Yes there is, sorry. The mitigations for the Spectre flaw are not a one-shot deal but apparently require ongoing applications indefinitely. How much of a clear and present danger is Spectre to the average user, really? It's more rhetorical. Backups and updates--yes, you're right but this is not the response I was looking for. It's a tough dilemma for some people.
How to check if your PC is protected from the Meltdown and Spectre exploits
- Thread starter tim one
- Start date
Yes there is, sorry. The mitigations for the Spectre flaw are not a one-shot deal but apparently require ongoing applications indefinitely. How much of a clear and present danger is Spectre to the average user, really? It's more rhetorical. Backups and updates--yes, you're right but this is not the response I was looking for. It's a tough dilemma for some people.
Currently, the danger of Spectre for the average user is quite small because Spectre is quite hard to make use of (exploit) and it also depends on the software being targeted for the attack. It also needs to be used against a target which can actually be leveraged for benefit of the attacker, so not all software will be a decent target. There's currently no known exploitation of the Spectre vulnerabilities in the wild, but this won't necessarily maintain this way forever more.
Last edited by a moderator:
- Dec 29, 2014
- 1,716
Removed it on a couple of PCs for science sake. On one PC it took about an hour, but on the other one one a couple of minutes. Most of the time in the first instance was during the shutdown phase. It was stuck there for I guess 35-40 minutes or so. I was running benchmarks, so I wanted to get a look at them after removing the patch.
I started to use system restore, but apparently the patch can be simply uninstalled. This matches the information I had read posted for the patch on the Microsoft Update Catalog page containing the update. That was why I decided to give the uninstall a try.
I hate to say this, but, for me, there is a noticeable difference in the performance of a PC after the patch. Doesn't seem to matter what kind of processor...just less responsive overall.
That said, I do have a bothersome feeling that there is a better way to do this. Maybe this situation is one where the optimal fix would be more work than any of the other possible workarounds and one which requires some time to engineer. Obviously, it would be the least restrictive option with regards to resources and performance to be considered optimal and of course it must still guarantee a fully secure kernel.
- Mar 24, 2017
- 481
- Apr 1, 2017
- 1,782
I really want to run the tool, but I just cannot trust them enough to be brave and do it on my host environment. I'll have to run it in a Virtual Machine which is up-to-date with the latest patches...
- Apr 1, 2017
- 1,782
Ok my friend run the tool on vmare and tell us is it safe to use or no
Eset live gird rated the file as green and that means Eset ppl manually whitelisted the file! I guess its safe.
Eset live gird rated the file as green and that means Eset ppl manually whitelisted the file! I guess its safe.
Attachments
Last edited:
- Jun 9, 2013
- 6,720
I gave it a try and it seemed to work just fine here.
- Apr 1, 2017
- 1,782
Oh no I definitely know the tool itself is "safe", I just don't trust them enough to run it on my host. It's to do with Chinese data protection laws which I don't agree with, so I just don't have the balls to go ahead and run it on my host.
- Jun 9, 2013
- 6,720
One question: how is a software-based creation going to patch a hardware/firmware vulnerability? You have to flash the firmware to update it, and hardware cannot be remotely changed. I'm not exactly sure what this Qihoo utility is actually going to accomplish. Maybe they will just check for updates related to Meltdown/Spectre fixes?
Feels a bit like someone offering you a plate of lasagna, you finally arrive at the restaurant, and half of it is missing. You know? Like you get something you have long-waited, and then it is half complete or half-available. A bit like a disappointment...
If it didn't work for @frogboy then I am sure it won't work for me.
Feels a bit like someone offering you a plate of lasagna, you finally arrive at the restaurant, and half of it is missing. You know? Like you get something you have long-waited, and then it is half complete or half-available. A bit like a disappointment...
If it didn't work for @frogboy then I am sure it won't work for me.
- Jan 5, 2018
- 163
So I know about the windows patch, I know about the firmware/BIOS updates from OEM manufacturers, but I haven't heard anything about any motherboard companies releasing new firmware/BIOS, like Gigabyte, Asus etc. What is the deal with them? How do users with custom built PC's attain full protection?
