A huge new vulnerability, with a pair of scary names and a great logo, was big news in January, and I've been asked about it by several of you. Meltdown and Spectre affect pretty much every computer, phone, and tablet. The simplest way to explain the problem is that your computer or device has been designed to anticipate what you want to do, and pre-load relevant information into memory, in order to work faster. The information loaded into memory might be a password or other sensitive information. The vulnerability would allow someone to capture that information in the memory of your computer and use it to steal your credentials.

As this is the way the systems were designed to work, but just uncovered as a weak point, there is not much we can do but wait for the updates that will be released to solve the problem. There is not even any evidence that anybody has used the vulnerability to actually steal any information! So, even though we have a scary name and a couple of great looking logos to go with it, my advice is to just continue with business as usual.

As the original design was meant to make systems work faster, the updates that fix the problem might slow down older computer by up to 30%.  From my perspective, if you are using an older system and find it to be unbearably slow after an update, it's probably time to buy a newer system - and that might be the most common takeaway from Meltdown and Spectre!

Updates vs Upgrades 

All of us are constantly bombarded with messages to update this and upgrade that. And, of course, the fix for the Meltdown and Spectre problem will come in the form of updates. I see a lot of confusion about these updates and upgrades, particularly about when they are necessary and what they actually are for. Here's a table that should clear some of this up.

	Update	Upgrade
What is it?	A patch meant to fix problems or mitigate security issues	A new version, with new features, generally with a new version number and sometimes even  a new name for the software
Does it cost anything?	Updates should be free, although some software, like antivirus programs, require you to have an active subscription in order to get updates Commercial software manufacturers generally stop releasing free updates and patches once your version is no longer supported. If you find that your software is no longer being updated, it might be time for an upgrade	Mac OS Upgrades, and Windows 10 Upgrades, are free. Prior to Windows 10, Microsoft charged to upgrade from one operating system to the next Upgrades for free programs, like iTunes or Adobe Reader, are free  Upgrades to commercial programs like Office, Quicken, and QuickBooks, must be bought
How often should I expect it?	Security patches and updates are released every day. It seems like Java and Adobe update almost constantly! Microsoft issues the bulk of their patches on "Patch Tuesday" once a month, but more updates are issued in emergencies Apple releases updates as needed. If you don't have automatic updates turned on, you should check the App store for updates regularly	Apple releases a new version of MacOS every year, generally in the fall. Microsoft seems to be upgrading Windows 10 with new features twice a year You can expect most commercial software to release newer versions annually. Some, like QuickBooks, require you to upgrade every few years if you are using internet enabled options. Others, like commercial antivirus software and tax software, require a new version every year
Do I need to do it?	You should almost always install updates and patches. However, be cautious - there are malicious programs out there that try to trick you by mimicking legitimate updates. If you are unsure that an update is legitimate, feel free to give me a call and ask my opinion! Also, some free updates will try to install "partner programs". Always read the screen and uncheck options you don't want!	You should upgrade your Mac OS if you can, although I always suggest waiting a month or so after a new version is released Windows 10 will automatically update and upgrade You can generally safely use older versions of commercial programs until the manufacturer stops issuing security patches for the program, or forces you to buy a new version