InSpectre: See whether your PC's protected from Meltdown and Spectre

Credit to Author: Woody Leonhard| Date: Tue, 16 Jan 2018 11:16:00 -0800

If you’re wondering whether your computer is susceptible to the latest bête noir, Meltdown and Spectre, you can take the official Microsoft patch and, after a suitable amount of technical drudgery, come away with a result that doesn’t answer much. Or you can try Steve Gibson’s new InSpectre and – with suitable caveats – see some meaningful results and a few hints about catching up.

Microsoft has a complex PowerShell script that details your machine’s exposure to the Meltdown and Spectre security flaws. Running that script on all but the simplest and most up-to-date systems turns into a hair-pulling exercise, and the results are coated in 10 layers of technical gobbledygook.

Here’s what I mean. I just ran version 1.0.4 of the SpeculationControl Validation PowerShell script on my main computer and, after crossing my fingers and allowing “software from this untrusted publisher” to run, came up with the enlightening analysis shown in the screenshot below.

Microsoft’s SpeculationControl Validation PowerShell script results aren’t exactly easy to decipher.

I’m loathe to install any Windows updates right now, given their current dicey state, and my go-to production machine has an AMD processor. That combo produces a SpeculationControl rating that’s 100% bad.

Then I ran Steve Gibson’s just-released InSpectre scanner, and I got the overall report shown in this screenshot.

InSpectre scanner offers meaningful results that help users understand whether their PC is vulnerable.

That matches my experience with this machine and, in looking at numerous other reports, I’d say that Gibson has pretty much nailed it.

InSpectre’s a new program (less than 24 hours old at this point), and it’s driving antivirus scanners crazy. I’ve seen at least one notice that Kaspersky Antivirus flags the download as a “Heuristic” Trojan. There are additional warnings from VirusTotal, Panda and Sophos. They’re all false positives. If you download InSpectre from Steve Gibson’s site, it’s clean.

To be sure, it’s a “version 1.0” product and, as Gibson says:

We did not wish to delay this application’s release while building additional confidence in its conclusions and output. It has been carefully tested under as many different scenarios as possible. But new is new, and it is new. We may well have missed something. So please use and enjoy InSpectre now. But you may wish to check back in a few days to see whether we may have found and fixed some last bits of debris.

If you’re not particularly interested in taking a graduate level course in Windows translation lookaside buffers and context switches, InSpectre can help. I’ve also just discovered a free Meltdown/Spectre checker from German software vendor Ashampoo. The results from their Spectre Meltdown CPU Checker match that from InSpectre on my machines.

I continue to recommend that you hold off on this month’s patches – that includes Windows patches, .NET patches, firmware patches, and more – but you should disable Equation Editor if you’re in the habit of Enabling Edits on spurious Word documents. See my post from last week, but also note 0patch has just released a fix that specifically plugs the Equation Editor security holes.

There are no known exploits for Meltdown or Spectre in the wild, although some are in development. (It’s feasible that nation states have been using either or both for decades!) For regular Windows users, the most likely infection vector, when it arrives, will be via a web browser, and those are getting patched quickly.

Wait until the dust settles on this month’s patches before you install something that could clobber or cripple your machine.

Share your InSpectre insights on the AskWoody Lounge.

http://www.computerworld.com/category/security/index.rss