The Spectre of a Meltdown

The Spectre of a Meltdown – 2018 starts with a security headache. Unhappily, our New Year starts by warning you about yet more security vulnerabilities. Whoever names these must have a lot of fun! Spectre and Meltdown are the latest, and these two effect virtually every modern machine, including Mac, Tablet and Phone.

These can be triggered in many ways, including a bad website, and can steal your information – not just any information – they can steal your passwords, along with emails, documents, photos. In simple terms, Meltdown gets between your PC and your operating system, while Spectre seems to be much harder and may require hardware manufacturers to redesign how their systems work in the future.

 

The problem is that the full impact and resolutions aren’t yet known. We’re getting new information every day and following if carefully.

The existence of these threats was made public on the 3rd. You can find details on the website theregister.co.uk – and that’s a great resource for the technically minded. It exposes a flaw in CPU design that goes back some 20- years, so its low-level and hard to resolve.

Microsoft, Intel, the antivirus community (including the antivirus in the Kinetics KARE service) and others have all responded quickly and there were a heap of interim updates made available at the end of last week. Some of these updates have themselves created problems, such as slowing PCs down ore in some cases killing PCs entirely! If you have time, read https://www.theregister.co.uk/2018/01/08/meltdown_fix_security_problems/ and https://www.theregister.co.uk/2018/01/08/microsofts_spectre_fixer_bricks_some_amd_powered_pcs/. There are more updates expected today and we are watching out for those with interest, especially the ones that replace the interim ones above.

So, what can we do together?


1. Updates! As always, the best defence is keeping everything up-to-date, and clients with KARE “Core Fundamentals” or “Premium KARE” on their machines can relax – those machines are covered! We are updating machines as the patches come out, and as machines are turned on as people return to work after the holidays.

2. No old versions of Windows etc. Windows 2008, Windows XP etc. Refer to https://support.microsoft.com/en-nz/lifecycle Our KARE clients will already know which of these, if any, affect them, as this is part of our quarterly reporting. If you have old versions of software, we need to update them urgently or you are very vulnerable to these hackers.

3. Macs are impacted too, and theoretically some smart phones and tablets. We are monitoring these carefully, especially Macs on KARE and all devices on KARE for Mobile are being double checked for updates – the antivirus has already been updated. If you don’t have KARE for Mobile, please contact your account manager.

4. Speed – there are reports that the updates are slowing machines down. It varies considerably depending on configuration and usage. New updates may have a different impact to old ones. However, don’t panic – most PCs and servers use very little of their CPU under regular operations. However if you have a large private cloud configuration, then it will need monitoring.

5. User awareness – we’re very happy to come to your office to present a ‘lunch and learn’-style presentation to your staff to help be more aware of what they can do to keep safe.

We’re working hard to keep up to date, and to help all our clients keep safe. We’ll update you with the relevant details as they become known, but not to over-alarm anyone! Right now, we’re interested in making sure every PC, server and mobile device is to to date, and we’ll be more aggressive than normal to do that. We’re testing updates and will push them to you even more frequently than normal – thanks in advance for your patience with this!