A pair of nasty CPU flaws exposed this week have serious ramifications for home computer users. Meltdown and Spectre let attackers access protected information in your PC\u2019s kernel memory, potentially revealing sensitive details like passwords, cryptographic keys, personal photos and email, or anything else you\u2019ve used on your computer. It\u2019s a serious flaw. Fortunately, CPU and operating system vendors pushed out patches fast, and you can protect your PC from Meltdown and Spectre to some degree.<\/p>\n
It\u2019s not a quick one-and-done deal, though. They\u2019re two very different CPU flaws that touch every part of your operating system, from hardware to software to the operating system itself. Check out PCWorld\u2019s Meltdown and Spectre FAQ for everything you need to know about the vulnerabilities themselves. We\u2019ve cut through the technical jargon to explain what you need to know in clear, easy-to-read language. We\u2019ve also created an overview of how the Spectre CPU bug affects phones and tablets.<\/p>\n
The guide you\u2019re reading now focuses solely on protecting your computer against the Meltdown and Spectre CPU flaws.<\/p>\n
How to protect your PC against Meltdown and Spectre CPU flaws<\/p>\n
Here\u2019s a quick step-by-step checklist, followed by the full process.<\/p>\n
Update your operating system
\nCheck for firmware updates
\nUpdate your browser
\nKeep your antivirus active
\nFirst, and most important: Update your operating system right now. The more severe flaw, Meltdown, affects \u201ceffectively every [Intel] processor since 1995,\u201d according to the Google security researchers that discovered it. It\u2019s an issue with the hardware itself, but the major operating system makers have rolled out updates that protect against the Meltdown CPU flaw.<\/p>\n
Microsoft pushed out an emergency Windows patch late in the day on January 3. If it didn\u2019t automatically update your PC, head to Start > Settings > Update & Security > Windows Update, then click the Check now button under \u201cUpdate status.\u201d (Alternatively, you can just search for \u201cWindows Update,\u201d which also works for Windows 7 and 8.) Your system should detect the available update and begin downloading it. Install the update immediately.<\/p>\n
You might not see the update, though. Some antivirus products aren\u2019t playing nice with the emergency patch, causing Blue Screens of Death and boot-up errors. Microsoft says it\u2019s only \u201coffering the Windows security updates released on January 3, 2018 to devices running anti-virus software from partners who have confirmed their software is compatible with the January 2018 Windows operating system security update.\u201d Security researcher Kevin Beaumont is maintaining an updated list of antivirus compatibility status. Most are supported at this point. If your AV isn\u2019t supported, do not manually download the Meltdown patch unless you turn it off and switch to Windows Defender first.<\/p>\n
But machines with compatible antivirus still may not automatically apply the update. If you\u2019re sure your security suite won\u2019t bork your system, you can also download the Windows 10 KB4056892 patch directly here. You\u2019ll need to know whether to grab the 32-bit (x86) or 64-bit (x64) version of the update. To determine if your PC runs a 32- or 64-bit version of Windows, simply type \u201csystem\u201d (without the quotation marks) into Windows search and click the top listing. It\u2019ll open a Control Panel window. The \u201cSystem type\u201d listing will tell you which version of Windows you\u2019re running. Most PCs released in the past decade will be using the 64-bit operating system.<\/p>\n
Apple quietly worked Meltdown protections into macOS High Sierra 10.13.2, which released in December. If your Mac doesn\u2019t automatically apply updates, force it by going into the App Store\u2019s Update tab. Chromebooks should have already updated to Chrome OS 63 in December. It contains mitigations against the CPU flaws. Linux developers are working on kernel patches. Patches are also available for the Linux kernel.<\/p>\n
Now for the bad news. The operating system patches will slow down your PC, though the extent varies wildly depending on your CPU and the workloads you\u2019re running. Intel expects the impact to be fairly small for most consumer applications like games or web browsing, and initial testing supports that. Our FAQ digs into potential PC performance slowdowns from the patches. You still want to install the updates for security reasons.<\/p>\n
Check for a firmware update<\/p>\n
Because Meltdown\u2019s CPU exploits exist on a hardware level, Intel is also releasing firmware updates for its processors. \u201cBy the end of next week, Intel expects to have issued updates for more than 90 percent of processor products introduced within the past five years,\u201d it said in a statement on January 4.<\/p>\n
Actually getting those firmware updates is tricky, because firmware updates aren\u2019t issued directly from Intel. Instead, you need to snag them from the company that made your laptop, PC, or motherboard\u2014think HP, Dell, Gigabyte, et cetera. Most prebuilt computers and laptops have a sticker with model details somewhere on their exterior. Find that, then search for the support page for your PC or motherboard\u2019s model number.<\/p>\n
Update your browser<\/p>\n
You also need to protect against Spectre, which tricks software into accessing your protected kernel memory. Intel, AMD, and ARM chips are vulnerable to Spectre to some degree. Software applications need to be updated to protect against Spectre. The major PC web browsers have all issued updates as a first line of defense against nefarious websites seeking to exploit the CPU flaw with Javascript.<\/p>\n
Microsoft updated Edge and Internet Explorer alongside Windows 10. Firefox 57 also wraps in some Spectre safeguards. Chrome 63 made \u201cSite Isolation\u201d an optional experimental feature. You can activate it right now by entering chrome:\/\/flags\/#enable-site-per-process into your URL bar, then clicking Enable next to \u201cStrict site isolation.\u201d Chrome 64 will have more protections in place when it launches on January 23.<\/p>\n
Keep your antivirus active<\/p>\n
Finally, this ordeal underlines how important it is to keep your PC protected. The Google researchers who discovered the CPU flaws say that traditional antivirus wouldn\u2019t be able to detect a Meltdown or Spectre attack. But attackers need to be able to inject and run malicious code on your PC to take advantage of the exploits. Keeping security software installed and vigilant helps keep hackers and malware off your computer. Plus, \u201cyour antivirus may detect malware which uses the attacks by comparing binaries after they become known,\u201d Google says.<\/p>\n
PCWorld\u2019s guide to the best antivirus for Windows PCs can help you find the best option for your setup\u2014though note the section above where we discuss the compatibility issues some AV programs are having with the new Windows patch.<\/p>\n","protected":false},"excerpt":{"rendered":"
A pair of nasty CPU flaws exposed this week have serious ramifications for home computer users. Meltdown and Spectre let attackers access protected information in your PC\u2019s kernel memory, potentially revealing sensitive details like passwords, cryptographic keys, personal photos and email, or anything else you\u2019ve used on your computer. It\u2019s a serious flaw. Fortunately, CPU […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/posts\/1535"}],"collection":[{"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/comments?post=1535"}],"version-history":[{"count":0,"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/posts\/1535\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/media?parent=1535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/categories?post=1535"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.notebookbattery.co.nz\/blog\/wp-json\/wp\/v2\/tags?post=1535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}