Forgot your password?

Back to login

Tech companies scramble to fix Spectre, Meltdown problems
January 28, 2018, 4:35 pm

Major tech companies, including Intel, Microsoft, Apple, Google and others are scrambling to find solutions, after a large number of computer users reported performance problems linked to security updates for the recently revealed Spectre and Meltdown vulnerabilities found on nearly all computer chips.

A firestorm of criticism has erupted over the response to the chip flaws, which researchers at Google's Project Zero discovered in 2016. Months passed before the problems were disclosed to the public. Further, the security patches released in recent days have been blamed for performance problems, including slowdowns in many systems. The fixes reportedly also rendered a smaller number of systems unbootable.

Last week, Intel CEO Brian Krzanich sent an open letter to the technology industry, pledging the company would make frequent updates and be more transparent about the process, and that it would report security issues to the public in a prompt manner.

In an update on the impact of patches on performance, Intel said its latest eighth-generation Coffee Lake chip platforms would see less than a 6 percent performance decrease; seventh-generation Kaby Lake platforms would experience a 7 percent reduction, and the impact on the sixth-generation Skylake platforms would be slightly higher at 8 percent. However, users running Web applications with complex Javascript operations might see a 10 percent reduction in performance of their systems. Meanwhile, users of Windows 8 or Windows 7 systems using Haswell or older CPUs would see a discernable decrease in system performance after patching the flaw.

Researchers at Google’s Project Zero had discovered and reported in 2016 the serious security flaws in modern computer processing units executing a technique designed to optimize chip performance. Google said the company had updated its G Suite and Google Cloud platforms to protect against known attacks, though it conceded that a variant of Spectre needed to further monitored.

While Intel has faced the brunt of public anger over the flaws and subsequent patches offered, it needs to be said that computers using chips from other vendors will also likely be affected by the same vulnerabilities. Tech experts say the flaw could technically allow a non-privileged user to access passwords or secret keys on a computer or a multi-tenant cloud server. Like most organizations, chip manufacturers long have prioritized speed over security and that has now led to sensitive data being placed at risk of unauthorized access via Meltdown and Spectre.

 The Meltdown and Spectre vulnerabilities require adjustment to critical, low-level interfaces in affected operating systems," said Mark Nunnikhoven, vice president of cloud security at Trend Micro. "Given the scale of the issue, the patches by Microsoft, Apple, Google and others have been very successful," he said. Still, there have been problems in some cases, including reports of computers slowing down or in some cases not booting.


Share your views

"It is hard to fail, but it is worse never to have tried to succeed."

"Envy comes from wanting something that isn't yours. But grief comes from losing something you've already had."

Photo Gallery