Spectre and Meltdown

You may have heard of Spectre and Meltdown, two security vulnerabilities that exist in virtually every CPU ever made by the chip giants Intel, AMD, and ARM. Either vulnerability can expose your system to “arbitrary code execution,” the geeky way to say, “A hacker could take complete control of your computer” and run any malware he wants on it. Read on to find out more, and if your computer is vulnerable to these attacks…

The Specter of a Meltdown?

Hacker in a hood on dark blue digital background

The Spectre flaw enables one compromised program, such as a web browser, to compromise another program running on the same machine, such as Microsoft Word. If a hacker can penetrate your browser via the Internet, he can leapfrog from there across every program running on the system.

The Meltdown flaw allows hackers to gain access to a portion of a computer’s memory that should be off-limits to all software except the operating system. And Meltdown doesn’t care if you run Windows, Linux, or Mac OS X. Any of those systems may be vulnerable.

As Meltdown’s name suggests, truly bad things can happen when a rogue program gains access to that portions of memory that should only be accessible by the operating system.. You may have seen the dreaded Blue Screen Of Death (BSOD) where Windows displays the cryptic “fatal memory fault at address…” Boom! Crash! But what’s the point of crashing some stranger’s computer? “Some people’s children” just do it for the “lols,” that is, for laughs. Global superpowers may do it in the name of “national security,” their intelligence agencies spending unlimited money to develop nuclear-grade malware… which, as we now know, “spook shops” like the NSA have allowed to escape into the hands of the “children.”

Worse, Meltdown enables an attacker to access all memory, including areas where your personal information is stored while you are working with it. There lies the profit motive that drives the most widespread attacks. The mercenary “adults” can use Meltdown to make millions.

The titans of tech including chip makers, Microsoft, Apple, and the Linux community, have scrambled to issue hardware and software patches for Spectre and Meltdown. All hands on deck, as they say!

But there is still lingering uncertainty about whether the patches work, or if they do more harm than good.

Ah, fun with words. The software flaw known as “Spectre” is a homophone for “specter.” The former refers to a ghost, phantom, or apparition, and the latter is defined as “a source of terror or dread.” Both can be scary, but only one of them is likely to attack your computer.

As of January 23, Wired! magazine reported that firmware patches issued hastily by Intel, AMD, and ARM to close Meltdown vulnerabilities in their chips “can inadvertently cause serious problems beyond processing slowdowns, including random restarts, and even the blue screen of death.”https://www.wired.com/story/meltdown-spectre-patching-total-train-wreck/ Microsoft went so far as to release a patch that disabled the Intel patch.

On January 22, father-of-Linux Linux Torvalds said, in one of his more diplomatic comments, “the patches are COMPLETE AND UTTER GARBAGE.” Speaking of Intel’s patch crisis managers, he asked rhetorically, “Has anybody talked to them and told them they are f***ing insane?” At least he used an asterisk. (I added two more.)

Since then, there has been thunderous silence from the tech press corps. Does that mean the coast is clear? Is it safe to install firmware updates to your CPU and BIOS, as Intel, AMD, and ARM urge you to do? And how is that done, exactly?

We Need a Gadget Inspector

Before tinkering with the most delicate parts of your system’s delicate “brain,” I recommend that you run the InSpectre (“inspector,” get it?) utility developed by Steve Gibson of Gibson Research Corp. InSpectre “was designed to clarify every system’s current situation so that appropriate measures can be taken to update the system’s hardware and software for maximum security and performance,” according to no less an authority than itself. (Sorry, I couldn’t let that one pass by!)

InSpectre is freeware, less than 200 KB of code, and perfectly safe to run. It will analyze your Windows PC no matter who made its CPU and BIOS, detecting and reporting its vulnerabilities, if any, to Spectre or Meltdown. InSpectre reports its findings in clear, simple terms that even non-geeks can readily understand. (I don’t know of a similar utility for Linux or Mac OS X systems.)

Best of all, its user interface includes two big buttons allowing you to Enable or Disable protection for Meltdown and/or Spectre. If either is greyed out, your system lacks that type of protection. Gibson goes into detail on why you might want to disable either of the protection options, to avoid the performance penalty they may impose. But unless you are noticing a marked decline in speed, I would not recommend doing so.

