Wednesday, January 17th 2018
InSpectre Tool Determines Whether Your PC is Vulnerable to Meltdown and Spectre
During the whole Meltdown and Spectre turmoil, Microsoft released a PowerShell script that lets users assess their system to determine whether it's properly protected against the two CPU exploits. To say that Microsoft's method is non-intuitive is an understatement though. Their procedure involves punching in several lines of commands into the PowerShell prompt only to be presented with an end result of mumbo jumbo. For users who fancy a more straightforward approach, InSpectre might be exactly what the doctor would order. InSpectre is a small tool designed by none other than famous software engineer Steve Gibson to automate Microsoft's time-consuming procedure in a a single click. It also provides results that even non-tech-savvy users can comprehend. However, InSpectre not only scans the user's system but also allows him to enable or disable the Meltdown and Spectre protections.
Source:
Gibson Research Corporation
18 Comments on InSpectre Tool Determines Whether Your PC is Vulnerable to Meltdown and Spectre
If you think they need to "patch" you to backdoor you, you underestimate "them."
"Mumbo Jumbo" = cache contents.
sysadmin/comments/4ke6vk/_/d3ehrve
www.grc.com/freepopular.htm
But from what i understood is that both Spectre & Meltdown where able to run from browser windows. So an unpatched PC is able to get infected by simply browsing the web already.
You have to be jokeing??? Steve Gibson is one of THE most renowned people in the business. His software is beyond Top Notch, and all of his site has some of the most brilliant tools ever developed.
GRC has been around longer than most any company on the internet.
DONT Bash someone just because you "may" not know who they are.
Bashing Steve is as bad as bashing W1zzard......................
His other software is pretty much junk and is created for semi-illiterate IT-people that does not understand their own field. Have you even read his descriptions on his "Nanoprobe" (and other software for that matter)?
You could start by answer me why the executable has been run through an EXE compressor and why there are strings included for this to be run on a 386? As someone that has been bragging about his knowledge of assembly curiously include C++ runtimes from Visual Studio. There are several more decision within this software creation that makes me question his knowledge in security and software.
As someone who works in security I would not take that mans word seriously. He does not know what he is talking about and makes some dubious decisions. Equaling Wizzard with Steve is an insult to Wizzard.
So some of his stuff is old, FFs man the interwebz has been around for a Long time I mean your calling out something 8, Eight Years back and I suppose you can explain it better for "common folk" to understand better ?
So you would say even Spin Rite, SheildsUp is Not on the same Level as GPUz ?
Even still his shields up and port scan, DNS Spoof ect all GRC products, are Very helpful for the vast majority of people, Including TPU users that had a Lot of folks here using them quite some time back
So your research {attrition?} is what makes you better than the guy that has his own shows, and is renowned around the world ?
I guess millions of others are not as smart as you interpret then......................
To say is a pretty nasty thing to say about some one as highly regarded outside of your world.
Maybe You should spend some of your time in the TPU IT section sharing all you Vastly superior knowledge of security for all of us Common folk to use .......... justsaying
W1zzard did GPUz hiself, Steve did several "highly useful tools" himself, therefore they both equally stand out as " Top Notch and reputable" .
Maybe some of the attrition shit got sent your way.... so let me leave this as a reminder about how he was labeled a "Not an enlighten Security person in some circles" waaaaay back like 1991 or w.e.
""Upon the release of Windows XP, in massive red letters on his website, he proclaimed:
When those insecure and maliciously potent Windows XP machines are mated to high-bandwidth Internet connections, we are going to experience an escalation of Internet terrorism the likes of which has never been seen before.""
WOW, .... and what happened not so far back......... hum yea he's not a legit person 'cause "those circles of security Pros"
FWIW I accept that you may not like him, but still he's not bad enough to be called non legit now days
There are tools directly built in to Windows that does a way, way better job than this marketing tool he has created.
Powershell alone does this:
support.microsoft.com/en-us/help/4073119/protect-against-speculative-execution-side-channel-vulnerabilities-in
I'm not so sure why you are so infatuated with him.
Also, your link is not relevant, this is what started it all:
www.informit.com/articles/article.aspx?p=27289&seqNum=2
How about you write up a lil program for the Common folk to use to instead of Powershell
Yes, the world has changed, and he is STILL doing albeit small, but Relevant work to help us PC users.
Just like Never10, so many could NOT keep it from coming back so Steve made that little code to STOP MS from flipping the bit to allow them to bring it back to a machine. Didn't see ANY other "Tech" sites offering that info out to the public.
So his current program allows the common folk to use something that they don't have to dive into command line confusion, what's so Bad about that ?
Compare all the sites with screenshots of your so loved Powershell and all the input the user need's to do and hope they don't screw up oops
I'm not infatuated with him, but he deserves credit for his work, and it's FREE,
There is NO Marketing so not sure Why your so stuck on that, he released something important for users to benefit from AGAIN, and with out monetary compensation.
Look at the screenshots in the OP again, It's FREE, and a Link to EXPLAIN how and Why it works............ what is So BAD about that
Look at his link www.grc.com/inspectre.htm There is NO MARKETING for him to receive compensation .
Please stop trying to go back like 18 years to debunk a guy that is doing more to help regular PC users than "Advertise" and script visitors with shit.
As for the Raw sockets, wonder what the Author at your link is thinking now the Crypto got spread around to all the machines undetected......
How well did Powershell Work out on stopping that
So Fine "You" don't want to use his stuff, that should Not quantify saying that NO ONE Else should either. It's like your trying to be an IT Snob
this app probably checks the reg key & a few other things, same as powershell or the linux script someone made
wrapping into a gui sounds easier, but the commandline scripts arent really different: download something, run it with one button, look at results, nobody has to learn powershell (actually i never used the powershell one, is it not a single enter button?)
steve has been all over the place, recommending IE with some settings tweaks doesnt solve renderer/browser/mime decoding exploits yet people will think they've solved the browser with a few settings even though reality is constant whack-a-mole, things still need to be updated or sandboxed (well sandboxing wasnt talked about back then... i used to watch reruns of thelabwithleo & callforhelp)
another example, microsoft has released some great tools/products/games/opensource/etc, but also some of the worst products/shutdowns/forced updates/etc, everything is grey, no need to idolize or permaban without a very consistent reason