ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
Meltdown And Spectre Attacks
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Reply with quote
There are 2 new attacks that can be used by malware, called Spectre and Meltdown. You can read about this on Bleeping Computer. I am unable to post much information about it here.

I don't know how this will affect ClamWin. Since ClamWin isn't real-time and doesn't mess with the Windows kernel, any fix probably will not be a problem for us.

Regards,
View user's profileSend private message
temmokan


Joined: 09 Jan 2018
Posts: 0
Reply with quote
There's another problem related to antivirus/antimalware software. Unless they set a registry value, as stated in

https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software

Windows won't receive Meltdown update as well as subsequent security updates.

AFAIK, ClamWin doesn't set that flag.
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Reply with quote
Yes, ClamWin is a simple AV and doesn't need to do much OS configuration to work. Some other AVs didn't have that problem either. Most of them have set that registry value by now.

I think no one knew about Meltdown/Spectre until some security researchers brought it up. Isn't it amazing how the security industry is becoming a research and development function for the malware industry?

Thanks for using ClamWin!

Regards,
View user's profileSend private message
Berniek


Joined: 10 Jan 2018
Posts: 0
Reply with quote
So, is it safe to manually set that registry key or not?
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Reply with quote
AT the moment, I'm not sure. I have asked for input from the ClamWin developers but have not heard from them. My personal opinion is that we need it. I am running Windows Defender with ClamWin/Clam Sentinel and have not received any Microsoft updates from Patch Tuesday. I always manually update them on Patch Tuesday but am unable to get any now--and I do this every month.

Bleeping computer had a link to a script yesterday that will enable the updates. I'm going to wait for another day or two to hear from the ClamWin developers. We probably do not really have to worry about Meltdonw/Spectre (you need to put a specially created file on the computer to activate them), but we do need Patch Tuesday updates.

I'll keep you posted.

Regards,
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Reply with quote
I just noticed that my Windows Patch Tuesday updates were made automatically on January 9th (Patch Tuesday) instead of me having to update them manually like I usually do. So I think ClamWin users do not need any additional registry key to receive Patch Tuesday security updates. If you are using another AV also (you should also be using a real-time AV of course), you may need the new registry keys, but I think the AVs will take care of this themselves if they have not already done so.

I tried to install the registry key referenced by Bleeping Computer, but I received a message that the key already exists on my computer.

All is well!

Regards,
View user's profileSend private message
GuitarBob


Joined: 09 Jul 2006
Posts: 9
Location: USA
Reply with quote
It appears that the registry key is only needed for AVs that are registered with the Windows Security Center. There appears to be some slowdown due to messing with the Windows kernel. The slowdown is supposed to be negligible on Windows s10 may be worse on Windows 8 and lower OS computers.

Regards,
View user's profileSend private message
Meltdown And Spectre Attacks
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Reply to topic