Tip: Make Sure Your PC is Safe from Meltdown and Spectre

Tip: Make Sure Your PC is Safe from Meltdown and Spectre

Security expert Steve Gibson has done it again. His latest utility, InSpectre, can check your PC to see whether it is adequately protected from the recent Meltdown and Spectre security vulnerabilities.

You need this. So head on over to Steve’s GRC website and download InSpectre.

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Put simply, InSpectre does three things: It determines whether your PC is vulnerable to Meltdown and Spectre. It checks to see what the performance impact is from the fixes you have installed. And it lets you toggle off those fixes, on the fly, if you need the full performance of your PC.

I ran InSpectre on my current desktop PC, an HP EliteOne all-in-one, and found that I was protected against Meltdown but not Spectre. And that my performance was “good,” which makes sense since I’m running the latest OS version on recent Intel hardware.

Steve’s utility noted that my vulnerability to Spectre was due to my BIOS/firmware not being updated.

So I checked with the HP Support Assistant and, sure enough, there was a BIOS update.

So I installed it, rebooted, and checked with InSpectre again. And now my PC is secure.

Get this now. And follow its advice. Seriously.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 42 comments

  • webdev511

    Premium Member
    17 January, 2018 - 4:41 pm

    <p>Yeah I'm thinking it's long odds that Asus (or anyone) will be updating Bios for the Intel x79 based boards. BOO!</p>

  • MattHewitt

    Premium Member
    17 January, 2018 - 4:43 pm

    <p>Thanks for posting this! This tool is great and makes things pretty straightforward.</p>

  • Skipper

    17 January, 2018 - 4:51 pm

    <p>Windows defender smart screen is reporting that Steve's GRC website is unsafe</p>

    • Paul Thurrott

      Premium Member
      17 January, 2018 - 4:57 pm

      <blockquote><a href="#238516"><em>In reply to Skipper:</em></a></blockquote><p>It's not unsafe.</p>

    • rameshthanikodi

      17 January, 2018 - 6:29 pm

      <blockquote><a href="#238516"><em>In reply to Skipper:</em></a></blockquote><p>Read the site. It says the SmartScreen warning is a false positive which was triggered by the prior version of the software. The current version is safe.</p>

    • Galli

      17 January, 2018 - 7:00 pm

      <blockquote><a href="#238516"><em>In reply to Skipper:</em></a></blockquote><p>I would trust Steve Gibson on Security more than Microsoft!!</p>

  • Brazbit

    17 January, 2018 - 4:53 pm

    <p>Windows Defender Smart Screen advises against following the link to grc.com due to it being a malicious software threat. Nice</p>

    • Paul Thurrott

      Premium Member
      17 January, 2018 - 4:56 pm

      <blockquote><a href="#238517"><em>In reply to Brazbit:</em></a></blockquote><p>Yep. It is wrong. </p>

    • Corbey

      Premium Member
      18 January, 2018 - 10:38 am

      <blockquote><a href="#238517"><em>In reply to Brazbit:</em></a></blockquote><p>With the latest version of his utility, Steve Gibson seems to have fixed that problem, so you should no longer get a warning from Windows Defender. At least I didn't.</p>

  • xapache

    17 January, 2018 - 4:59 pm

    <p>Got to love the irony of Windows Defender indicating the site is unsafe….</p><p><br></p><p>BTW Surface Book good to go.</p>

  • NoFlames

    17 January, 2018 - 5:18 pm

    <p>You can also install a PowerShell module to check if you are running Windows.</p><ol><li>Press the Windows key and type <strong>PowerShell</strong>.</li><li>Right click the PowerShell shortcut and select <strong>Run as Administrator</strong>.</li><li>Type <strong>Install-Module SpeculationControl</strong> and press <strong>Enter</strong>.</li><li>If you are prompted to install the NuGet provider, type <strong>Y</strong> and press <strong>Enter</strong>, and repeat if you are warned about installing from an untrusted repository.</li><li>With the installation complete, type <strong>Import-Module SpeculationControl</strong> and press <strong>Enter</strong>.</li><li>Type <strong>Get-SpeculationControlSettings</strong> and press <strong>Enter</strong>.</li></ol><p><br></p><p>Credit: https://betanews.com/2018/01/05/microsoft-powershell-meltdown-spectre-script/</p><p>If it complains you may need to run the command <em>Set-ExecutionPolicy RemoteSigned</em></p>

  • Polycrastinator

    17 January, 2018 - 5:19 pm

    <p>Nice. I'm still waiting for an update for my Intel desktop board which is 6 years old at this point, so I'm wondering if I'm going to be waiting forever. A real shame, as the overclocked CPU in there is still fast in comparison to a lot of other things.</p>

