Why Some Security Products Are Affected by Meltdown Spectre Patches and Others Aren’t

When deploying software on endpoints, enterprises need to understand the risks a product might pose to the stability of the system.

Specifically, how likely is the product to break when the OS is updated, and how likely is the product to crash the OS when a problem occurs? This issue gained attention recently due to concerns related to Microsoft’s Meltdown/Spectre mitigation patches conflicting with some antivirus and endpoint security software.

You may have heard reports that some endpoint security solutions are incompatible with various OS security updates that were released lately. Why is that?

Many endpoint security products function by utilizing low level and sometimes undocumented capabilities of the core OS. The challenge of integrating with the OS lies in the fact that Microsoft can change its kernel implementation at any time. When that happens, the security products that depend on the modified functionality might crash or otherwise introduce instability to the system. Microsoft’s Meltdown/Spectre patches change the OS in this manner and therefore may break the security products that relied on the updated code.

When architecting Minerva’s Anti-Evasion Platform, we purposefully designed our product to be resilient in the face of potential changes to the OS, including kernel-level updates. Our solution is not dependent on a particular Windows version or patch level. For instance, if Minerva’s software is running on Windows 8.1, the system can even be upgraded to Windows 10 without any compatibility or functionality concerns.

As a result, Minerva’s architecture allows its customers to safely apply Meltdown/Spectre mitigation patches without concerns of any interferences with the OS patch, or that the patch will affect Minerva’s software. Moreover, since Minerva is not an antivirus product, Microsoft does not expect our software to set the compatibility registry key. Consequently, Minerva’s presence on the endpoint does not prevent Microsoft security updates.

Moreover, Minerva’s architecture allows our customers to enjoy the following benefits:

• No software prerequisites on Windows OS, including support for legacy OS versions
• No hardware prerequisites, including support for legacy systems
• No reboots required for installation or upgrades

Minerva Labs’ Anti-Ransomware Platform is designed to not only improve endpoint security, but also fit into customers’ operational workflow for managing endpoints in the real world. This means avoiding conflicts with the OS or other software, supporting easy deployments, and not interfering with end-users’ business tasks.