Jump to content

Photo

InSpectre - New Steve Gibson utility

security now meltdown spectre steve gibson inspectre

  • Please log in to reply
23 replies to this topic

#1
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,472 posts

Steve Gibson has produced another helpful tool along similar lines to Never10 ..

InSpectre

https://www.grc.com/inspectre.htm

 

logo.png

Easily examine and understand any Windows
system's hardware and software capability to
prevent Meltdown and Spectre attacks.

screenshot.png
(This 124k app is compatible with ALL versions of Windows.)

 

 

Its a neat and informative tool written in assembler so its small (same as all tools from Steve Gibson), only a week in development, but already looks like its just about done at release #5 .. At time of posting - Last Updated: Jan 18, 2018 at 13:14

Reference another topic on Meltdown and Spectre vulnerabilities, this tool will tell you if you are protected against these vulnerabilities or not

A Computerworld Columnist reckons the tool is sending anti-virus software a bit nuts because it is new and unrecognised software ..

 

Then I ran Steve Gibson’s just-released InSpectre scanner, and I got the overall report shown in this screenshot.

inspectre-100746848-large.jpg Steve Gibson

InSpectre scanner offers meaningful results that help users understand whether their PC is vulnerable.

That matches my experience with this machine and, in looking at numerous other reports, I’d say that Gibson has pretty much nailed it.

InSpectre’s a new program (less than 24 hours old at this point), and it’s driving antivirus scanners crazy. I’ve seen at least one notice that Kaspersky Antivirus flags the download as a “Heuristic” Trojan. There are additional warnings from VirusTotal, Panda and Sophos. They’re all false positives. If you download InSpectre from Steve Gibson’s site, it’s clean.

 

.. "They are all false positives"

For development discussions, refer to Steve Gibsons Newgroups, News.Feedback

 

And there is a Security Now! podcast dedicated to the subject https://twit.tv/show...autostart=false

(Scroll down a bit on that security now page too for the link to the show notes which has further helpful links).

 

NVidia Graphics drivers latest updates (390.65 +) have been adapted to also help prevent these vulnerabilities.


Edited by alt3rn1ty, 21 January 2018 - 12:48 PM.


#2
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,472 posts

Seems the free version of Malwarebytes I was using was preventing me getting an important update, Windows update KB4056892

 

(See this topic for an explanation of why that can happen)

 

After uninstalling Malwarebytes, cleaning the registry, and then manually installing the missed windows update, I am now protected from Meltdown vulnerability

 

BJw97IS.png

 

 

This system's present situation:

This 64-bit version of Windows has been updated for full awareness of both the Spectre and the Meltdown vulnerabilities. If the system's hardware (see below) has also been updated, this system will not be vulnerable to these attacks.

This system's hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

This system's Intel processor provides high-performance protection from the Meltdown vulnerability. A properly updated operating system will be able to provide protection without significant system slowdown.

This system's Intel processor provides high-performance protection from the Meltdown vulnerability and this version of Windows is taking full advantage of those features to offer that protection without overly severe performance penalties.

Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:

The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

 

 

Now I just need to find how to protect from Spectre apparently

 

Edit : Ugh! Solution to Spectre includes a device (probably BIOS) update from Intel to MSI, and then an update from MSI to individual machine models = Thats going to take a while longer .. https://www.msi.com/faq/notebook-2963


Edited by alt3rn1ty, 22 January 2018 - 10:00 AM.


#3
TheMastersSon

TheMastersSon

    Old hand

  • Members
  • PipPipPip
  • 939 posts
Thanks for the link, although I wish Gibson would do a little better job at informing people that no active exploits are known for either of these vulnerabilities. So countless millions of people are about to lop off at least a portion of their purchased processing power out of fear mongering and nothing else. As mentioned elsewhere, the USB vulnerability discovered years ago (and that was responsible for the "Gen 2" USB3 hardware update) was equally ubiquitous, yet no explosion of exploits were seen for it either. In fact this reality of life for computers goes back all the way (at least) to parallel port hacking on the original IBM-PC and probably much further. Because vulnerabilities are inherent to computers does not mean any particular one or set of these weaknesses have ever been or ever will be exploited.

Edited by TheMastersSon, 23 January 2018 - 12:56 AM.


#4
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,472 posts

Thanks for the link, although I wish Gibson would do a little better job at informing people that no active exploits are known for either of these vulnerabilities. So countless millions of people are about to lop off at least a portion of their purchased processing power out of fear mongering and nothing else. As mentioned elsewhere, the USB vulnerability discovered years ago (and that was responsible for the "Gen 2" USB3 hardware update) was equally ubiquitous, yet no explosion of exploits were seen for it either. In fact this reality of life for computers goes back all the way (at least) to parallel port hacking on the original IBM-PC and probably much further. Because vulnerabilities are inherent to computers does not mean any particular one or set of these weaknesses have ever been or ever will be exploited.

