Easily examine and understand any Windows

system's hardware and software capability to

prevent Meltdown and Spectre attacks.

Now determines and displays whether Intel has produced

a microcode update patch for the Spectre vulnerability.

(See the Release #8 comments below.)

File stats for: InSpectre



Last Updated:

Size: 126k Apr 21, 2019 at 13:59

(517.18 days ago) Downloads/day: 1,175

Total downloads: 1,928,246 Current Rank: 2

Historical Rank: 9

“InSpectre” is an easy to use & understand utility designed to clarify

the many overlapping and confusing aspects of any Windows

system's ability to prevent the Meltdown and Spectre attacks.

As the application's textual display says...

In early 2018 the PC industry was rocked by the revelation that common processor design features, widely used to increase the performance of modern PCs, could be abused to create critical security vulnerabilities. The industry quickly responded, and is responding, to these Meltdown and Spectre threats by updating operating systems, motherboard BIOSes and CPU firmware.

Protection from these two significant vulnerabilities requires updates to every system's hardware–its BIOS which reloads updated processor firmware–and its operating system–to use the new processor features. To further complicate matters, newer processors contain features to minimize the performance impact of these important security improvements. But older processors, lacking these newer features, will be significantly burdened and system performance will suffer under some workloads.

This InSpectre utility was designed to clarify every system's current situation so that appropriate measures can be taken to update the system's hardware and software for maximum security and performance.

Frequently Asked Question

Q:

On some of the computers, one or the other or both of the Enable/Disable Protection buttons are grayed out and disabled so that they cannot be used. What's going on?

A:

Either of the Protection Enable/Disable buttons will be disabled when the button's respective vulnerability cannot be enabled or disabled by its user. For example, Since AMD processors have never been subject to the Meltdown vulnerability, the Meltdown button will be disabled because there's no way for its protection to be disabled. This would also be true (in the other direction) when a system has an Intel processor and any version of Windows that has not been updated for the Meltdown vulnerability. In that case the system is vulnerable and there's no way for the button to make it invulnerable.



Similarly, any computer whose firmware has not been updated will be vulnerable to Spectre attacks and, again, the button cannot make it invulnerable.



So, InSpectre will enable those buttons when the system's conditions allow the operating system to protect against the respective vulnerability, but the user may wish to disable that protection, where possible.

Release History

Release #1 — Initial release:

The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory.

The first release was triggering false-positive warnings from 3rd-party anti-virus scanners. This was probably due to a registry key the application uses to enable/disable the Meltdown and Spectre protections. Also, the language used in one of the text-explainers was confusing and self-contradictory. Release #2 — Second try:

This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let's see how this second try fares.

Release #2 — Second try: This second release hides its use of the registry key that was upsetting so many anti-virus scanners. A pass through Virus Total shows that made a huge difference. And that confusing paragraph was rewritten into two, which are now presented more correctly. Let's see how this second try fares. Release #3 — Raw Technical Data Display:

InSpectre's more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpectre could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine's CPU support. As shown to the right, InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpectre's analysis of its operating environment.

InSpectre's more technically inclined users have asked for more information about how InSpectre makes its decisions. Non-Windows users have also asked for that information so that InSpectre could be run on Linux and MacOS machines (under WINE) to check the non-Windows machine's CPU support. As shown to the right, InSpectre release #3 adds a “Show Technical Details” item in the system control menu at the upper-left corner of the app. Click on the little “Spectre” icon and select the “Show Tech Details” item to display the raw data obtained by InSpectre's analysis of its operating environment. Release #4 — Silent System Probe Option:

When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed and InSpectre will act like a command-line utility. It will assess its hosting system's status, then immediately terminate itself returning a decimal exitcode which encodes the eight “trouble bits” shown below, which itemizes any trouble. Therefore, for example, an exitcode of zero (0) is returned only by a fully secure system.



Decimal

Value Trouble Itemization 1 OS is not aware of the Meltdown vulnerability 2 OS is not aware of the Spectre vulnerability 4 The system is vulnerable to Meltdown 8 The system is vulnerable to Spectre 16 CPU does not support Spectre (microcode not updated) 32 CPU does not support low-overhead Meltdown protection 64 Meltdown protection disabled by registry setting 128 Spectre protection disabled by registry setting Since InSpectre's exitcode is the sum of the values shown above which are true for any specific system, the table above can be used to decompose InSpectre's probe-mode exitcode to determine the system's trouble.



This zip archive: “InSpectre-Probe-Samples.zip” contains sample batch file and powershell script files for capturing InSpectre's exitcode. Note that an exitcode is not a “printed” output from the program—it won't be printed onto a command console. It is a value that can be obtained by another script or program which executes the program after it terminates.

