Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Meltdow/Spectre Test from Gibson Research - InSpectre


  • Please log in to reply
2 replies to this topic

#1 DavidLMO

DavidLMO

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 18 January 2018 - 11:17 PM

Good overview article at Ghacks here:

https://www.ghacks.net/2018/01/16/gibson-releases-inspectre-vulnerability-and-performance-checker/

Gibson Research test can be found here;

 

https://www.grc.com/inspectre.htm

 

Steve Gibson writes good stuff.  This one is a little slicker than some of the others out there.

From the Ghacks article:

"The application offers three core advantages over comparable solutions such as Ashampoo’s Spectre Meltdown CPU Checker: the program requires no Internet connection to make the verification checks, it reveals how much of a performance impact the patches may have on the system, and it gives admins options to disable the protections."

 

 



BC AdBot (Login to Remove)

 


#2 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,755 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:01:37 AM

Posted 19 January 2018 - 10:39 AM

I second the assertion that, "Steve Gibson writes good stuff," and InSpectre is just the latest example.

 

An incredibly easy to use, and versatile, utility related to Meltdown and Spectre that does not require installation, but is a portable, stand-alone program.  Nice.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 AM

Posted 19 January 2018 - 12:20 PM

FYI, I have extracted the complete text from this utility (it's an RTF file stored as a PE resource).

The {} are placeholders for variables, like 32/64.

 

The RTF file:

 

 

[TheSit]

 

Spectre & Meltdown Vulnerability
and Performance Status

 

Vulnerable to Meltdown: {1}

Vulnerable to Spectre: {2}

Performance: {3}

(full details below)

 

In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.

 

Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.

 

This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.

 

This system's present situation:

 

[win0]

  • This {1}-bit version of Windows is not aware of either the Spectre or Meltdown problems. Since Intel processors are vulnerable to both of these attacks, this system will be vulnerable to these attacks until its operating system has been updated to handle and prevent these attacks.

 

[win1]

  • This {1}-bit version of Windows is aware of the Meltdown but not the Spectre problem. Since Intel processors are vulnerable to both of these attacks, this system will be vulnerable to Spectre attacks until its operating system has been updated to handle and prevent this attack.

 

[win2]

  • This {1}-bit version of Windows is aware of the Spectre but not the Meltdown problem. Since Intel processors are vulnerable to both of these attacks, this system will be vulnerable to Meltdown attacks until its operating system has been updated to handle and prevent this attack.

 

[win3]

  • This {1}-bit version of Windows has been updated for full awareness of both the Spectre and the Meltdown vulnerabilities. If the system's hardware (see below) has also been updated, this system will not be vulnerable to these attacks.

 

[win0a]

  • This {1}-bit version of Windows is not aware of either the Spectre or Meltdown problems and AMD processors, such as the one used by this system, are vulnerable to the Spectre attacks. Therefore, this system will be vulnerable to Spectre attacks until its operating system has been updated to prevent these attacks.

 

[win1a]

  • This {1}-bit version of Windows is aware of the Meltdown but not the Spectre problem and AMD processors, such as the one used by this system, are vulnerable to the Spectre attacks. Therefore, this system will be vulnerable to Spectre attacks until its operating system has been updated to prevent these attacks.

 

[win2a]

  • This {1}-bit version of Windows is aware of the Spectre but not the Meltdown problem.However, AMD processors, such as the one used by this system, are not vulnerable to Meltdown attacks. Therefore, If the system's hardware (see below) has also been updated, this system will not be vulnerable to either of these attacks.

 

[intelold]

  • This system's hardware has not been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

 

[intelnew]

  • This system's hardware has been updated with new features required to allow its operating system to protect against the Spectre vulnerabilities and/or to minimize their impact upon the system's performance. (Protection from the Meltdown vulnerability does not require BIOS or processor updates.)

 

[amdold]

  • This system's AMD processor is not affected by the Meltdown vulnerability, but it has not been updated with the new features required to allow its operating system to eliminate the Spectre vulnerabilities and/or to minimize their impact upon the system's performance.

 

[amdnew]

  • This system's AMD processor is not affected by the Meltdown vulnerability and it has been updated with new features required to allow its operating system to eliminate the Spectre vulnerabilities and/or to minimize their impact upon the system's performance.

 

[PcidAvail]

  • This system's Intel processor provides high-performance protection from the Meltdown vulnerability. A properly updated operating system will be able to provide protection without significant system slowdown.

 

[PcidUnavail]

  • This system's Intel processor does not provide high-performance protection from the Meltdown vulnerability. The use of Meltdown protection on this system will incur some corresponding performance penalty.

 

[PcidMelting]

  • This system is not currently providing any protection against the Meltdown vulnerability. Either the operating system is unaware of this problem (which can be resolved by any operating system) or the operating system's protection has been deliberately disabled.

 

[PcidUnused]

  • This system's Intel processor provides high-performance protection from the Meltdown vulnerability, but this version of Windows is not taking advantage of those features to offer that protection without performance penalties. (It could and should!) You may wish to consider disabling this system's Meltdown protection until it is offered at lower system performance cost.

 

[PcidSlow]

  • This system's older Intel processor does not provide high-performance protection from the Meltdown vulnerability. Windows is therefore doing the best job it can to protect the system, though with a possibly significant performance penalty. You may wish to considering disabling this system's Meltdown protection until it is offered at lower system performance cost.

 

[PcidInUse]

  • This system's Intel processor provides high-performance protection from the Meltdown vulnerability and this version of Windows is taking full advantage of those features to offer that protection without overly severe performance penalties.

