Tips On How To Protect Your Devices From Meltdown And Spectre Processor Security Flaws
Security researchers this week dropped a bombshell on pretty much everyone who owns a computer, saying there are inherent flaws in modern processors that could allow an attacker to access sensitive information, including passwords and other contents stored in what's supposed to be protected memory. At first it was reported that only Intel processors were affected, but later analysis has revealed that AMD and ARM chips are flawed as well. It's a stinky situation, right?
Well, yes, it certainly is. But it doesn't have to be dire. To quickly rehash, the flaws have been dubbed Meltdown and Spectre. It was the former that was talked about most at the beginning, and for the time being, it seems limited to Intel chips, albeit every Intel processor made since 1995 (specifically, those that implement out-of-order execution). Spectre is a serious security flaw as well, and it affects all modern processors, including ones from Intel, AMD, and ARM.
There are patches being doled out to mitigate the risk, the impact of which is still being assessed. Early reports said they could cause anywhere from a 5 percent to 30 percent performance hit, though Intel refutes this, saying the fallout is highly workload dependent that most users will see little to no impact. That claim will be fact checked over time.
For now, the bigger question, how can you protect yourself? Let's get into that.
As is good security practice, keep your browsers (and all software) updated and patched. Keep manually checking for updates too, because this is an ongoing process. In the meantime, you can be a bit more proactive in Chrome. The current version of Chrome has an experimental feature called Site Isolation. This makes every website use its own instance of Chrome, thereby making it more difficult for a malicious site to access data from other ones.
You can enable this in Windows, Linux, Mac, Chrome OS, and Android by opening up Chrome and typing chrome://flags/#enable-site-per-process into the URL field, then hit Enter. After doing that, find Strict Site Isolation and hit Enable to save the change. Finally, press Relaunch Now or exit and reload Chrome.
That will help get you by for now, though on January 23, Google is rolling out Chrome version 64 with additional mitigations against these newly disclosed security risks. We suspect that Site Isolation will be enabled by default in the update, but either way, be sure to grab it.
There are no similar tweaks to be made to other browsers, such as Firefox and Edge. However, Microsoft and Mozilla have been busy pushing out updates. If you're running one of those browsers, be sure to persistently check for updates, especially since they often load in the background but do not take effect until you manually restart your browser.
Windows and Macs
Microsoft and Apple have both released emergency patches to deal with the new threats. For Windows, the security update is is KB4056892. You can check to see if you already have it by going to Settings > Update & Security and clicking on View installed update history (see above).
While you are in the Update & Security window, it is also a good idea to click on Check for updates to make sure you have the latest patches. Assuming you have Windows configured to fetch updates on its own, you should be getting updates regularly. However, we recommend manually checking as an added precaution.
On Macs, Apple says it rolled out a bunch of fixes already, in macOS High Sierra 10.13.2 last month. To see which version of macOS you are running, hit the Apple menu button and select About this Mac. If you are not running the latest build, go to the App Store and click the Update tab.
Chrome OS / Chromebooks
Chromebooks pretty much live on the cloud, so it seems that being proactive here would be especially important. However, Google is keeping Chromebook OS (and by extension, Chromebooks) updated automatically. In fact, the Chrome browser on Chrome OS includes the aforementioned mitigations (as of Chrome OS version 63), including Site Isolation. Furthermore, Google is confident that Chromebooks on ARM are not affected by all this.
Nevertheless, we recommend using the previously outlined Chrome browser flag. Also keep an eye out for the latest updates to make sure you are as protected as possible at the moment. That said, some older Chromebooks are not slated to receive the proper update to protect against Meltdown. You can find a list here.
Other DevicesIf you are using an Android device, there was a security update rolled out on January 5, which includes mitigations to protect your gadget. These will receive updates automatically, though you can always check manually. Google phones have the advantage of being the first to receive updates, while third-party devices may take a little longer to be patched, due to Q&A testing by the manufacturing and wireless carrier.
For iOS devices, make sure you are running the latest build, iOS version 11.2. This was released on December 2 and includes a bunch of protections. Also be advised that more security updates are incoming, so keep checking.
The same goes for wearables and set-top boxes—there isn't anything you can do manually, other than keeping your device up to date.