Is my computer rooted?

Do I need to buy a new one? How dangerous is this new security flaw that the media are on about? Your computer is “rooted” when someone else has “root” access to the system with a permission level that gives them the rights to do anything. The super-user, or administrator, or root all refer to such access in different operating systems.

It is still early days in the public release of information about the two new security flaws that were both independently discovered by different researchers; Meltdown and Spectre.

Why are these such big news? Security patches for computers and phones are released almost every week, why the drama this time?

Way back when, in 1995, the chip designers were, as always, on a quest to make things faster.? A computer CPU (central processing unit – the “brains” inside the box) spends most of its time twiddling its thumbs waiting for slower peripherals to respond to instructions. These slower peripherals are hard drives, memory, the user, the network card and so on. Since the CPU had “spare time” on its hands the chip designers decided that the CPU could “guess” at what was likely to be the next instruction and get that process underway.? If the CPU got it wrong, no harm, no foul – just discard those instructions and do what was really required. The process is called speculative execution. (Something that could be adopted in the wider society to great effect.)

However, the design flaw just discovered shows that, the chips in our desktop PCs, laptops, phones, tablets and backend servers do not completely clean up after themselves when they realize they’ve guessed the wrong instructions. That means remnants of data they shouldn’t have been allowed to fetch remain in their temporary caches, and can be accessed later.

The trick is to line up instructions in a normal user process that cause the processor to speculatively fetch data from protected kernel memory before performing any security checks.

Because the problems were discovered by responsible researchers and the operating system suppliers were advised well ahead of public release, security patches have already been deployed and you should make sure that your software is fully up-to-date with the latest release.

What does this mean to the average PC user reading this blog?? Not a heck of a lot.? If you keep your system up-to-date with security patches and DO NOT click on dodgy links in dodgy websites, (which will allow Javascript exploits to run and take advantage of this issue) the chance that you will have your secret data stolen is pretty slim.

Because these flaws are built into the physical silicon of the CPU chip they cannot be fixed at the hardware level (without replacing the CPU) or even with a firmware upgrade. There have been reports that the software fixes for this hardware flaw will impact performance by up to 30%.? Yet to be confirmed in the real world and, again – not likely to be the real result for you and me.

A much bigger headache is presented to those who run the large shared systems “in the cloud”; Amazon, Google, Azure etc and those running many virtual machines on one physical machine. Potentially, the flaw could allow me to run some rented computer process on a shared system and steal data from a company that was also running on that same physical CPU.? How I would find out which particular Google/Amazon/Azure CPU?ACME Inc was renting processing time on so that I could also rent processing time on that same CPU in order to steal the?ACME Inc private details, is not particularly clear but, I guess that, the hackers will keep trolling around looking for anything that might be useful.

In the meantime, the conspiracy theorists are having a ball:

One – This was not a flaw, it was designed into the system so that the NSA could steal all our data. Now that someone has “discovered” it they are scrambling to cover it up.

Two – This is a Deep State plot to force everybody in the world to buy new hardware which will have NSA backdoors built in so that they can steal all our data.

There is heaps more technical detail on the Internet if you are interested. Hopefully, this will help to reassure those who may be alarmed by the MSM hype.