Wednesday, January 17th 2018

InSpectre Tool Determines Whether Your PC is Vulnerable to Meltdown and Spectre

During the whole Meltdown and Spectre turmoil, Microsoft released a PowerShell script that lets users assess their system to determine whether it's properly protected against the two CPU exploits. To say that Microsoft's method is non-intuitive is an understatement though. Their procedure involves punching in several lines of commands into the PowerShell prompt only to be presented with an end result of mumbo jumbo. For users who fancy a more straightforward approach, InSpectre might be exactly what the doctor would order. InSpectre is a small tool designed by none other than famous software engineer Steve Gibson to automate Microsoft's time-consuming procedure in a a single click. It also provides results that even non-tech-savvy users can comprehend. However, InSpectre not only scans the user's system but also allows him to enable or disable the Meltdown and Spectre protections.
Source: Gibson Research Corporation
Add your own comment

18 Comments on InSpectre Tool Determines Whether Your PC is Vulnerable to Meltdown and Spectre

#1
jaggerwild
So they can tell weather they can still back door me or not! Smmh what a joke, all so they can move out new hardware...............
Posted on Reply
#2
R-T-B
jaggerwildSo they can tell weather they can still back door me or not! Smmh what a joke, all so they can move out new hardware...............
Security patches aren't backdoors. Backdoors are what you get when you don't install security patches very likely, however.

If you think they need to "patch" you to backdoor you, you underestimate "them."
Posted on Reply
#3
Devon68
People please dont download this crap. Be smarter than that.
Posted on Reply
#4
Steevo
Devon68People please dont download this crap. Be smarter than that.
Its not crap. But thanks for that.


"Mumbo Jumbo" = cache contents.
Posted on Reply
#5
Nokiron
SteevoIts not crap. But thanks for that.


"Mumbo Jumbo" = cache contents.
Well, Gibson might not be the most legit person either. So ill join in with the "do not download"-crowd.

sysadmin/comments/4ke6vk/_/d3ehrve
Posted on Reply
#6
TheoneandonlyMrK
Devon68People please dont download this crap. Be smarter than that.
I am sure it was fully tested and verified free from viruses by tpu staffer's , that's good enough for me.
Posted on Reply
#7
Hood
I downloaded it from GRC Inspectre page www.grc.com/inspectre.htm and it worked fine. The tool is available from several mirror sites (Majorgeeks, etc.), but is not guaranteed to be safe except for the original one in the link. The tool told me that my OS is patched, but my CPU microcode was not, (which has to come from Asus as a new BIOS). So far the list from Asus only goes back to X99 (the 2 last boards released on that platform). The new BIOS for those boards (1901) is not showing up yet on the support pages for those boards, even though it's listed on the Asus Spectre list of patched boards. Still waiting for Z97 and Z87 boards to be listed. www.asus.com/News/V5urzYAT6myCC1o2 The tool lets you disable and enable both protections, making it easy to determine any loss of performance, by benchmarking.
Posted on Reply
#9
ppn
shows 2500К Not protected against Specter, bios update needed, and vulnerable to Meltdown when protection is disabled and system restarted, performance returns good instead of slow. The beauty of planned obsolesce. duh.
Posted on Reply
#10
R-T-B
ppnshows 2500К Not protected against Specter, bios update needed, and vulnerable to Meltdown when protection is disabled and system restarted, performance returns good instead of slow. The beauty of planned obsolesce. duh.
Sounds to be about what it should be reporting.
Posted on Reply
#11
Jism
Devon68People please dont download this crap. Be smarter than that.
We all know the anser that every CPU is vulnerable back in time 15 years at least. I am not going to test the CPU myself with code we dont understand.

