1

How to handle Spectre-1, Spectre-2 and Meltdown for now, in 01/2018? It can almost never be wrong to do the following

  • Stay up to date with your browser and OS e.g. Linux kernel update
  • Update anti-virus software if installed
  • Be careful

But is there some precise patch or update or something in Windows 10 or Linux (like Ubuntu 16.04 or newer) to fix those security problems as far as possible for now? Something with the BIOS, ...?

PS: Since this a current problem, in my opionion, current solutions are changing.

Kutsubato
  • 45
  • 5

2 Answers2

2

The current (late January 2018) status of Spectre and Meltdown mitigation is as follows:

  • Linux, Windows, and MacOSX all have patches that nearly completely eliminate the impact of Meltdown. This comes at a performance cost that varies with workload: a computation-heavy workload such as scientific computing likely won't see a measurable slowdown, while an IO-heavy workload such as a high-performance database server might see as much as a 30% slowdown. The average home user will see a slowdown of 5% or less.
  • Linux is working on kernel and compiler changes that will make Spectre much harder to exploit, at some cost to performance. This is still very much under development; you're unlikely to see it in a production system.
  • Intel has released microcode patches that reduce the impact of Spectre on some recent CPUs, at some cost to performance. However, the current patches also increase the frequency of spontaneous reboots, so it's not recommended that you install them unless you're a high-value target.
  • AMD has also released microcode patches that reduce the impact of Spectre, but unlike the Intel patches, these don't appear to have any stability issues.
  • An antivirus won't provide much, if any, protection. Antiviruses can only protect you against things somebody else has already seen, and it's very difficult to spot a Meltdown or Spectre attack in action.
Mark
  • 34,390
  • 9
  • 85
  • 134
0

There is no mitigation for Spectre and Meltdown vulnerability on Ubuntu 16.04 , you can check the security notice : USN-3531-2: Intel Microcode regression posted on 22nd January, 2018

Details

USN-3531-1 updated Intel microcode to the 20180108 release. Regressions were discovered in the microcode updates which could cause system instability on certain hardware platforms. At the request of Intel, we have reverted to the previous packaged microcode version, the 20170707 release.

The update will be posted on : Information leak via speculative execution side channel attacks

A detailed article is posted on Hacker news website including the Intel security notice :Intel Warns Users Not to Install Its 'Faulty' Meltdown and Spectre Patches

We recommend that OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.

Community
  • 1
GAD3R
  • 2,211
  • 3
  • 15
  • 38
  • 1
    The microcode is a partial mitigation to Spectre. It has no impact on Meltdown; that's mitigated at the kernel level. – Mark Jan 27 '18 at 21:19