A pair of nasty
CPU flaws exposed this week have serious ramifications for home computer users.
Meltdown and Spectre let attackers access protected information in your PC’s
kernel memory, potentially revealing sensitive details like passwords,
cryptographic keys, personal photos and email, or anything else you’ve used on
your computer. It’s a serious flaw. Fortunately, CPU and operating system
vendors pushed out patches fast, and you can protect your PC from Meltdown and
Spectre to some degree.
It’s not a quick
one-and-done deal, though. They’re two very different CPU flaws that touch
every part of your operating system, from hardware to software to the operating
system itself. Check out PCWorld’s Meltdown and Spectre FAQ for everything you
need to know about the vulnerabilities themselves. We’ve cut through the
technical jargon to explain what you need to know in clear, easy-to-read
language. We’ve also created an overview of how the Spectre CPU bug affects
phones and tablets.
The guide you’re
reading now focuses solely on protecting your computer against the Meltdown and
Spectre CPU flaws.
How to protect your PC against Meltdown and Spectre
CPU flaws
Here’s a quick
step-by-step checklist, followed by the full process.
Ÿ Update your operating system
Ÿ Check for firmware updates
Ÿ Update your browser
Ÿ Keep your antivirus active
First, and most
important: Update your operating system right now. The more severe flaw,
Meltdown, affects “effectively every [Intel] processor since 1995,” according
to the Google security researchers that discovered it. It’s an issue with the
hardware itself, but the major operating system makers have rolled out updates
that protect against the Meltdown CPU flaw.
Microsoft pushed
out an emergency Windows patch late in the day on January 3. If it didn’t
automatically update your PC, head to Start > Settings > Update &
Security > Windows Update, then click the Check now button under “Update
status.” (Alternatively, you can just search for “Windows Update,” which also
works for Windows 7 and 8.) Your system should detect the available update and
begin downloading it. Install the update immediately.
You might not
see the update, though. Some antivirus products aren’t playing nice with the
emergency patch, causing Blue Screens of Death and boot-up errors. Microsoft
says it’s only “offering the Windows security updates released on January 3,
2018 to devices running anti-virus software from partners who have confirmed
their software is compatible with the January 2018 Windows operating system
security update.” Security researcher Kevin Beaumont is maintaining an updated
list of antivirus compatibility status. Most are supported at this point. If
your AV isn’t supported, do not manually download the Meltdown patch unless you
turn it off and switch to Windows Defender first.
But machines
with compatible antivirus still may not automatically apply the update. If
you’re sure your security suite won’t bork your system, you can also download
the Windows 10 KB4056892 patch directly here. You’ll need to know whether to
grab the 32-bit (x86) or 64-bit (x64) version of the update. To determine if
your PC runs a 32- or 64-bit version of Windows, simply type “system” (without
the quotation marks) into Windows search and click the top listing. It’ll open
a Control Panel window. The “System type” listing will tell you which version
of Windows you’re running. Most PCs released in the past decade will be using
the 64-bit operating system.
Apple quietly
worked Meltdown protections into macOS High Sierra 10.13.2, which released in
December. If your Mac doesn’t automatically apply updates, force it by going
into the App Store’s Update tab. Chromebooks should have already updated to
Chrome OS 63 in December. It contains mitigations against the CPU flaws. Linux
developers are working on kernel patches. Patches are also available for the
Linux kernel.
Now for the bad
news. The operating system patches will slow down your PC, though the extent
varies wildly depending on your CPU and the workloads you’re running. Intel
expects the impact to be fairly small for most consumer applications like games
or web browsing, and initial testing supports that. Our FAQ digs into potential
PC performance slowdowns from the patches. You still want to install the
updates for security reasons.
Check for a firmware update
Because
Meltdown’s CPU exploits exist on a hardware level, Intel is also releasing
firmware updates for its processors. “By the end of next week, Intel expects to
have issued updates for more than 90 percent of processor products introduced
within the past five years,” it said in a statement on January 4.
Actually getting
those firmware updates is tricky, because firmware updates aren’t issued
directly from Intel. Instead, you need to snag them from the company that made
your laptop, PC, or motherboard—think HP, Dell, Gigabyte, et cetera. Most
prebuilt computers and laptops have a sticker with model details somewhere on
their exterior. Find that, then search for the support page for your PC or
motherboard’s model number.
Update your browser
You also need to
protect against Spectre, which tricks software into accessing your protected
kernel memory. Intel, AMD, and ARM chips are vulnerable to Spectre to some
degree. Software applications need to be updated to protect against Spectre.
The major PC web browsers have all issued updates as a first line of defense
against nefarious websites seeking to exploit the CPU flaw with Javascript.
Microsoft
updated Edge and Internet Explorer alongside Windows 10. Firefox 57 also wraps
in some Spectre safeguards. Chrome 63 made “Site Isolation” an optional
experimental feature. You can activate it right now by entering
chrome://flags/#enable-site-per-process into your URL bar, then clicking Enable
next to “Strict site isolation.” Chrome 64 will have more protections in place when
it launches on January 23.
Keep your antivirus active
Finally, this
ordeal underlines how important it is to keep your PC protected. The Google
researchers who discovered the CPU flaws say that traditional antivirus
wouldn’t be able to detect a Meltdown or Spectre attack. But attackers need to
be able to inject and run malicious code on your PC to take advantage of the
exploits. Keeping security software installed and vigilant helps keep hackers
and malware off your computer. Plus, “your antivirus may detect malware which
uses the attacks by comparing binaries after they become known,” Google says.
PCWorld’s guide
to the best antivirus for Windows PCs can help you find the best option for
your setup—though note the section above where we discuss the compatibility
issues some AV programs are having with the new Windows patch.