But from what i understood is that both Spectre & Meltdown where able to run from browser windows. So an unpatched PC is able to get infected by simply browsing the web already.
Posted on Reply
#12
R-T-B
JismI am not going to test the CPU myself with code we dont understand.
The point is to test if the mitigations and microcode are applied and working.
Posted on Reply
#13
revin
Devon68People please dont download this crap. Be smarter than that.
NokironWell, Gibson might not be the most legit person either. So ill join in with the "do not download"-crowd.
:kookoo::(:confused::banghead:

You have to be jokeing??? Steve Gibson is one of THE most renowned people in the business. His software is beyond Top Notch, and all of his site has some of the most brilliant tools ever developed.
GRC has been around longer than most any company on the internet.

DONT Bash someone just because you "may" not know who they are.
Bashing Steve is as bad as bashing W1zzard......................
Posted on Reply
#14
Nokiron
revin:kookoo::(:confused::banghead:

You have to be jokeing??? Steve Gibson is one of THE most renowned people in the business. His software is beyond Top Notch, and all of his site has some of the most brilliant tools ever developed.
GRC has been around longer than most any company on the internet.

DONT Bash someone just because you "may" not know who they are.
Bashing Steve is as bad as bashing W1zzard......................
Why would I joke about it? I have done my research and in my own opinion it is not very trustworthy. He is living on his reputation, not his actions.

His other software is pretty much junk and is created for semi-illiterate IT-people that does not understand their own field. Have you even read his descriptions on his "Nanoprobe" (and other software for that matter)?

You could start by answer me why the executable has been run through an EXE compressor and why there are strings included for this to be run on a 386? As someone that has been bragging about his knowledge of assembly curiously include C++ runtimes from Visual Studio. There are several more decision within this software creation that makes me question his knowledge in security and software.

As someone who works in security I would not take that mans word seriously. He does not know what he is talking about and makes some dubious decisions. Equaling Wizzard with Steve is an insult to Wizzard.
Posted on Reply
#15
revin
Well Simplicity is better for compatibility I'd say. he don't need to add shit to make something look fancy.
So some of his stuff is old, FFs man the interwebz has been around for a Long time I mean your calling out something 8, Eight Years back and I suppose you can explain it better for "common folk" to understand better ?
So you would say even Spin Rite, SheildsUp is Not on the same Level as GPUz ?

Even still his shields up and port scan, DNS Spoof ect all GRC products, are Very helpful for the vast majority of people, Including TPU users that had a Lot of folks here using them quite some time back
So your research {attrition?} is what makes you better than the guy that has his own shows, and is renowned around the world ?
I guess millions of others are not as smart as you interpret then......................

To say
NokironGibson might not be the most legit person
is a pretty nasty thing to say about some one as highly regarded outside of your world.

Maybe You should spend some of your time in the TPU IT section sharing all you Vastly superior knowledge of security for all of us Common folk to use .......... justsaying

W1zzard did GPUz hiself, Steve did several "highly useful tools" himself, therefore they both equally stand out as " Top Notch and reputable" .

Maybe some of the attrition shit got sent your way.... so let me leave this as a reminder about how he was labeled a "Not an enlighten Security person in some circles" waaaaay back like 1991 or w.e.

""Upon the release of Windows XP, in massive red letters on his website, he proclaimed:

When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before.""

WOW, .... and what happened not so far back......... hum yea he's not a legit person 'cause "those circles of security Pros"

FWIW I accept that you may not like him, but still he's not bad enough to be called non legit now days
Posted on Reply
#16
Nokiron
revinWell Simplicity is better for compatibility I'd say. he don't need to add shit to make something look fancy.
So some of his stuff is old, FFs man the interwebz has been around for a Long time I mean your calling out something 8, Eight Years back and I suppose you can explain it better for "common folk" to understand better ?
So you would say even Spin Rite, SheildsUp is Not on the same Level as GPUz ?

Even still his shields up and port scan, DNS Spoof ect all GRC products, are Very helpful for the vast majority of people, Including TPU users that had a Lot of folks here using them quite some time back
So your research {attrition?} is what makes you better than the guy that has his own shows, and is renowned around the world ?
I guess millions of others are not as smart as you interpret then......................

To say is a pretty nasty thing to say about some one as highly regarded outside of your world.

