Firms wary of fix to flaws

New York: Chances that a fix to a major microchip security flaw may slow down or crash some computer systems are leading some businesses to hold off installing software patches, fearing the cure may be worse than the original problem.

Researchers this week revealed security problems with chips from Intel Corp and many of its rivals, sending businesses, governments and consumers scrambling to understand the extent of the threat and the cost of fixes.

Rather than rushing to put on patches, a costly and time-intensive endeavour for major systems, some businesses are testing the fix, leaving their machines vulnerable.

"If you start applying patches across your whole fleet without doing proper testing, you could cause systems to crash, essentially putting all of your employees out of work," said Ben Johnson, co-founder of cyber-security startup Obsidian.

Banks and other financial institutions spent much of the week studying the vulnerabilities, said Greg Temm, chief information risk officer with the Financial Services Financial Services Information Sharing and Analysis Centre, an industry group that shares data on emerging cyber threats.

The flaws affect virtually all computers and mobile devices, but are not considered "critical" because there is no evidence that hackers have figured out how to exploit them, said Temm, whose group works with many of the world's largest banks. "It's like getting a diagnosis of high blood pressure, but not having a cardiac arrest," Temm said. "We're taking it seriously, but it's not something that is killing us."

Banks are testing the patches to see if they slow operations and, if so, what changes need to be made, Temm said. For instance, computers could be added to networks to make up for the lack of processor speed in individual machines, he added.

Some antivirus software programmes are incompatible with the software updates, causing desktop and laptop computers to freeze up. Reuters