Just turn off windows update for a week or two and watch what happens to those who don't. Whole thing seems to be server and vm related anyways
Have a read, patch info.. http://www.guru3d.com/articles-pages/windows-vulnerability-cpu-meltdown-patch-benchmarked,1.html
I think your comment is a bit too tinfoil hat-y First off, why are you disparaging MS here? This isnt there problem and not something they were involved in creating. This is a hardware defect in the actual physical cpu. This has a workaround solution because the problem is potentially incredibly serious, and affects, well... literally everything. I would absolutely disagree that this is fear-mongering. While tabloid blogs and other news sources may exaggerate claims, reading the actual details... this is certainly a serious issue. For any random program to have unfettered access to the deep lying memory of your system that's hidden away in the kernel... should never happen and itself is a huge security risk. What is fear-mongering is blogs saying there is going to be "up to a 70% performance drop!" For normal users it seems to be quite minimal. That said, I wouldnt want to be in the server business or in a professional field that heavily relies on cpu usage.
Quite some heavyweights of computer analysis rate this as one of the two or three most serious, some even say the most serious computer issue that has ever impacted since the microcomputer revolution started. That many private people underestimate it is because they have no real idea of how deeply this mess could reach into a world that got networked and interlinked by digital infrastructure to a degree that only few people take the time to really reflect on and intellectually fully realise. Many people still live their lives and seriously think their food is coming form the nearest supermarket. What is before the supermarket in complex logistics and infrastructure, already is no more on their radar screen. If you do homebanking or log in to Amazon to place an order - you already should scratching your head and wonder whether it really is safe any more, currently. But hey, its your money and bank account at risk. So feel free to party. You will most likely never know. Except you get hit, then you know. If you do not ge thit, this does not mean you were safe. It only means that you were not hit - whether that is because you are safe or an attacker has chosen to let you off the hook to protect his own ID in a bid for fatter fish to catch, you will never know. There is a nice book by Nassim Nicholas Taleb that I would recommend to all computer (and investor and economy) people: "The Black Swan. The impact of the highly improbable." -LINK-
But if you are so paranoid, you can take multiple countermeasures if you wish: - use a password manager (and change your incredibly strong master password regularly) - use 2FA (two factor authentication) whenever you can (especially on your valueable accounts like banking, steam/origin/uplay, google/apple account, webshops and so on) - use strong passwords (at least 16-20 character long with random lower and upper case letters, numbers and even special characters - again, I think the best option is using a password manager so you don't even have to remember your actual passwords) - never use the same password on multiple accounts (using different usernames is even better) - change your password on your important accounts regularly - follow the news about account leaks and change your credentials on your possibly compromised profiles (your service provider will notify you eventually in most cases) If you get hacked after all this, then you've probably done something terrible in the past and the CIA/FBI wants you.
And, if you go really deep, you need to be sure that the authenticator app is also 100% secure. So, in fact, if someone wants to hack you, he will succeed. It's a bit like in real life in fact
I said countermeasures, not solutions. But attacks against "regular" people are usually more trivial than you would think (like sending fake E-mails in the name of big companies - that is exactly how the hackers got the celebrity iCloud accounts three years ago before the private photo leak).
Why making it complicated with password managers, which themseleves can become attack targets (if you cannot pick the lock or cannot kick in t he door, then bribe the guardian: same problem now exists with "security suites" and AV). Simply do not auto-log-in and have no passwords stored on HD. Much simplier, much more effective. Password managers should be banned. They make joke of the idea of a password. And never use banking apps from a smartphone. NEVER. Smartphones are primary attack targets these days. If you manage your stock brokering or bank account with all your existential money stock via your smartphone, then I really have no more advise left. Money stuff and privately compromising, sensitive data have no room, absolutely no room on a smartphone. And use a prepaid smartphone account , if you can. Not many available at least in Germany, but they are still there. Telephone companies are bitches. Telling you from three bad experinces in the past 20 years. They do not get my banking account data anymore.
Not sure what you mean by "complicated", if you are afraid of using the autofill features, you can still copy your password with a single click which is still faster (and safer) than typing it and all of your passwords are completely random strings. And password managers encrypt your data, so even if someone would get it somehow, he would need to decrypt the whole structure which would take a massive amount of time, giving you more than enough time to react. Saying that simply typing your password every time is safer is just not true.
Finally, someone with the same opinion as me. Past year, someone was doing a focus group on that. I was one of the only one to not use due to security issues. Anonymous prepaid, @Skybird? It's forbidden in Belgium since a year of 2, you had to authenticate in order to continue... And I'm not a big fan of password managers, and I'm also against biometric things. Because, once it's hacked, it's done. You only have 1 biometric information.
But they still add an extra security layer, I mean if you just simply use a password without additional security, the attacker only needs to get your password and decrypt it and he is done. And unless your username is "IUseAPasswordManagerByTheWay", it takes extra effort to get your data (find out which password manager you use, find an exploit, write a software which successfully uses that exploit and so on...). Password managers are not 100% safe, but they are surely safer than not using them.
I would never use it on it's own as security feature, especially in case of sensitive data. But it's probably ok as an extra verification step.
Just saying, but the point of these exploits is to be able to access your memory. Therefore it's irrelevant whether you use a password manager or type it in, it can be stolen anyway.