Maybe You should spend some of your time in the TPU IT section sharing all you Vastly superior knowledge of security for all of us Common folk to use .......... justsaying

W1zzard did GPUz hiself, Steve did several "highly useful tools" himself, therefore they both equally stand out as " Top Notch and reputable" .

Maybe some of the attrition shit got sent your way.... so let me leave this as a reminder about how he was labeled a "Not an enlighten Security person in some circles" waaaaay back like 1991 or w.e.

""Upon the release of Windows XP, in massive red letters on his website, he proclaimed:

When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before.""

WOW, .... and what happened not so far back......... hum yea he's not a legit person 'cause "those circles of security Pros"

FWIW I accept that you may not like him, but still he's not bad enough to be called non legit now days
I don't debate that he was at one point an influential person in the IT-world, but that has changed. Nowaydays, he struggles to maintain relevance. I question his decisions and would never touch his programs, not that they are malicious but because I don't want to give him any credit for his current work.

There are tools directly built in to Windows that does a way, way better job than this marketing tool he has created.

Powershell alone does this:
support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in

I'm not so sure why you are so infatuated with him.

Also, your link is not relevant, this is what started it all:
www.informit.com/articles/article.aspx?p=27289&seqNum=2
Posted on Reply
#17
revin
How many common folk know PowerShell... Geez. WHY are you so stuck on that ?
How about you write up a lil program for the Common folk to use to instead of Powershell
Yes, the world has changed, and he is STILL doing albeit small, but Relevant work to help us PC users.

Just like Never10, so many could NOT keep it from coming back so Steve made that little code to STOP MS from flipping the bit to allow them to bring it back to a machine. Didn't see ANY other "Tech" sites offering that info out to the public.

So his current program allows the common folk to use something that they don't have to dive into command line confusion, what's so Bad about that ?
Compare all the sites with screenshots of your so loved Powershell and all the input the user need's to do and hope they don't screw up oops

I'm not infatuated with him, but he deserves credit for his work, and it's FREE,
There is NO Marketing so not sure Why your so stuck on that, he released something important for users to benefit from AGAIN, and with out monetary compensation.
Look at the screenshots in the OP again, It's FREE, and a Link to EXPLAIN how and Why it works............ what is So BAD about that
Look at his link www.grc.com/inspectre.htm There is NO MARKETING for him to receive compensation .

Please stop trying to go back like 18 years to debunk a guy that is doing more to help regular PC users than "Advertise" and script visitors with shit.

As for the Raw sockets, wonder what the Author at your link is thinking now the Crypto got spread around to all the machines undetected......
How well did Powershell Work out on stopping that

So Fine "You" don't want to use his stuff, that should Not quantify saying that NO ONE Else should either. It's like your trying to be an IT Snob
Posted on Reply
#18
kn00tcn
Nokironextra anti
revinextra pro
you guys... steve has both useful mini tools & obsolete tools/info, neither should be a final state, people change, more importantly we need multiple modern expert sources as steve isnt young or isnt a kernel dev or isnt an exploit maker (i also wish he wrote shorter & more to the point)

this app probably checks the reg key & a few other things, same as powershell or the linux script someone made

wrapping into a gui sounds easier, but the commandline scripts arent really different: download something, run it with one button, look at results, nobody has to learn powershell (actually i never used the powershell one, is it not a single enter button?)

steve has been all over the place, recommending IE with some settings tweaks doesnt solve renderer/browser/mime decoding exploits yet people will think they've solved the browser with a few settings even though reality is constant whack-a-mole, things still need to be updated or sandboxed (well sandboxing wasnt talked about back then... i used to watch reruns of thelabwithleo & callforhelp)

another example, microsoft has released some great tools/products/games/opensource/etc, but also some of the worst products/shutdowns/forced updates/etc, everything is grey, no need to idolize or permaban without a very consistent reason
Posted on Reply
Add your own comment
Nov 22nd, 2024 10:30 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts