Meltdown and Specter Vulnerabilities: Permanent Uploading Is Required - Paul Honig
Ordinary computer system users should keep updating all systems and install updates that will be released by processor manufacturers in order to respond to the identified vulnerabilities of Meltdown and Spectre, the Senior System Administrator of the European Space Agency Paul Honig stated during the VI Kyiv Security Forum for Youth.
"If you are not a security expert the only thing you can do is to update all systems on regular basis, download all updates," the expert said, commenting on the necessary responses to the vulnerability of Meltdown and Specter, which as it was announced in January 2018 are present in almost all modern processors.
In the case of organizations, special units on computer security should react on this. At the same time, the specialists of these units should constantly "stay tuned for more news" and monitor constant development of technologies, said the System Administrator of the European Space Agency.
The expert also noted that the emergence of information on vulnerabilities of Meltdown and Specter, that existed practically in all modern processors, in future can provoke the development of new technologies and equipment, what may take "several months or years". "However, it is impossible to predict the consequences of all the scenarios that may occur after these vulnerabilities appearance," Paul Honig said.
As it is known, in January 2018 the existence of Meltdown and Specter vulnerabilities became a well-known fact. These vulnerabilities are present on Intel, AMD, ARM processors. This means that almost all devices (computers, laptops, cloud servers, smartphones) operating on Windows, Android, MacOS, iOS, Linux systems are potentially vulnerable.
So far, we know that Meltdown (CVE-2017-5754) allows access to data stored in the internal operating system memory, while Specter (CVE-2017-5753, CVE-2017-5715) avoids the delineation between programs, which allows one program to retrieve data from another.
Currently, the development of a workable update is under way, which should correct the flaw, but experts estimate it will reduce the productivity of devices by 5-30%, depending on active programs on the computer and the processor model. Intel does not refute performance declines, assuring that ordinary users will not feel this, but how it will affect large corporations, such information has not been provided.
At the present time, for protection from vulnerabilities Intel recommends to install updates from operating systems and devices manufacturers.
Microsoft has released several updates to reduce the impact of these vulnerabilities and protect against their exploitation. Updates were also introduced to protect Microsoft cloud services and Internet Explorer and Microsoft Edge browsers.
For Windows users, periodic download of updates is the best protection.
Youth Kyiv Security Forum is the platform for discussion of current issues of international relations and foreign policy of Ukraine by young experts. The purpose of the forum is to strengthen the role of the new generation of experts, to improve their ability to participate in the process of political analysis and development.
PARTNERS OF THE FORUM:
NATO Information and Documentation Centre in Ukraine (NIDC)
Friedrich Ebert Foundation.
Organizer of the Forum is the Arseniy Yatsenyuk Open Ukraine Foundation.