Keeping Up With the Meltdown and Spectre Bugs

Q. Is it safe to install the Windows patch for these new Spectre and Meltdown bugs? Do they affect Linux? (And who names these security flaws, anyway?)

A. Meltdown and Spectre, the two recently announced security flaws that can expose personal data to hackers, could potentially affect Linux systems, along with computers and devices running Windows, Mac and other operating-system software. These new bugs are actually in the computer’s hardware — specifically, in the central processing unit.

Check Microsoft’s support site for the absolute latest news, but the company previously warned that its updates for Windows 7 and Windows 10 can conflict with certain antivirus programs; users should contact those software makers about updates. Early reports that the Windows patches were causing severe problems on computers with AMD processors prompted Microsoft to temporarily halt updates to many of those systems for a few days. The software fixes are expected to make the computer run more slowly, but Microsoft has noted that newer processors running Windows 10 should feel the least impact.

The Meltdown vulnerability exists in laptops, desktops and cloud-based computers running most types of Intel processors made since 1995. The Spectre flaw can affect those same systems as well, but also smartphones, tablets and other gadgets running on processors made by other companies, including AMD and ARM.

To find out details for your particular system, Graz University of Technology’s “Meltdown and Spectre” site at https://meltdownattack.com has an extensive collection of links to information about patches from most major hardware and software makers, including several Linux companies. Intel also has a page on its site with links and information about updates.

As for the origin of the names assigned to these bugs, the “Meltdown and Spectre” site has an explanation. Meltdown gets is name because it “basically melts security boundaries which are normally enforced by the hardware.” Spectre’s moniker is “based on the root cause, speculative execution,” and as the researchers note, “As it is not easy to fix, it will haunt us for quite some time.”