Is your computer at risk from the Meltdown or Spectre vulnerabilities at the heart of Intel and AMD processors for the past two decades? Probably. The bigger question is, what should you do next?
While Intel and AMD work with Apple, Microsoft, and various Linux distributions to roll out patches, there’s a significant potential for a performance hit on your PC. This is especially the case if you’re running an older operating system.
You might, therefore, be tempted to buy a new computer. But what devices are currently available that don’t have these vulnerabilities?
The Problem and the Solution
Meltdown and Spectre are both hardware-level bugs that leave the majority of PC and mobile CPUs vulnerable to attack. Basically, a weakness in how (and the order in which) a CPU processes data can be exploited by a remote attacker.
As a result, data from your current browser session (or elsewhere on your computer) can potentially be accessed. The exploit can even be used against virtualised environments, another weakness for VM security.
— Moritz Lipp (@mlqxyz) January 4, 2018
Meltdown currently only affects Intel CPUs while Spectre affects Intel, AMD, and ARM processors. Check our guide to Meltdown and Spectre for further details.
Fortunately, it seems that no malicious attacker has yet found a way to exploit these vulnerabilities. Even so, it is vital that you install any security updates from your vendor. Hackers know that not everyone will install updates: there will be an effort to exploit the fault. Importantly, these weaknesses were found independently by two teams, and if two sets of good guys found them, there’s a likelihood the bad guys did as well.
Therefore, it is vital that you check for updates regularly over the coming weeks and months. If no patch is forthcoming, seriously consider buying a new phone, tablet, PC, or laptop.
So Many Devices Are Affected
It’s amazing to think that so many devices are affected. Twenty years ago, Apple users could have looked on with glee as Intel-based PC owners were hit by this vulnerability. In the intervening years, of course, Apple has eschewed their traditional PPC processors and switched to Intel. This is why it is so simple to run Windows on a MacBook, for example.
These days, the vast majority of desktop and laptop computers run on 32-bit or 64-bit processors, courtesy of Intel or AMD. Meanwhile, mobile devices overwhelmingly use ARM CPUs (although some employ Intel processors).
You can, therefore, be reasonably confident that your Windows PC or laptop is affected (here’s how to check). Macs are hit by Meltdown. Even Chromebooks are affected. These are hardware bugs — the operating system is not the problem, but how your computer’s CPU is designed.
What’s important is that the developers of all major operating systems are issuing patches to deal with the threat.
Hardware Without Meltdown or Spectre Vulnerabilities
One of the most common phrases used in reporting these vulnerabilities paraphrases “any CPU released in the last 20 years is affected” — but that isn’t strictly true. Indeed, some of the most popular hardware currently on the market is immune to Meltdown and Spectre.
But if you have older devices, there is a strong chance you’re affected.
Thanks to a list at forum.level1techs.com, we know that the following hardware does not have the weakness that makes these exploits possible. (We’ve cut the list slightly to focus on devices and hardware that you may be aware of.)
Older CPUs Unaffected by Spectre and Meltdown
In general, older CPUs that may still be in use can be found in older PCs, workstations, and Apple G3 and G4 systems:
- StrongARM: Typically used in PDAs and PocketPCs in the 1990s and early 2000s.
- SuperSPARC: Found in servers and high end workstations throughout the 1990s.
- Transmeta Crusoe and Efficeon chips: Usually used in portable devices in the early 2000s, especially laptops.
- “Classic” X86: Any PC with an Intel processor produced in the 1980s, up until and including the Pentium 1 era during the 1990s. This includes WinChip, VIA C3, 386, 486, and their clones.
- PPC 750 and PPC 7400: Used in the Mac G3 and G4 computers.
Current CPUs Unaffected by Spectre and Meltdown
Overall, ARM processors are not affected by the vulnerabilities of Intel and AMD CPUs:
- ARM Cortex-A7 MPCore: Found in the Raspberry Pi 2.
- ARM Cortex-A53 MPCore: Found in the Raspberry Pi 3. Also appears in many Android phones, such as those with a Qualcomm Snapdragon 625 or 650 SoC (System on a Chip).
- Intel Atom: Many laptops and tablets ship with Intel Atom CPUs. Those in the Diamondville, Silverthorne, Pine Trail, and Pineview series are unaffected by Spectre and Meltdown exploits. Many more should be. You’ll need to check Google for details due to the sheer number of Atom variants.
- VIA C7: These CPUs can be found in low-end Windows XP and Vista products.
- Intel Itanium: Typically found running servers in the 2000s.
- RISC-V: The open-source processor architecture is popular with internet of Things hardware manufacturers, and is set to appear on Nvidia’s GeForce graphics cards. Western Digital have also announced an intention to use RISC-V processors in their hardware.
The Future: What About New PCs?
As the Meltdown and Spectre stories unfolded, many computer owners spent time looking for replacement devices. After all, when it was first announced, only Intel was affected. It could have been a boom time for AMD…
…except, of course, CPUs from both manufacturers were affected. Worse still, at the time of writing, Microsoft has pulled a Windows patch for AMD systems. Meanwhile, there are reports of unscheduled reboots for users after installing the patch. At this early stage, the fixes feel rushed, rolled out with inadequate testing.
So what is the answer?
Well, it’s simple: wait for the 2018 batch of computers, all wielding brand new CPUs, immune to Meltdown and Spectre. While it’s entirely possible to use an older, unaffected PC, or use a Raspberry Pi 3 as a desktop computer (it might feel like a step backwards, though).
Should You Swap or Patch?
Ever waited for Windows Update to do its thing? It’s a bit of a pain, isn’t it? Sadly, this time around, there is little you can do. Windows 10 will force updates, while macOS and popular Linux distributions like Ubuntu will do everything they can to ensure you apply the patch.
In short, you should patch, even if you have an unaffected Android tablet you think will run as an adequate PC replacement. Not patching runs the risk of the exploit being used on your system, against you. Somehow, it doesn’t seem worth it, even with a potential 30% decrease in performance.
New PCs, smartphones, and tablets will be along in 2018 and beyond. Meltdown and Spectre need not affect you computing or mobile experience forever.
How do you feel about this vulnerability? Should it have been kept under wraps, or are you pleased that the manufacturers and operating system developers are acting quickly to mitigate the risks?
Image Credit: CLIPAREA/Depositphotos