1.    1 Week Ago #1
    Join Date : Jul 2015
    Pacific Northwest, USA
    Posts : 398
    Win10 x64 Pro -2 desktops, 1 laptop

    Do we know the actual risk of Meltdown and Spectre?


    There has been a lot discussion about Meltdown and Spectre on this forum and others, but I'm still confused. And I have 2 computers, and possibly 3, that are old enough that no BIOS remedy will be forthcoming so I'm going to be vulnerable to Spectre for the foreseeable future. But how vulnerable is that? I realize that no AV product is going to have AV signatures of malware exploiting Spectre until such programs are discovered and reported, and I've heard that there is no obvious identifying characteristic of programs exploiting the vulnerabilities.

    On the other hand, common web hygiene will be just as good at preventing infection by Meltdown and Spectre exploiters as it is for any other malware, won't it? Somewhere I read that the most likely route for exploitation is via browsers. Is there any truth to that? Some common browsers (such as Firefox) have already released fixes.

    Bottom line: how dangerous is it to run computers that will not have BIOS fixes?
      My ComputerSystem Spec
  2.    1 Week Ago #2
    Join Date : Jul 2015
    Posts : 940
    Windows 10 Home x64

    It's probably dangerous. These vulnerabilities cannot be 100% fixed unless software+firmware updates are in effect. So far, no bios update for my gigabyte motherboard, so I am mitigating the issue at best.
      My ComputerSystem Spec
  3.    1 Week Ago #3
    Join Date : Jun 2015
    UK
    Posts : 2,256
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)

    Quote Originally Posted by eLPuSHeR View Post
    It's probably dangerous. These vulnerabilities cannot be 100% fixed unless software+firmware updates are in effect. So far, no bios update for my gigabyte motherboard, so I am mitigating the issue at best.
    I support two home built PCs from 2004 having Gigabyte motherboards and there is no sign of a BIOS update yet. I don't really want to ditch two perfectly good PCs. I wonder how long the intelligence agencies have been aware of the Spectre and Meltdown vulnerabilities and have been exploiting them?
      My ComputersSystem Spec
  4.    1 Week Ago #4
    Join Date : Sep 2017
    Posts : 8
    windows 10 home edition

    alfred e neuman - "what - me worry ?"


    I'm not devoting energy to concern over the *latest* "crisis". As I have noted in other postings here, i was recently forced into windows 10 because my ancient XP machine cratered and was not worth fixing. Worked diligently to tame win 10 (shut down ALL updating. Period. And trimmed down all the bloat that I could.)

    Have been around computers for some time...learned programming when IBM punch cards were the tools of the day.

    Have not used virus protection software since 2000 or so (have my own methods for avoiding crud)

    As computing/technology has progressed, I have become increasingly cautious of the tech/socio-political environment. Just look at all the authorized snooping that has evolved in the name of "keeping us safe".

    Sad....and my career was as one of the "good guys"

    Anywho....make your own mind up and do what you think is best. One of my buddies that I worked with latched on to a security patch (for the current crisis) for his win 10 pro machine and the patch gummed up his set-up. Took him a significant amount of time to undo it.
      My ComputerSystem Spec
  5.    1 Week Ago #5
    Join Date : Oct 2017
    Posts : 188
    Win10

    Meltdown can be fully mitigated at the OS-layer if separate kernel/userspace page tables are used, which looks like the route the major OSes are moving. So this shouldn't be a concern as long as you have an updated OS.

    Spectre is the hard one. Assuming no hardware/microcode or OS fixes, individual apps would have to block the exploits.

    Recall that these speculative execution attacks require attacker code to be running on your system. This could be in an infected executable, in which case Spectre is the least of your problems.

    Or, more likely, the attack code uses some embedded scripting language like Javascript. The script compilation/execution engine in each app would have to implement the mitigations. For Javascript you can be sure that Firefox/Edge/Chrome will be updated. But for proprietary engines like Flash or VBA, or for software that uses an old version of a scripting library and won't update it, you may be out of luck. In those cases you may get some OS-level mitigations that can partially block Spectre. Aside from that you'll have to relay on anti-malware detection.

    That said, you don't need to throw out your computers and go live in the woods. There are thousands of exploits found every year (~17000 CVE entries in 2017) that don't use Spectre. As long as you use standard browsing precautions, you are not really at any significantly greater risk than before.
      My ComputerSystem Spec
  6.    5 Days Ago #6
    Join Date : Jun 2015
    Posts : 41
    Windows 10 Pro 64bit

    Quote Originally Posted by dinosaur View Post
    I'm not devoting energy to concern over the *latest* "crisis"...

    As computing/technology has progressed, I have become increasingly cautious of the tech/socio-political environment. Just look at all the authorized snooping that has evolved in the name of "keeping us safe".

    Sad....and my career was as one of the "good guys"

    Anywho....make your own mind up and do what you think is best...
    And with AI on an un-stoppable ride, who knows what they'll come up with next?!
    Don't think they'll use it to find solutions that would require no money spending.
    To keep us worried and to corner us even more maybe...
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Protect your Windows devices against Spectre and Meltdown
Source: https://support.microsoft.com/en-us/help/4073757/protect-your-devices-against-spectre-meltdown See also: Windows Client Guidance against speculative execution vulnerabilities - Windows 10 Forums Understanding performance impact of...
Windows 10 News
Meltdown, spectre and old motherboard and CPU.
I am running FCU Win 10 Pro on a MSI P35 Neo F v1 motherboard with Core 2 Duo E8400 CPU. I have ran the MS controlsettings script which informs me I am protected from Spectre by Windows Update but not Meltdown without a BIOS/Microcode update. As...
Drivers and Hardware
PowerShell script to Check if Your PC Is Protected Meltdown /Spectre
https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/ Curious if anyone has run this particular script having followed the directions in the article. I am modestly comfortable running PowerShell but...
AntiVirus, Firewalls and System Security
Understanding performance impact of Spectre and Meltdown mitigations
Source: Understanding the performance impact of Spectre and Meltdown mitigations on Windows Systems Microsoft Secure
Windows 10 News
Meltdown and Spectre: what you need to know
Source: Meltdown and Spectre: what you need to know - Malwarebytes Labs | Malwarebytes Labs See also: Windows Client Guidance against speculative execution vulnerabilities - Windows 10 Forums
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 20:24.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums