Are Any Computers Not Affected by the Meltdown and Spectre Bugs?
Whatsapp Pinterest
Advertisement

Is your computer at risk from the Meltdown or Spectre vulnerabilities at the heart of Intel and AMD processors for the past two decades? Probably How to Protect Windows From Meltdown and Spectre Security Threats How to Protect Windows From Meltdown and Spectre Security Threats Meltdown and Spectre are major security threats that affect billions of devices. Find out whether your Windows computer is affected and what you can do. Read More . The bigger question is, what should you do next?

While Intel and AMD work with Apple, Microsoft, and various Linux distributions to roll out patches, there’s a significant potential for a performance hit on your PC. This is especially the case if you’re running an older operating system.

You might, therefore, be tempted to buy a new computer. But what devices are currently available that don’t have these vulnerabilities?

The Problem and the Solution

Meltdown and Spectre are both hardware-level bugs that leave the majority of PC and mobile CPUs vulnerable to attack. Basically, a weakness in how (and the order in which) a CPU processes data can be exploited by a remote attacker.

As a result, data from your current browser session (or elsewhere on your computer) can potentially be accessed. The exploit can even be used against virtualised environments, another weakness for VM security.

Meltdown currently only affects Intel CPUs while Spectre affects Intel, AMD, and ARM processors. Check our guide to Meltdown and Spectre Meltdown and Spectre Leave Every CPU Vulnerable to Attack Meltdown and Spectre Leave Every CPU Vulnerable to Attack A huge security flaw with Intel CPUs has been uncovered. Meltdown and Spectre are two new vulnerabilities that affect the CPU. You ARE affected. What can you do about it? Read More for further details.

Fortunately, it seems that no malicious attacker has yet found a way to exploit these vulnerabilities. Even so, it is vital that you install any security updates from your vendor. Hackers know that not everyone will install updates: there will be an effort to exploit the fault. Importantly, these weaknesses were found independently by two teams, and if two sets of good guys found them, there’s a likelihood the bad guys did as well.

Therefore, it is vital that you check for updates regularly over the coming weeks and months. If no patch is forthcoming, seriously consider buying a new phone, tablet, PC, or laptop.

So Many Devices Are Affected

It’s amazing to think that so many devices are affected. Twenty years ago, Apple users could have looked on with glee as Intel-based PC owners were hit by this vulnerability. In the intervening years, of course, Apple has eschewed their traditional PPC processors and switched to Intel. This is why it is so simple to run Windows on a MacBook, for example.

computers unaffected by meltdown and spectre
Image Credit: Jeremy A.A. Knight/Flickr

These days, the vast majority of desktop and laptop computers run on 32-bit or 64-bit processors, courtesy of Intel or AMD. Meanwhile, mobile devices overwhelmingly use ARM CPUs (although some employ Intel processors).

You can, therefore, be reasonably confident that your Windows PC or laptop is affected (here’s how to check How to Protect Windows From Meltdown and Spectre Security Threats How to Protect Windows From Meltdown and Spectre Security Threats Meltdown and Spectre are major security threats that affect billions of devices. Find out whether your Windows computer is affected and what you can do. Read More ). Macs are hit by Meltdown. Even Chromebooks are affected Is Your Chromebook Protected Against Meltdown? Is Your Chromebook Protected Against Meltdown? Google has published a list of all known Chrome OS devices, detailing which are currently vulnerable to Meltdown, and which require patching. Read More . These are hardware bugs — the operating system is not the problem, but how your computer’s CPU is designed.

What’s important is that the developers of all major operating systems are issuing patches to deal with the threat.

Hardware Without Meltdown or Spectre Vulnerabilities

One of the most common phrases used in reporting these vulnerabilities paraphrases “any CPU released in the last 20 years is affected” — but that isn’t strictly true. Indeed, some of the most popular hardware currently on the market is immune to Meltdown and Spectre.

But if you have older devices, there is a strong chance you’re affected.

