Meltdown!

Maybe you’ve heard this dire-sounding term about computers.  Early in 2018, information was released about computer problems called Meltdown and Spectre.  More recently, a similar problem called Total Meltdown has a lot of people scared.

This isn’t the usual software problem that allows a hacker to do something they shouldn’t, and gets fixed with one of the usual software updates.  This is a problem in the basic design of the hardware, in the CPU (Central Processing Unit) chips that process data.

You may know that the CPU executes computer instructions one at a time.  The CPU is very fast, it can execute millions of instructions in a single second.  But when the CPU needs data from somewhere else it slows down or stops to wait for that data to be fetched.  Back around 1990 computer designers thought of a way to make things better.  If the CPU could “look ahead” it might predict that it will need external data soon, then request that data early so it arrives at the time it is needed.  This technique doesn’t always work, sometimes the path of the program takes a turn, and the prediction isn’t valid.  This means that when the CPU predicts well, the data it needs is ready and the CPU keeps running at full speed.  But if it guesses wrong, the CPU slows down.  Many of the predictions are good, so overall this provides improved speed for the computer.

Another way to think about this is a production line assembling cars.  As assembly starts for a car, the optional components are made ready.  So as a car gets to the seat assembly area, the specific color seats are right there for the worker to install.  You wouldn’t want to stop the assembly line to go find the special ordered seats.

This predictive function was included with large computers in the early 90s, and the technology soon made its way into smaller computers including PCs.

So what’s the problem?  Here’s where it gets a little tricky.  If you know how the CPU makes predictions, and you can measure how much time the CPU takes to do things, you can make good assumptions about the contents of the computer memory. Most computer operating systems (such as Windows) make sure that each of your programs runs in a separate memory space.  This prevents one program from accidentally (or intentionally) harming or interfering with another program.  But now a malevolent program might peek at memory belonging to another, and it might find your password or bank account number.  Oops.

Remember that the actual problem is in the design of the hardware.  There have been attempts to fix or work around the issue with software updates.  Some updates have caused additional problems, actually making things worse.  As of now, Windows 10 updates are fine.  Updates for Windows 7 are still questionable, we recommend not installing most of them.

There’s some good news.  At the time of this writing, there are no known exploits (or viruses) taking advantage of this technique.  And your computer can’t be attacked from outside – you have to do something to allow a malicious program to run on a computer inside your network.  This means that generally speaking, as long as you are are careful what you click on or open, you should be fine.  If you’re not sure about something, better not to let it run.  And it’s OK to ask for help if you are not sure what to do.

The real fix … is to replace every computer.  But “fixed” computers aren’t available yet, so don’t buy anything yet.  Some existing computers may be repairable, but the repair processes are still being developed, and they need extensive testing to make sure they work properly and don’t create additional problems.  Right now we’re hoping that the software workarounds become more effective, and that improved computers will be available in a few months.

Confused?  Concerned?  We understand, and are available to help.