Here’s How

Stay safe(r) with this guide.

PCWorld (USA) - - Contents - BY BRAD CHACOS

Apair of nasty CPU flaws re­cently ex­posed have se­ri­ous ram­i­fi­ca­tions for home com­puter users. Melt­down and Spec­tre let at­tack­ers ac­cess pro­tected in­for­ma­tion in your PC’S ker­nel mem­ory, po­ten­tially re­veal­ing sen­si­tive de­tails like pass­words, cryp­to­graphic keys, per­sonal pho­tos and email, or any­thing else you’ve used on your com­puter. Th­ese are se­ri­ous flaws. For­tu­nately, CPU and op­er­at­ing sys­tem ven­dors pushed out patches fast, and you can

pro­tect your PC from Melt­down and Spec­tre to some de­gree.

It’s not a quick one-and-done deal, though. They’re two very dif­fer­ent CPU flaws that touch ev­ery part of your op­er­at­ing sys­tem, from hard­ware to software to the op­er­at­ing sys­tem it­self. Check out Pc­world’s Melt­down and Spec­tre FAQ on page 7 for ev­ery­thing you need to know about the vul­ner­a­bil­i­ties them­selves. We’ve cut through the tech­ni­cal jar­gon to ex­plain what you need to know in clear, easy-to-read lan­guage. We’ve also cre­ated an over­view of how the Spec­tre CPU bug af­fects phones and tablets ( go.pc­world.com/phta).

The guide you’re read­ing now fo­cuses solely on pro­tect­ing your com­puter against the Melt­down and Spec­tre CPU flaws.

HOW TO PRO­TECT YOUR PC AGAINST MELT­DOWN AND SPEC­TRE CPU FLAWS

Here’s a quick step-by-step check­list, fol­lowed by the full process. • Up­date your op­er­at­ing sys­tem • Check for firmware up­dates • Up­date your browser • Up­date other software

• Keep your an­tivirus ac­tive

First, and most im­por­tant: Up­date your op­er­at­ing sys­tem right now. The more se­vere flaw, Melt­down, af­fects “ef­fec­tively ev­ery [In­tel] pro­ces­sor since 1995,” ac­cord­ing to the Google se­cu­rity re­searchers that dis­cov­ered it. It’s an is­sue with the hard­ware it­self, but the ma­jor op­er­at­ing sys­tem mak­ers have rolled out up­dates that pro­tect against the Melt­down CPU flaw.

Mi­crosoft pushed out an emer­gency Win­dows patch late in the day on Jan­uary 3. If it didn’t au­to­mat­i­cally up­date your PC, head to Start > Set­tings > Up­date & Se­cu­rity > Win­dows Up­date, then click the Check now but­ton un­der “Up­date sta­tus.” (Al­ter­na­tively, you can just search for “Win­dows Up­date,” which also works

for Win­dows 7 and 8.) Your sys­tem should de­tect the avail­able up­date and be­gin down­load­ing it. In­stall the up­date im­me­di­ately.

You might not see the up­date, though. Some an­tivirus prod­ucts aren’t play­ing nice ( go.pc­world.com/nice) with the emer­gency patch, caus­ing Blue Screens of Death and boot-up er­rors. Like­wise, the Melt­down patch ren­dered some AMD com­put­ers un­bootable ( go.pc­world.com/unb0), which forced Mi­crosoft to tem­po­rar­ily halt its roll-out of the fix to po­ten­tially im­pacted sys­tems. It’s fixed now, but be­cause of the bar­rage of se­verely sys­tem-break­ing er­rors, we do not rec­om­mend man­u­ally in­stalling the Win­dows Melt­down patches if Mi­crosoft hasn’t pushed them to your PC via Win­dows Up­date. We aren’t even go­ing to link to the down­load page for the Melt­down up­dates. Don’t do it.

Ap­ple qui­etly worked Melt­down pro­tec­tions into macos High Sierra 10.13.2, which re­leased in De­cem­ber. If your Mac doesn’t au­to­mat­i­cally ap­ply up­dates, force it by go­ing into the App Store’s Up­date tab. Chrome­books should have al­ready up­dated to Chrome OS 63 in De­cem­ber. It con­tains mit­i­ga­tions against the CPU flaws. Linux de­vel­op­ers are work­ing on ker­nel patches. Patches are also avail­able for the Linux ker­nel.

CHECK FOR A CPU FIRMWARE UP­DATE

You also need to in­stall CPU mi­crocode/ firmware fixes to pro­tect against one of the Spec­tre vari­ants, which can’t be com­bated by op­er­at­ing sys­tem patches alone. In­tel re­leased firmware up­dates for most of its pro­ces­sors re­leased in the past five years—but the “fix” can cause sys­tem in­sta­bil­ity and re­boot er­rors ( go. pc­world.com/1nst). In­tel has iden­ti­fied the root cause but ad­vises that users do not in­stall cur­rently avail­able CPU firmware patches, re­vers­ing its ear­lier guid­ance. In­stead, the com­pany coun­sels users to wait un­til new, more sta­ble mi­crocode up­dates ar­rive, which are cur­rently be­ing tested by In­tel’s hard­ware part­ners. We’ll up­date this ar­ti­cle when the new fixes are avail­able.

Now for more bad news. The op­er­at­ing sys­tem and CPU firmware patch combo will slow down your PC ( go.pc­world.com/sl0w), though the ex­tent varies wildly de­pend­ing on your CPU and the work­loads you’re run­ning.

