Page 3 - 1802
P. 3
Phil’s Ramblings
Some (cautious) good news on the security Spectre Variant 2 vulnerability were not
front! So far, I’ve not heard of any malware ready for Prime Time and are now being
exploits attributable to the Meltdown and walked back.
Spectre security flaws detected in many com- On an entirely different front, let’s talk a bit
puter processors, and first reported on late about Chromebooks. Not about Meltdown /
last year. Spectre, since most Chromebooks are im-
Now for the bad news…. mune to these vulnerabilities because they
Intel has issued a BIOS update for its proces-
sors to OEM computer manufacturers. They
are supposed to tweak the Intel update for
their hardware and issue the modified BIOS
update to their customers.
As of this writing, that second step has al-
ready happened for at least Dell and HP cus-
tomers. Unfortunately, there were bugs in
one section of the Intel update, that are caus-
ing problems for computer owners who have
installed the new BIOS they received from use unaffected processors or run unaffect-
their OEM. The OEMs are telling their cus- ed Linux kernels, but about the long-talked-
tomers who have not already installed this about rollout of Android apps to Chrome-
update to wait for an updated version and are books.
reissuing the original BIOS (pre-update) so As background, while Chromebooks have
that those with affected computers can roll become quite popular in school settings
back the Meltdown / Spectre update. because of cost and ease of IT administra-
Meanwhile, Microsoft has issued an out-of- tion, there are only a limited number of
band Windows update designed to modify Chromebook apps available in the Chrome
their earlier update for the Spectre Variant 2 Store. Wouldn’t it be great if many of those
bug. (I was not clear about this in my second million + apps in the Google Play store
Google Groups email; this update is not relat- would run on Chromebooks? Those em-
ed to the BIOS updates just issued by OEMs; bracing Android for their phones and tab-
it is instead designed to modify the mitigation lets would then have a trifecta; their com-
update that Microsoft released to Windows puter (Chromebook) would offer many of
rd
customers on January 3 .) their favorite mobile apps.
If you read about the original announcement This strategy was first announced by
of the underlying Meltdown / Spectre proces- Google in May 2016, with the expectation
sor vulnerabilities in late 2017, you may re- that new Chromebooks would be ready for
member that there was (1) amazement that Android apps at release and that many (but
researchers had been able to keep these vul- not all) existing Chromebooks would be
nerabilities secret for a very long time while able to run Android apps by the end of
they worked on countermeasures, and (2) 2016.
frustration that those countermeasures were And then there was silence……. lots of si-
not yet ready for release when the news final- lence, broken only by an occasional article
ly broke. It appears that the countermeas-
ures developed by Microsoft and Intel for the (Continued on page 4)
3
