and Meltdown vulnerabilities, and tech companies are rushing to produce patches.

So, what exactly does this mean for you?

Spectre and Meltdown are both security risks affecting modern microprocessors. This means that most of the devices from the past 15-20 years are affected, including your PC, smartphone, and others. These are bugs at a fundamental level that allow critical information stored deep inside your computer system, like passwords, to be exposed.

For the most part, your data cache has powerful protections in place to prevent other processes or applications from accessing it. Spectre and Meltdown circumvent those protections, and they have the potential to expose nearly any data the computer processes. This can include proprietary information and even encrypted communications.

Let’s talk about the differences between the two:

Meltdown affects primarily PCs and other Intel devices, but Spectre affects Intel, AMD, and ARM processors… which means it affects mobile phones, embedded devices, and pretty much anything with a processing chip in it, not just PCs.

Meltdown breaks through the protections that prevent applications from accessing random locations in kernel memory. Spectre, on the other hand, essentially tricks applications into disclosing information that would normally be inaccessible to other programs. This is a harder vulnerability to exploit, but it’s also a harder one to fix as it’s based on an established chip architecture practice.

Solutions are coming.

Based on testing, some are saying that you may experience a decrease in processing power (aka speed) once it does. For computers that already have a lot of processing power, you may not even notice a difference; but, for those older models, you may experience a decrease from 5-25%. This is still speculation, however, as patches are just rolling out now.

Are you confident in your current IT solution’s ability to roll out these changes?

If not, give us a call. Our team of experts would love to help.

 


 

 

About the Author-

Eric Henderson is Rocket IT’s virtual Chief Information Officer. He is also the tallest person at Rocket IT (by a fraction of an inch).

 

The average cost of unplanned downtime per minute in 2016 was nearly $9,000 per incident.

Your organization doesn’t have to eat the cost of dead time. Download our free whitepaper now to learn five easy steps you can take to capture dead time.

 

 

 

 

 

Posted in