I hope someone can clarify this. According to this thread: https://techreport.com/forums/viewtopic.php?f=2&t=120528
Microcode updates are available for Linux for Spectre, but only as far back as Ivy Bridge-EP (not consumer grade Ivy Bridge.) There’s also talk of flashing BIOS modded with the Spectre updates for those of us left behind by Intel and our motherboard OEM.
So I have an Asus Ivy Bridge Z77 motherboard with (apparently) no hope of a BIOS update from Asus. If I load Linux, am I then protected against Spectre? If this is possible with Linux, then why can’t Microsoft distribute microcode updates via Windows update?
I am not sure if this will answer your questions but I have heard that Windows and most Linux distributions do have or is working on a workaround for Meltdown and Spectre. As I understand the problem with Meltdown is hardware related meaning to fix the problem a complete redesign of the CPU to completely fix the problem. Spectre is a lot easier fix by software. I have included two video’s which I think to explain what is going on very nicely.
Wow, Steve Gibson and Leo Leporte. Haven’t heard from either of them in…a really long time.
Anyway, InSpectre says I’m protected against Meltdown but not Spectre, as I expected. Am I going to have to buy a motherboard made in the last 30 seconds to get protection?
I don’t know what to tell you as Steve Gibson said in one of the video’s I posted Spectre and Meltdown are vulnerabilities that have no easy fixes, but we will have to deal with them for a long time. I can tell you how I am going to handle this problem. I am slowly replacing all of my Intell systems with current AMD systems were ever I can, replacing my rooter with what I call my Muti rooter system, which is an idea based on an idea Steve Gibson had in one of his show in 2016, lock down my computer systems as far as I can without making them unuseful, and getting rid of anything that uses WIFI off my network.
I thought maybe it would be better to explain what I mean by a Multi rooter system and how I am going to adapt Steve Gibson’s idea of three dumb rooters.
The plan is pretty much the same as discussed in the above video, except instead of using dumb old rooters, I am going to implement three or more physical Pfsense firewalls. The number of physical devices I need will depend on how I decide to divide my network. I know this is going to be a very expensive solution, but this is the only way in my opinion to secure your network. I don’t agree with Father Robert Ballecer’s statement in the above Video. While I agree that under his plan a person’s network would be more secure than it was before implementing his plan, the main fact that the equipment he is proposing to use doesn’t have the ability to upgrade the underlining software providing your protection when new exploits are found is an unacceptable security risk. In other words, If you are going to go through the hassle of configuring your network this way do it right.
Fortunately my Kaby Lake Dell gaming laptop has OS and BIOS updates available, so it’s now fully patched. To my surprise, HP also says there’s an inbound BIOS update for my Sandy Bridge laptop. +1 HP.
But it appears both my desktops (one a Dell, the other white box) will have no protection at all. Maybe it’s time to become 100% mobile…
Sure you could go that route, Just remember there is a limit to how far patches will protect you. At least that is my understanding of how serious Meltdown and Spectre vulnerabilities are.
I do believe you’re right. From what I’ve heard (I’ve only watched the first hour or so of the video), Spectre will require apps to be re-written as well. Firefox and other browsers have already implemented some patches (reducing the precision of Javascript timers and some other mitigations). I also just got a massive Fedora update (>500 MB) which I think indicates some re-written apps.
Other than doing what I have decided to implement there isn’t a whole lot more you can do to protect yourself except hope no one will try a man in the middle attack against your network. I suppose you could lock down your web browser don’t use java scrips or Flash API on your system, create stronger passwords and have different passwords for each account, disable cookies and disable the auto fill forms function for all your web browsers. I have included a link for a posting on this forum that has some very good idea’s for implementing stronger security. Best practise