Thanks to a list at forum.level1techs.com, we know that the following hardware does not have the weakness that makes these exploits possible. (We’ve cut the list slightly to focus on devices and hardware that you may be aware of.)

Older CPUs Unaffected by Spectre and Meltdown

In general, older CPUs that may still be in use can be found in older PCs, workstations, and Apple G3 and G4 systems:

  • StrongARM: Typically used in PDAs and PocketPCs in the 1990s and early 2000s.
  • SuperSPARC: Found in servers and high end workstations throughout the 1990s.
  • Transmeta Crusoe and Efficeon chips: Usually used in portable devices in the early 2000s, especially laptops.
  • “Classic” X86: Any PC with an Intel processor produced in the 1980s, up until and including the Pentium 1 era during the 1990s. This includes WinChip, VIA C3, 386, 486, and their clones.
  • PPC 750 and PPC 7400: Used in the Mac G3 and G4 computers.

Current CPUs Unaffected by Spectre and Meltdown

Overall, ARM processors are not affected by the vulnerabilities of Intel and AMD CPUs:

  • ARM Cortex-A7 MPCore: Found in the Raspberry Pi 2 5 Things Only a Raspberry Pi 2 Can Do 5 Things Only a Raspberry Pi 2 Can Do The latest edition of the pint-sized computer is awesome. So awesome, in fact, that there's 5 things you can only do on a Raspberry Pi 2. Read More .
  • ARM Cortex-A53 MPCore: Found in the Raspberry Pi 3 How to Upgrade to a Raspberry Pi 3 How to Upgrade to a Raspberry Pi 3 Upgrading from an older Pi to the new Pi 3 is almost as simple as swapping out the microSD card. Almost - but not quite. Here's what you'll need to do first. Read More . Also appears in many Android phones, such as those with a Qualcomm Snapdragon 625 or 650 SoC (System on a Chip).
  • Intel Atom: Many laptops and tablets ship with Intel Atom CPUs. Those in the Diamondville, Silverthorne, Pine Trail, and Pineview series are unaffected by Spectre and Meltdown exploits. Many more should be. You’ll need to check Google for details due to the sheer number of Atom variants.
  • VIA C7: These CPUs can be found in low-end Windows XP and Vista products.
  • Intel Itanium: Typically found running servers in the 2000s.
  • RISC-V: The open-source processor architecture is popular with internet of Things hardware manufacturers, and is set to appear on Nvidia’s GeForce graphics cards. Western Digital have also announced an intention to use RISC-V processors in their hardware.

The Future: What About New PCs?

As the Meltdown and Spectre stories unfolded, many computer owners spent time looking for replacement devices. After all, when it was first announced, only Intel was affected. It could have been a boom time for AMD…

…except, of course, CPUs from both manufacturers were affected. Worse still, at the time of writing, Microsoft has pulled a Windows patch for AMD systems. Meanwhile, there are reports of unscheduled reboots for users after installing the patch. At this early stage, the fixes feel rushed, rolled out with inadequate testing.

So what is the answer?

Well, it’s simple: wait for the 2018 batch of computers, all wielding brand new CPUs, immune to Meltdown and Spectre. While it’s entirely possible to use an older, unaffected PC, or use a Raspberry Pi 3 as a desktop computer Use Your Raspberry Pi Like a Desktop PC Use Your Raspberry Pi Like a Desktop PC There are so many amazing things that you can do with a Raspberry Pi, from running your own space program to building a media centre. Although ostensibly intended as a compact computer that can be... Read More (it might feel like a step backwards, though).

Should You Swap or Patch?

Ever waited for Windows Update This Is Why We Hate Windows Update This Is Why We Hate Windows Update The way Windows Update currently forces Windows 10 upgrades and updates on you is bad. Gavin examines what makes all of us hate Windows Update and what you can do against it. Read More to do its thing? It’s a bit of a pain, isn’t it? Sadly, this time around, there is little you can do. Windows 10 will force updates, while macOS and popular Linux distributions like Ubuntu will do everything they can to ensure you apply the patch.