 

Go to 1hr 31 in the podcast discussing it = https://twit.tv/show...autostart=false

 

Personally I havent had any noticeable slow down at all, and thats running my MSI machine in comfort mode instead of sports mode.

All current games I have dont need it to be running at full power on both CPU and GPU, so I can run it cool until the next gen games come along then I will need to let this machine shine a bit more by letting it run at higher frequency and a little warmer .. By which time whatever performance I get out of it will be the new norm for me, and game settings will be tweaked accordingly.

 

Gamers generally have above average machines anyway, which from what I have heard will hardly be affected by these measures...

 

.. But then, even if they are, they can now disable and re-enable the fixes whenever required by using InSpectre


Edited by alt3rn1ty, 27 January 2018 - 09:42 PM.


#5
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,472 posts

Version #6 is now released.

 

"

  • Release #6 — Worked around a Microsoft bug and more . . .
    Users of an earlier version of Windows 10 (version 1703 ‑ the non-Fall Creator's Update) reported that InSpectre did not believe that their system had been patched for the Spectre vulnerability. Upon analysis, a bug was discovered in that version of Windows which affected the way 32-bit applications, such as InSpectre, viewed the system. This was apparently fixed in the later “Fall Creator's Update” (version 1709) but not in the earlier version. A 64-bit “probe” was added to the 6th release of InSpectre to work around this bug in version 1703 so that InSpectre would accurately reflect any system's true protection.

    And, while we were at it, the language presented in the summary was changed from “vulnerable” to “protected” so that “YES” was the good answer and “NO!” was the bad answer. :)

"


Edited by alt3rn1ty, 28 January 2018 - 12:45 AM.


#6
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,472 posts
Apparently more Intel Fu ..
 
 
.. And Microsoft updates will now detect and disable any already applied bad microcode fixes, presumably until a better one comes along. ​​​​​​​ :facepalm:


#7
alt3rn1ty

alt3rn1ty

    Mere Morsel

  • Supporter
  • PipPipPipPipPip
  • 3,472 posts

Im just glad I am not a manufacturer of computers, have a look at the following couple of long lists of models which MSI have been working on ..

 

https://www.msi.com/...rCseaHQstFxJw~~

 

.. But they will have to do all of those again, and then work on the rest afterwards. That will be the same for everyone, the amount of time and effort being spent on this is tremendous. And now they all need doing again. Intel needs to get this right, lot of pressure, but hell what a time to make another mistake.

 

------------------

 

I heard mention somewhere that linux machines can implement the microcode fix for Spectre very easily, its just a case of dropping the microcode file in a special location in the OS (something \ etc \) .. And Windows (if Microsoft would do it) could be capable of doing this too. When the machine boots up, the file is loaded for use automatically by the BIOS. So no BIOS update necessary, its as simple as copy / paste.

 

------------------

 

And one more snippet of info heard - Only Windows 10 will get Meltdown OS fixes which do not affect performance so much as older Windows will be affected, so thats probably why my machine does not seem to be affected in any way that I can detect, apart from it being a relatively new machine, its received a better fix than will be given to say a machine with Windows 7.

 

------------------

 

Google Chrome v64 onwards ( And Chromium obviously ) has a new Flag which apparently helps with Meltdown exploits designed to use Java script via your Browser through hijacked 3rd party IFrames ( remember how Nexus used to unwittingly deliver Malware via some of its adverts and for the longest time Site admin did not know how widespread a problem it was ?, same mechanisms for delivery can now be blocked by this new flag in Chrome )

Type the flags url in the address bar, search for Isol, personally I'm going to try out Strict Site Isolation ..

 

ZpPcP6l.png



#8
kianatit

kianatit

    Stranger

  • Members
  • Pip
  • 1 posts

So nice this article is very well

asaldl


Edited by kianatit, 11 February 2018 - 01:10 AM.


#9
FMod

FMod

    Faithful poster

  • Members
  • PipPipPipPip
  • 1,337 posts

Not to dump on the tool, but please keep in mind -

 - there have been no known attacks so far exploiting Spectre or Meltdown vulnerabilities.

 

There are no developed-but-unused implementations, either. Such attacks are very difficult and generally not worth it in the world where people turn UAC off and click on whatever site they think might be funny.

 

What makes Meltdown and Spectre significant is that they allow for a security breach on hardware level, which was previously thought implicitly secure and safe to rely on.



#10
TheMastersSon

TheMastersSon

    Old hand

  • Members
  • PipPipPip
  • 939 posts

FMod, I'm glad you said significant instead of unique or even particularly special. Hardware hacks are and will always be inherent to hardware. This doesn't mean all or any one or two of them WILL be exploited, only that the theoretical possibility exists. Again imo I'll wait to hear of at least one known developed exploit before I start compromising system performance. In the meantime it's running from fear and nothing else.







Also tagged with one or more of these keywords: security now, meltdown, spectre, steve gibson, inspectre

Page loaded in: 1.031 seconds