When InSpectre is launched with the string “probe” in its command line, its Windows user interface will be suppressed and InSpectre will act like a command-line utility. It will assess its hosting system's status, then immediately terminate itself returning a decimal exitcode which encodes the eight “trouble bits” shown below, which itemizes any trouble. Therefore, for example, an exitcode of zero (0) is returned only by a fully secure system. Since InSpectre's exitcode is the sum of the values shown above which are true for any specific system, the table above can be used to decompose InSpectre's probe-mode exitcode to determine the system's trouble. This zip archive: “InSpectre-Probe-Samples.zip” contains sample batch file and powershell script files for capturing InSpectre's exitcode. Note that an exitcode is not a “printed” output from the program—it won't be printed onto a command console. It is a value that can be obtained by another script or program which executes the program after it terminates. Release #5 — Copy results to system clipboard:

Earlier releases of InSpectre did not encourage copying the program's displays out of the application. Any region of the results can now be marked with the mouse and copied to the system's shared clipboard by using the standard Ctrl-C key combination. The application's system menu (under the small Spectre icon at the upper-left corner of the application window) also now contains a “Copy to Clipboard” option which will either copy a marked region or the entire textual content if no region is marked for copying.

Earlier releases of InSpectre did not encourage copying the program's displays out of the application. Any region of the results can now be marked with the mouse and copied to the system's shared clipboard by using the standard Ctrl-C key combination. The application's system menu (under the small Spectre icon at the upper-left corner of the application window) also now contains a “Copy to Clipboard” option which will either copy a marked region or the entire textual content if no region is marked for copying. Release #6 — Worked around a Microsoft bug and more . . .

Users of an earlier version of Windows 10 (version 1703 ‑ the non-Fall Creator's Update) reported that InSpectre did not believe that their system had been patched for the Spectre vulnerability. Upon analysis, a bug was discovered in that version of Windows which affected the way 32-bit applications, such as InSpectre, viewed the system. This was apparently fixed in the later “Fall Creator's Update” (version 1709) but not in the earlier version. A 64-bit “probe” was added to the 6th release of InSpectre to work around this bug in version 1703 so that InSpectre would accurately reflect any system's true protection.



And, while we were at it, the language presented in the summary was changed from “vulnerable” to “protected” so that “YES” was the good answer and “NO!” was the bad answer. :)

Users of an earlier version of Windows 10 (version 1703 ‑ the non-Fall Creator's Update) reported that InSpectre did not believe that their system had been patched for the Spectre vulnerability. Upon analysis, a bug was discovered in that version of Windows which affected the way 32-bit applications, such as InSpectre, viewed the system. This was apparently fixed in the later “Fall Creator's Update” (version 1709) but not in the earlier version. A 64-bit “probe” was added to the 6th release of InSpectre to work around this bug in version 1703 so that InSpectre would accurately reflect any system's true protection. And, while we were at it, the language presented in the summary was changed from “vulnerable” to “protected” so that “YES” was the good answer and “NO!” was the bad answer. :) Release #7 — Added the display of the system's CPUID . . .

Microsoft will be making Intel (and perhaps AMD?) processor microcode patches available for the most persistent Spectre Variant 2 vulnerability. These will become available over time as they become available from Intel and they will apparently need to be manually installed by interested Windows users. It is not yet clear whether Microsoft will be willing or interested in making these patches available for earlier versions of its Windows operating systems, but we can hope.



The patches are applicable to specific CPU models only, which are identified by each chip's “CPUID.” For this reason, InSpectre now prominently displays the system's processor CPUID at the top of its system summary.



Please check this page on Microsoft's website to see whether a microcode patch for your CPU, determined by its CPUID, is available at any time:



KB4090007: Intel microcode updates



You can also use your favorite Internet search engine to search for the string “ KB4090007 ” which should always take to that page and to its related Microsoft Update Catalog page to obtain the specific Windows update.

Microsoft will be making Intel (and perhaps AMD?) processor microcode patches available for the most persistent Spectre Variant 2 vulnerability. These will become available over time as they become available from Intel and they will apparently need to be manually installed by interested Windows users. It is not yet clear whether Microsoft will be willing or interested in making these patches available for earlier versions of its Windows operating systems, but we can hope. The patches are applicable to specific CPU models only, which are identified by each chip's “CPUID.” For this reason, InSpectre now prominently displays the system's processor CPUID at the top of its system summary. Please check this page on Microsoft's website to see whether a microcode patch for your CPU, determined by its CPUID, is available at any time: You can also use your favorite Internet search engine to search for the string “ ” which should always take to that page and to its related Microsoft Update Catalog page to obtain the specific Windows update. Release #8 — Now shows whether an Intel microcode patch is (ever) available for Spectre.

Intel has finished designing microcode update patches for its processors. On April 2nd, 2018, they announced that processors that have not yet been patched will never be patched. Their full statement is available in this PDF document. In that document, Intel specifies which of their many processors do have patches and which of their more recent processors will never receive updated firmware. Now that the industry has this information, this 8th release of InSpectre incorporates that list of CPUIDs and displays whether microcode firmware updates exist for the system's Intel CPU.

InSpectre in the News