  • smashie

    17 January, 2018 - 5:19 pm

    <p>Well my XPS 13 has all been updated and good, no such luck for my older tower :/</p><p><br></p><p>Still on the plus side I have got a new motherboard, CPU and ram on the way :)</p>

  • brettscoast

    Premium Member
    17 January, 2018 - 5:32 pm

    <p>Thanks for the heads up Paul going to get on this immediately Steve Gibson is one of the most respected foremost experts on tech security there is around. Excellent advice.</p>

  • Birraque

    17 January, 2018 - 5:39 pm

    <p>Only fewer newest computers are receiving firmware updates. #FAIL</p><p>Lenovo Yoga 2 Pro (Intel Core i7 4500U Haswell) isn't even listed under&nbsp;Lenovo Security Advisory LEN-18282 to be updated (NO ETA).</p>

    • rameshthanikodi

      17 January, 2018 - 6:33 pm

      <blockquote><a href="#238533"><em>In reply to Birraque:</em></a></blockquote><p>yup, same. My Lenovo Flex 2, also a Haswell machine, is not listed. Dumb, because older machines are more vulnerable than newer machines. But technically our machines have reached EOL on Lenovo's watch so I guess we shouldn't be expecting any firmware updates.</p>

      • Birraque

        18 January, 2018 - 8:10 am

        <blockquote><a href="#238551"><em>In reply to FalseAgent:</em></a> My Yoga 2 Pro has 3 years old and Intel promised to address all CPU until 5 years old. Since all Haswell was manufactured with this vulnerability how could it EOL? Lenovo should provide a new Firmware for all.</blockquote><p><br></p>

  • tbsteph

    17 January, 2018 - 7:13 pm

    <p>Spectre – No</p><p>Performance – Slow</p><p><br></p><p>Old computer? No, just a Surface 3. I'm sure the "fix" is in Satya's inbox ready to be implemented any time now :)</p>

  • JanesJr1

    17 January, 2018 - 7:41 pm

    <p>When I follow your link, Paul, I get a Windows Defender "red screen of death" with the following message:</p><p><br></p><h2>This website has been reported as unsafe</h2><h3>www.grc.com</h3><h3><br></h3><p><br></p><p> We recommend that you do not continue to this website. It has been reported to Microsoft for containing threats to your computer that might reveal personal or financial information. </p><p> Back to safety <a href="about:blank" target="_blank"> </a><a style="color: rgb(255, 255, 255);" href="about:blank" target="_blank"> More information </a><a href="about:blank" target="_blank"> </a> <a href="about:blank" target="_blank"> </a><a style="color: rgb(255, 255, 255);" href="about:blank" target="_blank">&nbsp;</a><a href="about:blank" target="_blank"> </a><a style="color: rgb(255, 255, 255);" href="about:blank" target="_blank">  </a><a href="about:blank" target="_blank"> </a></p><p><br></p><p> Windows Defender SmartScreen </p><p><span style="color: rgb(255, 255, 255); background-color: transparent;"> </span></p>

    • Martin Pelletier

      Premium Member
      17 January, 2018 - 8:01 pm

      <blockquote><a href="#238559"><em>In reply to JanesJr1:</em></a></blockquote><p>On the GRC site :</p><p><br></p><p>"<strong>BOGUS “SmartScreen” WARNING from Edge and IE11 Browsers</strong></p><p><span style="color: rgb(0, 0, 153); background-color: rgb(255, 255, 204);">Windows Defender “SmartScreen” appears to have decided that InSpectre is malware. This also happened briefly after the release of our </span><a style="color: rgb(0, 102, 204); background-color: transparent;" href="https://www.grc.com/never10.htm&quot; target="_blank"><strong><em>Never10</em></strong></a><span style="color: rgb(0, 0, 153); background-color: rgb(255, 255, 204);"> utility. In this case, it is likely due to the fact that InSpectre's initial release was triggering anti-virus scanners due to the program's use of a specific registry key used to enable and disable the Meltdown and Spectre protections. The second release obscures its use of that (apparently worrisome) key and now appears to pass through most A/V without trouble. So we are hopeful that this SmartScreen false alarm will disappear soon.</span></p><p><br></p><p><span style="color: rgb(0, 0, 153); background-color: rgb(255, 255, 204);">In the meantime, </span><strong style="color: rgb(0, 0, 153); background-color: transparent;"><em>PLEASE do not get a copy</em></strong><span style="color: rgb(0, 0, 153); background-color: rgb(255, 255, 204);"> of this program from any 3rd-party download site, since that one </span><strong style="color: rgb(0, 0, 153); background-color: transparent;"><em>could</em></strong><span style="color: rgb(0, 0, 153); background-color: rgb(255, 255, 204);"> actually be malicious. If you have any non-Microsoft web browser (Chrome, Firefox, Opera, etc.) you should be able to obtain and use InSpectre without trouble. If you have a friend who is using some other computer (Windows 7 has no problem with this either) ask them to grab it from here and send it to you. Since the program is only 122k (written in assembly language) it's feasible to eMail it."</span></p><p><br></p><p>Seems that SmartScreen doesn't like optimized program made in assembly :)</p><p><br></p>

