Meltdown and Spectre Viruses! Serious!
In my last posting, I mention about a CPU chip flaw in nearly all computers -- Apple, Google, and Windows alike -- that can be exploited by quasi-viruses called Meltdown and Spectre that steal data from devices. The theft process is very complicated and technical, so if you want to know the details, search for it. I'm avoiding that here.
Suffice it to say that this is a serious enough exposure that every chip maker, computer maker, and browser developer is working on solutions, and will likely be a rollout of solutions over time. Already, Microsoft, Google, and Apple have released OS patches, so you need to apply these as soon as you can. Down the road, expect even more updates.
I call these exploitations "quasi-viruses" because these aren't viruses in the traditional sense and therefore aren't being picked up by regular antivirus programs. I've put a request in to PCMatic, since they block by whitelist instead of blacklist (can't install app unless you are on their whitelist). Their response was a bit vague, saying that their Supershield product "blocks any and all known bad and unknown executable files". Read that as you see fit; I'm not normally a big fan of PCMatic whitelisting. Malwarebytes (www.malwarebytes.org) says they have released a version of their product that catches the Meltdown exploit, but not Spectre yet, on Windows PCs only. Avast and AVG, along with MacAfee and Norton, and other antivirus vendors say they do.
Here is a link to a chart I've found that lists the vendors' statuses as of January 8, 2018:
http://tinyurl.com/ycta3qqt
Suffice it to say that this is a serious enough exposure that every chip maker, computer maker, and browser developer is working on solutions, and will likely be a rollout of solutions over time. Already, Microsoft, Google, and Apple have released OS patches, so you need to apply these as soon as you can. Down the road, expect even more updates.
I call these exploitations "quasi-viruses" because these aren't viruses in the traditional sense and therefore aren't being picked up by regular antivirus programs. I've put a request in to PCMatic, since they block by whitelist instead of blacklist (can't install app unless you are on their whitelist). Their response was a bit vague, saying that their Supershield product "blocks any and all known bad and unknown executable files". Read that as you see fit; I'm not normally a big fan of PCMatic whitelisting. Malwarebytes (www.malwarebytes.org) says they have released a version of their product that catches the Meltdown exploit, but not Spectre yet, on Windows PCs only. Avast and AVG, along with MacAfee and Norton, and other antivirus vendors say they do.
Here is a link to a chart I've found that lists the vendors' statuses as of January 8, 2018:
http://tinyurl.com/ycta3qqt
Now, Intel says to hold off on the patches supposed to guard against Meltown and Spectre.
ReplyDeletehttps://tinyurl.com/yc3saelv