 

[SpecDisabled]

  • This system's protection against the Spectre vulnerability has been deliberately disabled by system settings. Even if the system's hardware is able to manage the Spectre threat, the operating system's settings will need to be changed to enable Spectre protection.

 

[RegIntro]

Due to the potential performance impact of these vulnerability protections, which may be particularly burdensome on older hardware and operating systems that cannot be updated, either one or both of these protections may be disabled with Windows registry settings. This system's "protection disable" is currently set as follows:

 

[BothOff]

  • Windows' Spectre and Meltdown vulnerability protections have both been deliberately disabled by settings in this system's registry. Although overall system performance will be improved, this system will be vulnerable to both Spectre and Meltdown attacks.

 

[SpectreOff]

  • Windows' Spectre vulnerability protection (only) has been deliberately disabled by settings in this system's registry. Although overall system performance will be improved, this system will be vulnerable to Spectre attacks. Meltdown protection has not been disabled.

 

[MeltdownOff]

  • Windows' Meltdown vulnerability protection (only) has been deliberately disabled by settings in this system's registry. Although overall system performance will be improved, this system will be vulnerable to Meltdown attacks. Spectre protection has not been disabled.

 

[BothOn]

  • The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

 

[Reco]

Guidance & Observations

 

[Perfect]

This system is running as securely and quickly as possible in the face of the Meltdown and Spectre vulnerabilities. Its modern hardware and Windows OS are working together to prevent these attacks with minimal impact upon performance.

 

[PcidUnused2]

The Windows OS installed on this young Intel-based system is employing the slowest approach for preventing Meltdown vulnerability attacks despite the fact that this system's modern processor does support high-speed prevention. This is something that Microsoft could fix if they chose to. (They did it for the latest Windows 10.) The question is: Will they step up and do what they should? or will they use this as additional pressure to push users where they clearly do not wish to go?

 

[Spectre]

Unfortunately, this system will be open to exploitation of the Spectre vulnerability until and unless its BIOS and CPU microcode firmware are updated. You should contact the system's vender and work to obtain an updated BIOS for this system, which will bring updated firmware along as part of the process. If future solutions to the Spectre vulnerability are found, this InSpectre utility will be updated to reflect them.

 

[Unaware]

Since this version of Windows is not fully aware of both of these security threats, if possible you should consider updating to a newer version which is fully aware. There are versions of Windows 7, 8.1 and 10 which are fully aware... even at a possible cost in system performance.

 

[32bits]

At the time of this release, Microsoft has not addressed these problems in any way on the 32-bit versions of their operating systems–such as this one. It is unclear whether updates for those machines will be coming in the future.

 

[EndIntel]

When enabled and active, both of these vulnerability protections come at some cost in system performance, and Meltdown attack protection may be quite expensive on older systems or under versions of Windows where Microsoft has not bothered to implement high-speed solutions. If this system's performance is more important than security, either or both of the vulnerability protections can be disabled to obtain greater performance.

 

[EndAMD]

This system's AMD processor is naturally immune to Meltdown attacks but not from Spectre attacks. When enabled and active, protection from Spectre will come at some cost in system performance. If this system's performance is more important than security, the Spectre vulnerability protection can be disabled to obtain somewhat improved performance.

 

[Final]

When InSpectre is run with elevated administrative privilege, each button below toggles its respective protection on or off. Any changes will take effect after the system is restarted. Each button will be disabled if its protection is not available to be changed.

 

 For more information see GRC's InSpectre web page


Copyright © 2018 by Gibson Research Corporation

[TechDetails]

 

This {9}-bit OS on {10} Processor:

 

            OS is Meltdown aware:              {1}

            OS is Spectre aware:                 {2}

            OS Meltdown data:                    {3}

            OS Spectre data:                      {4}

            PCID/INVPCID instructions:       {5} /{6}

            CPU microcode updated:          {7}

            CPU is meltdown vulnerable:      {8}

 

This system's processor identification:

 {11}

 

Documentation of Meltdown (KVA) and Spectre (branch control speculation) bit flags returned by the NtQuerySystemInformation call which, when supported by updated versions of Windows as shown above, provides detailed information about Windows' management of these vulnerabilities:

 

            KVA (Meltdown Vulnerability) flags:

            ==================================

            0x01     KVA_SHADOW_ENABLED

            0x02     KVA_SHADOW_USER_GLOBAL

            0x04     KVA_SHADOW_PCID

            0x08     KVA_SHADOW_INVPCID

 

            Branch Prediction Speculation (Spectre) flags:

            ==================================

            0x01     BPB_ENABLED

            0x02     BPB_DISABLED_SYSTEM_POLICY

            0x04     BPB_DISABLED_NO_HW_SUPPORT

            0x08     SPEC_CTRL_ENUMERATED

            0x10     PRED_CMD_ENUMERATED

            0x20     IBRS_PRESENT

            0x40     STIBP_PRESENT

            0x80     SMEP_PRESENT

 

The presence of both the relatively recent PCID and INVPCID instructions allows Windows (when it chooses to take advantage of these instructions) to protect against the Meltdown vulnerability without significant system performance impact.

 

AMD processors do not require and do not offer and do not need the PCID and INVPCID instructions since they are inherently not vulnerable to Meltdown attack.

 

"CPU microcode updated" indicates that this system is using recently updated Intel or AMD microcode which provides the control over branch prediction speculation required to allow an aware operating system to protect the system from the Spectre vulnerabilities.

 

This application will run under WINE and can therefore be used on non-Windows systems. Although its operating system data may not be meaningful under WINE, its display of the underlying processor capabilities will be accurate.

 

 For more information see GRC's InSpectre web page


Copyright © 2018 by Gibson Research Corporation

[EndOfText]]


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users