Aardvark Daily

Please visit the sponsor!

The race to secure your computer

There's an extremely important race going on right now.

It's a race to secure almost every single computer on the planet against hacking attacks that allow evil little sods and state-funded actors to rape your system of valuable data such as passwords and other sensitive information.

This race has come about due to the discovery of several critical vulnerabilities in most of the common CPUs manufactured over the past decade or so.

Black-hats are doubtlessly toiling away day and night to perfect exploits that will leverage these vulnerabilities to gain access to almost any computer they want -- while researchers are valiantly (but not successfully) trying to come up with ways to mitigate these vulnerabilities in a way that won't cripple those computers.

It really is a battle of good versus evil.

Unfortunately, it's still not clear who's going to win.

Why am I skeptical?

Well it seems that in the rush to get these patches out, manufacturers have encountered quite a few instances where they either impose a huge performance hit or the target system simply stops working.

Tech site arstechnica is reporting that the patches have created problems with drivers and microcode execution resulting in unstable operation. To this end, Intel has recommended that people stop installing the microcode updates it has released for some processor families.

For its part, Microsoft's patches have caused issue with anti-virus software and a number of industrial systems have had issues as a result of the patch for the Meltdown bug.

Microsoft's patch for AMD systems was withdrawn after it rendered some computers unable to boot.

Meanwhile, researchers have demonstrated "proof of concept" exploits that can be launched via Javascript -- something that might make it possible for any website to start plucking passwords, cookies and other confidential bits of critical data from your system if you are unfortunate enough to land on one of their pages.

There are no reports of actual attacks using these new CPU vulnerabilities but we all know that it's now just a matter of time.

I shudder to think of the implications if the blackhats are able to develop widespread exploits before Intel and the other CPU manufacturers have solid, robust, effective patches in place.

While all this is going on, I hark back to my own strategy for boosting security...

I believe that everyone should have a machine they set aside for websurfing. This machine should never be used for anything critical such as online banking. The purpose of this computer is simply to allow you to visit websites without fear of being hacked, hit by ransomware or otherwise attacked. You do not use this machine to store important data or visit important trusted websites.

If the worst happens, this machine can be wiped and reinstalled without breaking a sweat or losing a thing.

All that important and sensitive stuff is done on another machine which is kept fully patched and is only used for off-line tasks and for visiting the very few "trusted" websites that require security. Online banking and other activities can be performed on this machine and it is connected to the Net on an "as needed" basis. What's more, you run ad-blocking software, do not install Flash and never visit unknown and untrusted sites on this hardware.

Okay, my strategy isn't 100% guaranteed to protect you from being hit but it can significantly reduce your exposure and the amount of damage that a hit could create.

With old PCs costing virtually nothing and running very well on Linux, that "surfing" machine won't cost you much and you can even get a cheap burner phone if mobile is your chosen Net-access tool.

And, before you say "but I just run a VM", have you read this? Even virtual machines are no guarantee of safety.

Right now I'm wondering exactly how most people and businesses will cope if the black-hats get a powerful exploit out and it becomes widely distributed before the CPU and OS makers have time to properly address the vulnerability.

The big problem many small online enterprises will face is not on their own systems but on that used by their web-hosting companies. The Spectre and Meltdown bugs effectively remove the walls between websites on shared servers, potentially allowing anyone with the right code to gain access to some key data on those sites.

Could this effectively bring the Net to its knees, at least for the purposes of commerce and personal banking?

Who's worried and what are you doing to try and manage the very real risk?

Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column

Rank This Aardvark Page

Change Font