Microsoft has announced its future plans on Spectre and Meltdown patches, and they’re pretty extensive. Spectre and Metdown have made life tough towards the end of 2017 and at the beginning of 2018 because people have been worried about what could happen with your system if it isn’t properly updated. Not properly updating your system makes you vulnerable, and that means that updating software like anti-virus and while Intel itself has created patches, they don’t make them super-easy to gain access to because they issue them to CPU manufacturers. Microsoft itself has set a pattern up by releasing patches via Windows Update – making them more easily-accessible. Microsoft has announced that beyond distrubting Intel’s own patches for Surface devices, they will provide an archive for both Microsoft’s own patches and Intel’s.
Their archive is a bit limited so far – covering only the Skylake H-, S-, U-, and Y-series processors. The microcode to help with the exploit is part of the patch in the fall creatores update, and it’s a standalone update – so it won’t be in a later update’s rollout. Windows Update will probably be used as a way to install patches, an they do normally make it optional via a checkbox if you want to receive patches from them for other hardware on their PCs. This move allows the company to offer up help to users, but not force it on them even if it is generally wiser to update things as thoroughly as possible at one time. Fortunately, Meltdown and Spectre attacks haven’t been prevalent – but the security leak does open the door for people to have their systems exploited.
Microsoft also announced that they will be partnering with creators of anti-virus software to ensure that their software is compatible with Windows updates. This will help ensure that the majority of Windows devices have compatible and well-protected AV software installed on them. They want to ensure that risk is managed well for users, and want to ensure that issues are kept to a minimal by require that AV compaitiblity checks are made before delivering newer Windows security updates. They do recommend that users check with the maker of their preferred anti-virus software to ensure proper compatibility and completely updated installs of the software itself.
As a company, Microsoft’s plan to work with their partners to help prevent future issues with Spectre and Meltdown is a good sign. Everyone, from companies to users, is fairly lucky that there haven’t been widespread hacks off of the exploits – but at least OEMs and Microsoft itself are taking positive steps to ensure that problems are resolved before they occur. It’s rare that being proactive can actually work well in the world of technology, as it’s usually a reactive game. An issue is discovered and then solutions are worked out to at least try and resolve them – or minimize the damage caused by them. When it comes to security flaws, companies want to make sure they can issue fixes as soon as possible while also needing to make sure that these fixes don’t cause more problems than they solve.
Doing so can do more harm than good for companies, who can easily gain a reputation for rushing to put out fires quickly instead of taking more time and doing things correctly. There is no perfect answer to the problem because security exploits can come from anything, and as more personal devices become connected devices, the doors are opened up to more potential issues. Things like smart speakers can make life easier by giving you an always-on personal assistant, but provide yet another device using your internet service – and if there’s a weakness with the product due to outdated firmware, you leave yourself vulnerable. Beyond just that, you won’t get all of the potential features out of your device since many get new features after their initial release and the core hardware you buy in a store is effectively a rough draft while the final product is never quite done until all firmware updates for a given device have been exhausted.
Firmware updates as a general rule do need to be made a bit easier for users to do. Many devices require a manual update, but users expect everything to be automated – which can be risky. An early update may be rendered useless by an unknown issue and then a user could wind up with harmful firmware and only get in the midset of updating things every 3-6 months. A lot can change in that time, so being sporadic with updates puts them in danger. Many opt to go with driver updating software that should in theory update software to its most recent version – but those rarely work perfectly and open the door to missing a single update or by doing all updates at once creating compatibility issues.
Microsoft’s approach to things when it comes to Spectre and Meltdown is a nice in-between because they’re making patches easier to find for users, and that will in turn result in more people getting proper updates. Hopefully, this plan works out and keeps people and companies safer. Without proper updates, device will always be vulnerable to attacks and have a security weakness. The real fix to this is for users to make sure everything is updated – but that’s unrealistic. Some only use computers for basic tasks and don’t feel like they need updates, resulting in their systems being hacked or simply being more vulnerable than they need to be. By making updates easier for users, Microsoft can help ensure that security problems are kept to a minimum and more people get a longer lifespan out of their devices.