I'm wondering the same thing. I have an MSI motherboard for a custom built system however there's no BIOS update available and hasn't been for at-least a few weeks now as far as I am aware. However, no vendor is likely going to release an update for an really old system because they tend to use the 2-3 year range.
With that in mind, you don't need to worry about Meltdown or Spectre exploitation for the time being and I suspect this will stay put for at-least 6-12 months from now. There's no known exploitation of it within malicious software in the wild, and the Proof-Of-Concepts/original findings were by highly skilled researchers who allegedly had information about the CPU architectures which are private and not publicly disclosed - I do not know if this is factual or not though.
@Lockdown said on another thread exactly what it is, that malware authors which are traditional and release into the wild are not in this game for hardware/firmware exploitation. And even the ones who are capable of doing so, the chances of them accomplishing it are really small. You can throw the source code onto a malware authors lap and 99% chance they won't know how to use it, at-least to it's full potential.
Look at EternalBlue and WannaCry. Sure, it was used. Sure, EternalBlue was a government exploit. Sure, WannaCry did a lot of damage. But was it used to it's full potential? Nope. Kernel-Mode code execution via privilege escalation and the payload was user-mode. Says it all really.
Source: 360 released the Very First CPU Vulnerability Assessment and Fix Tool
Looks like I was right then, it works by checking for updates. It also has additional checks for other things regarding privacy and cleaning, and seems to be a marketing approach at gaining more Premium customers as well which is fine and normal for companies to do (standard marketing techniques by leveraging the recent fiasco).
For the record, the link content states how it works in clear view so there's nothing misleading going on here.
- Jan 5, 2018
- 163
Yeah, I'm not to worried about it affecting my system. It's just with all the attention this is getting it is strange that all the motherboard companies haven't said a word.
- Apr 1, 2017
- 1,782
https://support.microsoft.com/en-sg...your-windows-devices-against-spectre-meltdown
actually, they said! but not all of them(like gigabyte)
- Jan 5, 2018
- 163
Actually the only motherboard company on that list is Asus. No word from MSI, Gigabyte, Asrock, EVGA. That's weird.
- Jan 29, 2017
- 1,201
I have a sense that the rush to patch will result in buggy and inefficient "solutions". Better to wait a month or so or until a real threat looms. Even Google's plans to "harden" Chrome won't be realized until later in the month.
- Jul 27, 2015
- 5,458
Quote : " Microsoft has identified a compatibility issue with a small number of antivirus software products.
The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors ( also known as blue screen errors ) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.
If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor. "
Quote : " Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server 2016 Customers, Windows 7 SP1 and Windows Server 2008 R2 SP1 Customers. The anti-virus software must set a registry key as described below in order to receive the January 2018 security updates.
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”
Data="0x00000000” "
Source : https://support.microsoft.com/en-sg...ndows-security-updates-and-antivirus-software
The compatibility issue arises when antivirus applications make unsupported calls into Windows kernel memory. These calls may cause stop errors ( also known as blue screen errors ) that make the device unable to boot. To help prevent stop errors that are caused by incompatible antivirus applications, Microsoft is only offering the Windows security updates that were released on January 3, 2018, to devices that are running antivirus software that is from partners who have confirmed that their software is compatible with the January 2018 Windows operating system security update.
If you have not been offered the security update, you may be running incompatible antivirus software, and you should consult the software vendor. "
Quote : " Windows 10, Windows 8.1, Windows Server 2012 R2 and Windows Server 2016 Customers, Windows 7 SP1 and Windows Server 2008 R2 SP1 Customers. The anti-virus software must set a registry key as described below in order to receive the January 2018 security updates.
Key="HKEY_LOCAL_MACHINE" Subkey="SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat" Value="cadca5fe-87d3-4b96-b7fb-a231484277cc" Type="REG_DWORD”
Data="0x00000000” "
Source : https://support.microsoft.com/en-sg...ndows-security-updates-and-antivirus-software
Similar threads