If InSpectre reports that your PC will remain vulnerable to Spectre or Meltdown until its firmware is updated, then it will be necessary to contact the maker of your PC to download a firmware patch specific to that make/model of PC. A Microsoft Support Page bears a “List of OEM /Server device manufacturers,” including links to their respective Spectre/Meltdown firmware and BIOS update help pages. https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

The only annoying things about InSpectre are the goofy sound effects, and the display of the results. Looking at InSpectre report is a bit clunky, because the window cannot be resized, and the small font can be hard to read. Position your pointer anywhere within InSpectre’s text window, press Ctrl-A to “select all,” then Ctrl-C to copy the selection, and then Ctrl-V to paste the report into a word processor or text editor. Then you can make the text as big as you like, save the report, or print it.

The best protection against Spectre on the operating system side, as opposed to firmware and BIOS, is Microsoft Windows 10, Fall Creator’s Update, version 1709. Automatic updates are on by default in Windows 10, so you should have v 1709 unless you have deliberately delayed its installation. If you have, go to Windows Update Settings and allow v 1709 to be installed.

Windows 7 users should have auto-updates enabled, too. Run Windows Update and let it install all critical and important updates to protect your system as much as possible via Windows.

It is shocking to learn that nearly everything digital, from desktop PCs to phones and tablets to Internet of Things things, contains a chip that is vulnerable to Spectre or Meltdown. But bear in mind that the world is still not on fire; these vulnerabilities can and are being fixed, if they are not already fixed in your device(s). For now my best advice is “Keep calm and carry on,” auto-updating all of your software.

Have a great week.

Zi Staff

Discord Resources For Virtual World Users (Second Life and Sansar Links)

Discord Resources For Virtual World Users (Second Life, Sansar, Sinespace)

So I’ve been using Discord for quite some time for online communication – gaming etc.  I’ve found it much more reliable than Teamspeak and 100% more reliable than Skype, without being a tremendous resource hog on my PC.  It allows users to connect via text and voice channels, I’ve been on the lookout for SL content and user based servers – so I’ll add and update this list as I find more!  There are sub servers for photography, mesh creation, bloggers, vloggers, event organizers etc…get connected!

I’m loving New World Notes’ new Discord server, which has already become one of my go-to places for post ideas and fun random chat.

Here’s some more Discord resources for fans of Second Life and other virtual worlds:

 

Extra Servers for VR:

If you’re a Sansar user, here’s details for connecting your account to the official Sansar discord server.

Bonus: Here’s the link for joining the official Discord to new kid on the block, VRChat.

 

Microsoft Takes on the Scammers

Starting March 1, 2018, programs that attempt to coerce users into paying for dubious protection or PC performance “optimization” will be removed automatically by Microsoft Windows Defender Antivirus and other Microsoft security products. I can think of several rogues that will be hopefully out of business soon. Here’s what you need to know…

Bringing Down the Hammer on Scammers

Microsoft has announced they are taking aim against programs like TotalAV, ScanGuard, PC Protect, and other “free security/performance checkup” scams.. Hallelujah! These programs are legion on the Internet, and like the three named above, many are often owned by the same devious company.

They dominate the top spots in search results by paying the most to place their ads there. (I wish Google would do more to police this.) Every day, thousands of people who are trying to find free help for real PC problems instead get sucked into vortexes of FUD – “Fear, Uncertainty, and Doubt” – and jerked around in expensive circles by con artists who follow a time-tested formula:
  1. Offer a free “checkup” of a PC to find malware or causes of sluggish PC performance.
  2. Display a spinning circle or “Please wait, finding problems that could cause disaster” messages
  3. Show the victim screen after screen of alarming “warnings” about “infections” and “vulnerabilities” that actually don’t exist; the step above is just drama.
  4. Pressure the victim to pay for the “premium” version of the useless software, which does not exist.
  5. If the victim buys, tell him the problem that doesn’t exist is “fixed” but more problems remain.
  6. Pressure the victim again for even more money for a bogus “fix” to problems that don’t exist.
  7. Repeat steps 5 & 6 as long as they work.

