This information is important to most people who own a PC, laptop, or mobile device, so I’ll present it in as much of a non-techie way as possible. Hard core techies may want to comment on some of the more critical points using more technical jargon if they think it will help the person who has an above average level of technical knowledge. First, Meltdown and Spectre are both ways where the data being processed inside the CPU can be accessed by a hacker – and there is nothing that can protect you from your data being compromised. Google was the first to find the flaws in the Intel, AMD, and ARM processors. One of these three groups of processors is found on most computers and smartphones, so this is not a Windows vs. iOS debate or an Android vs. iOS. All are equally vulnerable.
The CPU is known by most people as the “brain” of the computer. Virtually everything that goes on once you power up the computer will involve data being passed through the CPU. The CPU is a physical part of a computer, and like every physical part has to have a design in order for it to function. That design is known as the architecture. This architecture is where the problem lies.
The Meltdown problem is limited to computers and devices that use the Intel type of processor (i3, i5, and i7 are examples). The CPU architecture is designed to work a specific way to prevent data that is being used in one application to be accessed in another. The CPU knows when you are running Microsoft Word and Google Chrome at the same time, and is able to separate the instructions for the two programs. The instructions are stored in a memory location inside the CPU, separate from one another, and this separation has a number of safeguards that prevent either the user or a hacker from being able to access the data in those memory locations.
That is, until the discovery that Meltdown can make these protections uncertain or unreliable. As you can see, the problem is in the “physical” way (physical to the CPU) the CPU stores and moves data through and allows it to perform its basic functions. If you saw the movie Batman Forever, the Riddler created a device that accessed and stored the data stored inside the brains of the citizens of Gotham City. Meltdown works in a similar way expect it can not only access the data but also insert data such as malware. (OK, maybe not the best example, but I tried.)
Spectre can be used on Intel, AMD, and ARM processors. This is critical because it extends its potential for data danger to almost any device that has a computer chip, including programmable thermostats, insulin pumps, and baby monitors. The way Spectre works is more complicated, but it “attacks” the same CPU memory area as Meltdown, but instead of working around the existing CPU protections it uses deception to get applications to “let down their guard” and allows the data stored in the protected memory location to be accessed.
Now that you know what Meltdown and Spectre are and have a basic idea of how they work, the next question is whether there is anything you can do about preventing them from accessing your data. The short answer is – nothing. Because the problem is in the physical architecture of the CPU, no firmware or software fix is possible. Though this may be very disconcerting, using Meltdown or Spectre from a remote location, such as someone who is trying to execute one of them while you are connected to the Internet, is a much more difficult task.
The major players, Microsoft, Apple, etc. have had several months of lead time to develop fixes for the problem. Though there is no definitive way to completely fix the problem, some of the loopholes have been closed. But in closing those loopholes the performance of your CPU is likely to be affected, meaning it will run slower by an estimated 5 to 30 percent. Depending on the type of processor you have and how much your day to day computer use involves heavy CPU use, you may not notice the slowdown in performance or you may wonder if your computer has been infected with a virus or malware. This is probably the biggest reason everyone needs to know about the existence of Meltdown and Spectre.
Though Meltdown and Spectre affect the CPU, the fixes are likely to negatively affect other computer chips and are likely to affect certain applications. Some chips may completely stop functioning, and applications may crash – with no way to repair the problem.
How will you know the degree to which your computer or device will be affected by all of this? The simple answer is to continue using your devices the way you normally do and be aware of any noticeable changes in performance. If a program crashes, to go the company’s website to see if any updates are available or if the company offers any information about the problem that is related to Meltdown or Spectre.
The cost of all of this to companies and consumers will not be known for some time – if ever. Applications that crash will have to be redesigned, and it is not likely companies will be giving away the new ones for free. The same applies to physical devices. Companies will have their own increased expenses to locate and repair known problems, and it is safe to say there are more problems waiting to be discovered.
When Microsoft Windows first became a must-have in the 1980’s, one of the more common views was that if Windows was a car, nobody would buy it because of all of its flaws. We are here, 30 years later, and Microsoft is not the only dog to kick around. Everyone who uses a computer or smartphone has unwittingly bought into the problem.