In­tel ex­pects the im­pact to be fairly small for most con­sumer ap­pli­ca­tions like games or web brows­ing. Ini­tial test­ing sup­ports that, and re­veals stor­age speeds can take a sig­nif­i­cant dip. Mi­crosoft says Win­dows 10 PCS with Sky­lake (Core 6xxx se­ries) chips or newer shouldn’t see much per­for­mance

You also need to in­stall CPU mi­crocode/firmware fixes to pro­tect against one of the Spec­tre vari­ants, which can’t be com­bated by op­er­at­ing sys­tem patches alone.

im­pact; Win­dows 10 PCS with 2015-era or older In­tel pro­ces­sors “show more sig­nif­i­cant slow­downs;” and on Win­dows 7 and 8 sys­tems with older In­tel CPUS, Mi­crosoft “ex­pects most users to no­tice a de­crease in sys­tem per­for­mance.”

AMD will re­lease CPU firmware up­dates ( go.pc­world.com/firm) too, start­ing with Ryzen, Thread­rip­per, and Epyc pro­ces­sors be­fore mov­ing on to older chips. They’re clas­si­fied as op­tional, how­ever, be­cause “dif­fer­ences in AMD ar­chi­tec­ture mean there is a near zero risk of ex­ploita­tion” of the Spec­tre vari­ant that re­quires firmware up­dates. Given Mi­crosoft’s warn­ing of post-patch per­for­mance slow-downs, In­tel’s firmware sta­bil­ity woes, and the op­tional na­ture of AMD’S fix, you may want to wait un­til AMD’S mi­crocode up­date is tested and bench­mark be­fore de­cid­ing whether or not to ap­ply it to your sys­tem.

Ac­tu­ally get­ting those firmware up­dates is tricky, be­cause firmware up­dates aren’t is­sued di­rectly from In­tel and AMD. In­stead, you need to snag them from the com­pany that made your lap­top, PC, or moth­er­board—think HP, Dell, Gi­ga­byte, et cetera. Be­cause of that, patches for in­di­vid­ual sys­tems will likely take longer than In­tel and AMD’S stated time­lines to trickle down to home users. Most pre­built com­put­ers and lap­tops have a sticker with model de­tails some­where on their ex­te­rior. Find that, then search for the sup­port page for your PC or moth­er­board’s model num­ber.

Gib­son Re­search’s easy-to-use In­spec­tre scan­ning tool ( go.pc­world.com/1nsp) can let you know if you’ve in­stalled all the nec­es­sary OS and CPU patches on your sys­tem.

UP­DATE YOUR BROWSER

You also need to pro­tect against Spec­tre, which tricks software into ac­cess­ing your pro­tected ker­nel mem­ory. In­tel, AMD, and ARM chips are vul­ner­a­ble to Spec­tre to some de­gree. Software ap­pli­ca­tions need to be up­dated to pro­tect against Spec­tre. The ma­jor PC web browsers ( go.pc­world.com/ pcwb) have all is­sued up­dates as a first line of de­fense against ne­far­i­ous web­sites seek­ing to ex­ploit the CPU flaw with Javascript.

Mi­crosoft up­dated Edge and In­ter­net Ex­plorer along­side Win­dows 10. Fire­fox 57 also wraps in some Spec­tre safe­guards. Chrome 63 made “Site Iso­la­tion” ( go. pc­world.com/sis0) an op­tional ex­per­i­men­tal fea­ture. Ac­ti­vate it by en­ter­ing chrome:// flags/#en­able-site-per-process into your URL bar, then click­ing En­able next to “Strict site iso­la­tion.” Chrome 64 will have more

pro­tec­tions in place when it launches on Jan­uary 23.

On Jan­uary 8, Ap­ple pushed out up­dates to IOS 11 ( go.pc­world.com/i012) and macos ( go.pc­world. com/mc05) with “se­cu­rity im­prove­ments to Safari and We­bkit to mit­i­gate the ef­fects of Spec­tre.”

UP­DATE OTHER SOFTWARE

Your browser is the eas­i­est av­enue for hack­ers to at­tack the Spec­tre CPU flaw, but other software can po­ten­tially fall prey to it as well—es­pe­cially if the software sinks deep hooks into your op­er­at­ing sys­tem’s ker­nel. Case in point: The GPU dis­play driver for graph­ics cards. Nvidia re­leased new drivers con­tain­ing Spec­tre mit­i­ga­tions for Ge­force ( go.pc­world.com/gf0r), Quadro, NVS, and some Tesla hard­ware shortly after the CPU ex­ploits were re­vealed, with fixes com­ing to the re­main­ing Tesla cards and GRID GPUS later in Jan­uary. Grab the new­est Nvidia drivers here ( go.pc­world.com/driv), and grab them now if you’re an Nvidia user.

Ap­ply all newly avail­able software up­dates in the com­ing weeks, es­pe­cially if it’s some­how tied to hard­ware. If your printer, SSD, or sys­tem mon­i­tor­ing software pushes out an up­date, in­stall it.

KEEP YOUR AN­TIVIRUS AC­TIVE

Fi­nally, this or­deal un­der­lines how im­por­tant it is to keep your PC pro­tected. The Google re­searchers who dis­cov­ered the CPU flaws say that tra­di­tional an­tivirus wouldn’t be able to de­tect a Melt­down or Spec­tre at­tack. But at­tack­ers need to be able to in­ject and run ma­li­cious code on your PC to take ad­van­tage of the ex­ploits. Keep­ing se­cu­rity software in­stalled and vig­i­lant helps keep hack­ers and mal­ware off your com­puter. Plus, “your an­tivirus may de­tect mal­ware which uses the at­tacks by com­par­ing bi­na­ries after they be­come known,” Google says.

Pc­world’s guide to the best an­tivirus for Win­dows PCS ( go.pc­world.com/w1pc) can help you find the best op­tion for your setup.

Where to up­date Win­dows 10.

En­abling Site Iso­la­tion in Chrome 63.

It’s im­por­tant that you keep your an­tivirus software up to date.

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.