Tuesday, 9 January 2018

Security flaws "Meltdown and Spectre" - what should you do?!?

Let's make no bones about it - we take security very, very seriously here at Start Software.  Our customers running our asbestos software Alpha Tracker rely on our systems to run their businesses.  We normally recommend that any security patches made available to the Windows operating system or web server software are immediately applied.

  

However... the recent "processor level" security vulnerabilities called  "Meltdown" and "Spectre" (see https://meltdownattack.com/) are - so far - not proven to have been exploited by hackers and the fixes immediately made available by Intel are slowing servers (in particular) down by as much as 20%.

So what should we all do?  Apply the fixes and slow our systems down or wait until more efficient patches are made available?

It's not an easy call and it all depends, I suppose, on your approach to risk.  There is a chance, a tiny chance, that a hacker could exploit the flaw and expose data on your server.  However, it is certain that applying the security will slow your system down. 

If you wait a week or two, the automatic PC and server updates will patch your systems anyway so there is no need to react immediately and apply one of the emergency updates from Intel or Microsoft unless you are particularly concerned.

Do contact our support desk for advice if want to discuss further.

No comments:

Post a Comment