In short, you should patch, even if you have an unaffected Android tablet you think will run as an adequate PC replacement. Not patching runs the risk of the exploit being used on your system, against you. Somehow, it doesn’t seem worth it, even with a potential 30% decrease in performance.

New PCs, smartphones, and tablets will be along in 2018 and beyond. Meltdown and Spectre need not affect you computing or mobile experience forever.

How do you feel about this vulnerability? Should it have been kept under wraps, or are you pleased that the manufacturers and operating system developers are acting quickly to mitigate the risks?

Image Credit: CLIPAREA/Depositphotos

Explore more about: Computer Security, Hardware Tips, Malware.

Enjoyed this article? Stay informed by joining our newsletter!

Enter your Email

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. David Martchouk
    January 17, 2018 at 6:39 pm

    Before I go on my rant, I think you should have a list of upcoming CPUs that will not be affected, because "new" devices these days can sometimes have old CPUs, especially the cheaper models that will come out in 2018.

    Somehow it does seem worth it, because 30% performance decrease is horrible, like Intel is robbing us, forcing us to upgrade, these 2 spectre meltdown vulnerabilities seem more like scareware > Be so scared you pay for new devices.

    Even if the obsolescence is not planned, seems very fishy, as if Microsoft, intel, AMD, are taking these vulnerabilities as opportunities to scare people.

    Also, is it not true that Meltdown or Spectre requires the computer to be already hacked in order for the hacker to take advantage of the CPU? So if your devices are already secure, no point in patching them to have ~30% decrease! Chances of devices being hacked + CPU being hacked are way rarer than only device being hacked.

    I think people should be disappointed in these patches, they should be optional, not forced down the throat of Windows updates. 30% decrease in performance is like having a virus on its own. From experience, when someone calls me and tells me their computer is suddenly much slower, I usually think their computer is infected with a virus, so ya, thanks for infecting us with a 30% CPU reduction virus Microsoft, and firmware patch companies.....

    • Andrew
      January 18, 2018 at 9:59 am

      If you have a Intel CPU then you need the patch. Most consumers will see very little, if any, performance decrease from it*. Once you have the patch from your OS and a firmware patch from the relevant people then you are good to go. You do not need to upgrade your computer because of Spectre or Meltdown.

      You do not have to have hacked a computer to exploit Meltdown or Spectre on it, you just have to be able to run code on the machine (I have heard that you can exploit Meltdown via javascript). Meltdown allows access to protected kernel memory which theoretically lets a attacker take control of the machine at the lowest level possible outside of hacking the actual hardware (the IME exploit was worse as it allows an attacker to gain control of the entire system at a hardware level).

      The Spectre variants other then Meltdown allow a program to get another program to read and leak arbitrary memory contents of the program. I see this leading more to information theft (like cc numbers, names, addresses, etc) then to taking control of a machine.

      * Basically the slow down comes when you do a system call as this is where the Meltdown exploit comes into play and the patch adds extra checks when context swtiching. Even before the Meltdown exploit came around, software developers were reducing the amount of system calls to the bare minimum as it has a fairly hefty performance hit.

      • David Martchouk
        January 18, 2018 at 4:01 pm

        I read in one of the makeuseof articles that servers would have a more dramatic performance hit, so okay consumers perhaps would not notice, but IT server guys could be pulling their hair right about now, especially when the performance bottlenecks affect business and budget is low.

        • Andrew
          January 18, 2018 at 7:57 pm

          Yes, Intel-based servers (virtual machine servers in particular) are the ones who are going to be hit with the greatest performance impact but they are also the ones who vendors are going to go out of their way to help out. A single server sold often brings in more profits then 100 regular consumer PCs and servers generally come with extensive expensive support contracts attached (there is a reason why IBM was one of the biggest companies in the world at one point).
          I would bet that anyone who bought into AMD's Epyc instead of Intel's Xeon is dancing a happy jig as Epyc isn't affected by Meltdown and can safely have the patch disabled.

  2. minny
    January 17, 2018 at 4:49 pm

    heck of a way to force more users on to W10 !!