    Optimizing The Anti-Optimizer Strategy

    Microsoft first set some mild standards for “cleaner and optimizer” programs in February, 2016. All such programs had to do was tell a user specifically what problems it proposed to fix, and the program got a pass from Microsoft security products. Look how well that “honor system” approach worked for everyone! But now, Microsoft is getting serious, and dropping the hammer on these scam programs.

    Microsoft’s evaluation criteria is a document specifying unacceptable characteristics of programs scanned by Windows Defender and other Microsoft security programs. A new section spells out “Unwanted behaviors: coercive messaging” that will cause a program that exhibits it to be removed automatically from the user’s machine.

    Even when victims say, “No, I won’t pay,” a fake cleaner/optimizer can still try to wring some money out of them by persuading or scaring them into answering a “short survey.” Ostensibly, the victim’s answers will only be used to help improve the “free” program.

    But the deeper a victim goes into such surveys, the more personal and sensitive the questions become. You can easily be suckered into giving up bits of personal data that enable identity thieves to figure out the answers to your “secret” password recovery questions, or the actual passwords that you use, or the name of your bank, and other tools of ID theft.

    Microsoft’s new “unwanted behaviors” include this sort of con, too. Programs that use such slimy tricks will be removed from PCs defended by Windows Defender beginning March 1.

    Also on the “unwanted behaviors” list are programs that suggest they are the only way to fix a problem; programs that set a deadline for the user to take action; programs that require the victim to download a file (which is probably a Trojan or virus); or sign up for a newsletter (so your email address can be sold to spammers). Such programs will be deleted automatically starting March 1.

    Have You Encountered Rogue Software?

    You can help in this fight against the scammers. If you encounter what you think may be rogue software, report the problem to Microsoft. You can anonymously submit a program to Microsoft for analysis, and security researchers will analyze the file(s) to determine if they should be classified as malware. (Hmmm, this alone might be a good reason to download TotalAV.)

    If you are running Windows 10, Windows Defender is included and enabled, unless you’ve installed a third-party security tool. I’ve been critical of Defender in the past, but it seems to have improved greatly, and has some compelling new features. (See UPDATE: Is Windows Defender Enough Security?)

    Microsoft’s announcement says that the “rogue removal” feature will be included in “Windows Defender and other Microsoft security products,” but they didn’t go into any detail about what those other products are, or if this protection will be extended beyond Windows 10. As more information becomes available, I’ll update you.

    I applaud Microsoft for taking direct action to protect Windows users from one of the most widespread threats online. I just wish they’d done it back in February, 2016, instead of setting easily circumvented, toothless rules.

    Have A Great Week!

SL Tutorial: How To Cut Land Impact & Memory Load Of Second Life Buildings By 40%+ With Modding

Is Windows Defender Enough Security?

Windows Defender Security Center (“Defender” for short) is the latest name for the built-in suite of anti-malware and security features in Windows 10. Historically, Defender and its antecedents have been mediocre offerings. So mediocre, in fact, that multiple test labs rated it dead last in effectiveness. But recently, Microsoft has focused on making Defender a comprehensive, safe, and free choice for all your security needs. Let’s see how close it has come…

Will Windows Defender Defend You?

Windows Defender started life as an anti-spyware tool for Windows XP, Vista and Windows 7. It then morphed into Microsoft Security Essentials, which was billed as a full-blown antivirus program. It morphed again with the arrival of Windows 8 and 10, and was once again called Windows Defender. There are many alternatives I have written about in the past but lets take a closer look at the “New Defender”.

So why the change from Microsoft Security Essentials To Windows Defender Security Center? Microsoft’s answer for this failure or blessing was that MSE was a “baseline” upon which third-party developers were expected to improve. So two years later, Still NO Improvements to speak of..

 

 

 

 

 

 

 

But with Defender’s latest incarnation (part of the Windows 10 Fall Creators Update released in October 2017) things may have finally changed for the better. We do not have performance tests from independent labs like AV-TEST or AV-Comparatives yet. Those labs may be working on their next round of reports right now. But AV-Comparatives published a note on the Fall Creators Update version of Defender, noting some encouraging advances.

Exploit Guard, an extra layer of protection against exploitation of vulnerabilities, used to be available only in Enterprise editions of Win 10. Now it’s in the consumer versions, too, and it is enabled by default.

