Gibson release InSpectre vulnerability and performance checker

Status
Not open for further replies.

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Gibson releases InSpectre vulnerability and performance checker

InSpectre is another free program for Windows that checks for Spectre and Meltdown patches on the system and potential performance impacts.

The application offers three core advantages over comparable solutions such as Ashampoo’s Spectre Meltdown CPU Checker: the program requires no Internet connection to make the verification checks, it reveals how much of a performance impact the patches may have on the system, and it gives admins options to disable the protections.

InSpectre
inspectre-gibson.jpg


The tiny program is available on the Gibson Research website. It has a size of 122 Kilobytes and does not need to be installed. The page makes no mention of compatibility with Windows though. It ran without issues on a Windows 10 Pro system and a Windows 7 Professional system.​

inspectre-windows-7.jpg


InSpectre checks on start whether the system is vulnerable to Meltdown or Spectre. It highlights that in the interface immediately and displays the performance impact of the patches on the same screen.

Scroll down for detailed information on each of the checks and general information on the vulnerabilities.

The program informs you whether the operating system or hardware require updating to protect the device against attacks that target Spectre or Meltdown vulnerabilities.

InSpectre returned the following information on a fully patched Windows 10 Pro system:

This 64-bit version of Windows is aware of the Meltdown but not the Spectre problem. Since Inten processors are vulnerable to both of these attacks, this system will be vulnerable to Spectre attacks until its operating system has been updated to handle and prevent this attack.

This system’s hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize the impact upon the system’s performance (Protection from the Meltdown vulnerability does not require BIOS or processor updates).

InSpectre reveals the performance impact that the patches may have on the system besides that. It does not use benchmarks for that but grades the impact based on the processor and operating system.

Microsoft revealed recently that Windows 10 systems are less impacted than Windows 8.1 and Windows 7 systems in regards to performance, and that newer processor families would see less of an impact as well.

System administrators may use InSpectre to disable the protection on devices. The intent is to resolve performance issues on older systems. The changes are done in the Windows Registry and described in KB4073119.

InSpectre modifies the Registry keys to enable or disable the protections.

Closing Words
InSpectre is a well designed software for Windows. The program is portable, requires no Internet connection, and returns the patch status of the system immediately when you run it. The program shows the potential performance impact of these patches and gives administrators options to disable the protection on systems besides that.​
 

tim one

Level 21
Verified
Honorary Member
Top Poster
Malware Hunter
Jul 31, 2014
1,086
Thanks for sharing, another good tool :)

It is quite easy to deduce that currently the main problem to solve is Spectre, here's a quick summary.

Meltdown: allows applications running in user mode to access portions of memory reserved and with high privileges (kernel mode). It is dangerous, because it is rather simple to exploit, but appropriate updates solve the problem

Spectre: allows applications to access portions of memory managed by different applications.
Then it would be possible to read the memory of kernel processes, and the physical memory in user space (privilege escalation), allowing the attacker to read confidential information from the system memory.
Spectre is more difficult to exploit, but it is also more difficult to remedy, because of the numerous possible variants of the attack.
Important is to apply browsers patch for the specific vulnerable processes and... Bios/firmware updates (we're all waiting for that!).
 

RejZoR

Level 15
Verified
Top Poster
Well-known
Nov 26, 2016
699
What's the purpose of a greyed out "Enable Spectre Protection" button? Just a placeholder when we get the actual patch for it?
 
  • Like
Reactions: Andytay70
F

ForgottenSeer 58943

What's the purpose of a greyed out "Enable Spectre Protection" button? Just a placeholder when we get the actual patch for it?

So he has some fake advantage over the tool already out maybe. LOL

Gibson is a funny guy. I remember he was telling people to secure their networks with multiple routers on different DHCP pools. Apparently he doesn't understand vlans? :unsure:
 

boredog

Level 9
Verified
Jul 5, 2016
416
What's the purpose of a greyed out "Enable Spectre Protection" button? Just a placeholder when we get the actual patch for it?

Yes that is correct. The button is for sys admins for after the patch.
"System administrators may use InSpectre to disable the protection on devices. The intent is to resolve performance issues on older systems. The changes are done in the Windows Registry and described in KB4073119."
 

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
an update has been released: GRC | InSpectre

transpixel.gif
File stats for: InSpectre
Last Updated: Jan 27, 2018 at 12:55
Size: 125k
(0.73 days ago)

Release #6 — Worked around a Microsoft bug and more . . .
Users of an earlier version of Windows 10 (version 1703 ‑ the non-Fall Creator's Update) reported that InSpectre did not believe that their system had been patched for the Spectre vulnerability. Upon analysis, a bug was discovered in that version of Windows which affected the way 32-bit applications, such as InSpectre, viewed the system. This was apparently fixed in the later “Fall Creator's Update” (version 1709) but not in the earlier version. A 64-bit “probe” was added to the 6th release of InSpectre to work around this bug in version 1703 so that InSpectre would accurately reflect any system's true protection.

And, while we were at it, the language presented in the summary was changed from “vulnerable” to “protected” so that “YES” was the good answer and “NO!” was the bad answer. :)
 

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
New InSpectre release reveals if microcode updates are available

We reviewed the InSpectre application by Gibson Research when it first came out in January 2018.

The program checked whether Meltdown or Spectre patches were installed on the Windows machine and gave an estimate on the performance impact those patched had on the system.

Microsoft released a security update for Windows in January to address some of the issues associated with the vulnerabilities. The company published instructions on finding out if Windows PCs were affected by Spectre or Meltdown; soon thereafter, third-party programs such as Ashampoo Spectre Meltdown CPU Checker or InSpectre were released to make this even easier for users and system administrators.

InSpectre Release #8
spectre-meltdown-vulnerability-check.png


Gibson Research released several InSpectre updates that improved the application's functionality. Release 7 listed information about the CPUID, and yesterday's new release, Release 8, shows to you whether a microcode update is available or not.

Intel revealed recently that it won't publish microcode updates for processors that the company has not patched already. The company published a PDF document entitled "Microcode revision guidance" which reveals processors with and without microcode updates.

Gibson's program uses the list to highlight whether microcode updates are available for the device's CPU.

Usage is still very simple: download the latest version of the application from the official project website and run it after the download. InSpectre is a portable application that does not need to be installed. You can run it from any location, or put it on a USB Flash Drive to run it on any device you connect the Flash Drive to.

The program displays the vulnerability status of the system on start. It shows whether the system is protected against Meltdown or Spectre attacks, and the performance impact.

"Microcode Update Available" highlights whether Intel released microcode updates for the processor.

Microsoft released an update for Windows 10 version 1709 that includes the microcode update for patched processors.

KB4090007 lists available products and CPUIDs. Windows users can download the update for Windows 10 version 1709 from the Microsoft Update Catalog website to protect against Spectre Variant 2 attacks.

The update is listed as critical but it has not been distributed via Windows Update or other automatic update services yet.

Closing Words
InSpectre offers one of the easiest ways to find out if a Windows system is fully patched against Spectre or Meltdown vulnerability attacks. The new version shows whether Intel released an microcode update for the process which should make things easier as well.​
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top