Task Of Fixing Of Chip Flaw Being Undertaken Cautiously By Businesses


01/07/2018



Some business fear that the chances of slowdown or crashing of some computer systems by the fixes to combat a major microchip security flaw could prove costlier than the original problem and hence many are refraining from adopting the fixes.
 
There has been a scramble among businesses, governments and consumers to obtain the degree of threat to their computers from security problems with chips from Intel Corp and some other chip makers, and the cost to fix those flaws, after the flaws were revealed by researchers earlier this week.
 
However, machines of some businesses and organizations are being left vulnerable as they are attempting to test the fixes instead of quickly using security patches to secure their computers which is a costly and time-intensive exercise for large systems.
 
“If you start applying patches across your whole fleet without doing proper testing, you could cause systems to crash, essentially putting all of your employees out of work,” said Ben Johnson, co-founder of cyber-security startup Obsidian.
 
Greg Temm, chief information risk officer with the Financial Services Financial Services Information Sharing and Analysis Center said that much of the week was spent in understanding the vulnerabilities by banks and other financial institutions.
 
Temm said that because of the fact that there have been no known instances of hackers trying to exploit the chip vulnerabilities, therefore these flaws are not being considered to be ‘critical’ even though the flaws potentially impact almost all computers and mobile devices.
 
“It’s like getting a diagnosis of high blood pressure, but not having a cardiac arrest,” Temm said. “We’re taking it seriously, but it’s not something that is killing us.”
 
Temm said that whether operations are being slowed down by the patches is being tested by banks as well as the alterations that are required. He added that to compensate for the slowdown in speed of processors could be done through adding computers to networks, for example.
 
Researcher Johnson said that a “blue screen of death” could be shown and freezing of desktop and laptop computers can happen because the software updates are not compatible with some popular antivirus software programs.
 
He said that in order to make their antivirus systems compatible with the updated operating systems many antivirus software makers reciprocate through issuing fixes for their products. Only those Windows users whose antivirus software manufacturers are compatible with Microsoft so that the new security patch would not crash the customer’s machine, would be issued by Microsoft, the company announced on Friday in a blog posting.
 
“If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor,” Microsoft advised in the blog post.
 
“Intel continues to believe that the performance impact of these updates is highly workload-dependent and, for the average computer user, should not be significant and will be mitigated over time,” the world’s No. 1 chipmaker said on Thursday in a release.
 
(Source:www.reuters.com)