Exploit Guard includes four kinds of protection. Exploit protection is applied to operating system processes and to third-party apps. Attack Surface Reduction techniques minimize hacks via malware that exploits vulnerabilities in MS Office, JavaScript and other scripting languages, and email-based malware. Network protection extends the Smart Screen real-time online protection in the MS Edge browser to your Win 10 network, even if you are not running Edge. Controlled Folder Access helps protect key system and data files from being altered by malware or encrypted by ransomware. To see the nitty-gritty of Exploit Guard, type “Windows Defender” in the search box and open Windows Defender Security Center from the results. Then click on “app and browser control.” Scroll down to the “Exploit protection settings” link and click it. Do not turn off any of the features shown unless you understand what they are and have a good reason to disable them.

Oddly, one interesting new feature of Exploit Guard is turned off by default. “Controlled folder access” protects your files and folders against unauthorized alterations, such as the addition of malicious scripts to documents, or encryption by ransomware. I recommend enabling it; here’s how:

Open Defender, click on the icon labeled “Virus and threat protection,” then click on the link labeled “Virus and threat protection settings.” Scroll down to “Controlled folder access” and move the slider control to the “on” position. While you’re there, you can click the link labeled “Protected folders” to see exactly that. You can add a folder to be protected, too. Back up one page, return to “Controlled folder access,” and you will find another link to “Allow an app through Controlled folder access,” in case you ever need to give a new app permission to access files in a controlled folder.

Similar security features are part of the paid versions of several third-party security suites. Windows 10 now throws them in free of charge. The jury is still out on exactly how well they work, but Defender (at least in Windows 10) has definitely moved a long way in the right direction. But until we can get a sense of real security with Defender, I recommend Malewarebytes  and a GOOD Anti-Virus such as Panda or a free version of Avast.

Have a Great Week!

Coming Soon To Firestorm: Customized, Kickass Skies For Your Second Life

Coming Soon To Firestorm: Customized, Kickass Skies For Your Second Life

If you use Firestorm, the popular 3rd party viewer for Second Life, and enjoy shooting outdoor photos and machinima, you should connect with Stevie Davros. He’s creating what you’re looking at above: an alternative cloud system for use in Firestorm, which he plans to put on the Marketplace in March. The words “alternative cloud” don’t quite convey how vivid, jaw-dropping, and insanely cool these customized skies are, so you should watch that video and the one below: they totally transform the low-res, default skies of Second Life into something pretty profound.

“I have been a RL travel and landscape photog rather for decades,” Davros explains, “and skies are a fundamental part of what I photograph. In SL I was delighted with all the imagination and care taken in sim design and also the creativity on show, but was disappointed in how bland the skies looked compared to real life.” Firestorm developer Cinder Roxley added a feature that made it possible to swap the system skies with custom ones — and Davros’ photos and others made his system possible: “The TGA graphics files I have used are all extensively modified from numerous cloud photographs, some from my collection, some sourced from public internet weather images.”

His skies are not just taken from reality, however:

“[I’m also working on] fantasy clouds, hand painted clouds (including one sampled from Vincent van Gough’s brushstrokes), and some novelty and prop clouds.” (He created these cartoon clouds I blogged about recently.)

Stevie Davros Custom Skies Firestorm SL

“The standard SL sky uses a TGA graphics file which is 512x512pixels and 263kb in size. Pretty low res, but it works. The largest I have created is 4096×4096 pixels and 67Mb in size, most however are 4096×4096 and 16.7Mb in size. The big files seem to have no performance impact, so I am unsure why a better default sky has not been introduced by the developers?” That’s a good question, because who cares how large the sky files are, if you download them beforehand, and they make your virtual world that much more awesome?

Emphasis on “your”, because, of course, only the user with Davros’ Firestorm feature can see these skies — which is just fine for photographic and machinima purposes.

“If you are just sitting indoors doing glam pics, like a lot of people enjoy doing, it will be of little interest,” as Davros puts it. “But for those who like to get out and about and explore SL beauty, it is for them. And yes, will make kickass machinima and photo blog imagery as this [above] shows.”

More on Davros’ skies when they’re available!