      • IanYates82

        Premium Member
        18 January, 2018 - 4:58 am

        <blockquote><a href="#238564"><em>In reply to MartinusV2:</em></a></blockquote><p>Whilst funny, it's simply because of the embedded string pointing at the registry key. That would've been added to AV signature databases at least a couple of weeks ago, maybe earlier. </p>

  • Dan1986ist

    Premium Member
    17 January, 2018 - 7:49 pm

    <p>Have to wait and hope that Dell releases bios updates for the Venue 8 Pro 5830 and the Venue 10 Pro 5056. And those tablets aren't even on Dell's list of affected devices. </p>

  • skane2600

    17 January, 2018 - 8:12 pm

    <p>Isn't Gibson a rather controversial figure in the tech community?</p>

  • Oasis

    Premium Member
    17 January, 2018 - 8:26 pm

    <p> Good Luck with Dell. They don't list my Inspiron 3847 Desktop W7/ i5-4440. This machine isn't even 4 years old. Is there a list of which Intel CPUs they are going to do fixes for?</p>

  • red.radar

    Premium Member
    17 January, 2018 - 9:35 pm

    <p>Lenovo P51 – all patched up. </p><p><br></p><p>thanks Paul, great and simple utility. </p>

  • eeisner

    Premium Member
    17 January, 2018 - 11:09 pm

    <p>Steve Gibson may be a bit extreme, but he gets it done. Thanks for the heads up, Paul. </p>

  • Gavin Groom

    17 January, 2018 - 11:14 pm

    <p>My older laptop has no new BIOS updates, so it seems I'm vulnerable to Spectre till I get a new machine.</p>

  • jimchamplin

    Premium Member
    17 January, 2018 - 11:29 pm

    <p>Yes. Because Lenovo will soooooo release a patch for my 2009/2010-era box ?</p>

  • Jacob Klein

    17 January, 2018 - 11:33 pm

    <p>For those that want to update the Intel Microcode on their own, in Windows, you can! And it's easily uninstallable too — read on! PS: I tried to fix the formatting, but couldn't figure out how, sorry.</p><p><br></p><p>Original source of info:</p><p><a href="http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/&quot; target="_blank">http://forum.notebookreview.com/threads/how-to-update-microcode-from-windows.787152/</a></p><p><br></p><p>VMware CPU Microcode Update Driver</p><p><a href="https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver&quot; target="_blank">https://labs.vmware.com/flings/vmware-cpu-microcode-update-driver</a></p><p><br></p><p>Intel Microcode</p><p><a href="https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t&quot; target="_blank">https://downloadcenter.intel.com/download/27431/Linux-Processor-Microcode-Data-File?v=t</a></p><p>(Note: If the webpage says a newer version is available, use that!)</p><p><br></p><p>AMD Microcode</p><p><a href="https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode&quot; target="_blank">https://git.kernel.org/cgit/linux/kernel/git/firmware/linux-firmware.git/tree/amd-ucode</a></p><p>Alternatively, see "microcode" links at the RIGHT of these pages:</p><p><a href="https://packages.debian.org/stable/admin/amd64-microcode&quot; target="_blank">https://packages.debian.org/stable/admin/amd64-microcode</a></p><p><a href="https://packages.debian.org/testing/admin/amd64-microcode&quot; target="_blank">https://packages.debian.org/testing/admin/amd64-microcode</a></p><p><a href="https://packages.debian.org/unstable/admin/amd64-microcode&quot; target="_blank">https://packages.debian.org/unstable/admin/amd64-microcode</a></p><p><br></p><p>HWiNFO64</p><p><a href="https://www.hwinfo.com/&quot; target="_blank">https://www.hwinfo.com/</a></p><p><br></p><p>To Install:</p><p>1) Use software (like HWiNFO64) to make a note of the current Microcode version.</p><p>2) Extract "VMware CPU Microcode Update Driver" contents into a folder of your choice, for this demo we'll call it uCode.</p><p>3) Copy the latest Intel Microcode file, microcode.dat, into the uCode folder.</p><p>4) Copy the 6 latest AMD Microcode files, microcode_amd*.bin, into the uCode folder.</p><p>5) Run install.bat as Administrator</p><p>- The microcode files and driver will be copied to the Windows\System32\Drivers folder.</p><p>- The driver will be executed and micro code updated if the microcode files contain a newer version.</p><p>6) If successful, will say "Install completed with code 0."</p><p>7) Reboot the PC</p><p>8) Verify the updated Microcode version:</p><p>- Method 1: Use software (like HWiNFO64)</p><p>- Method 2: Event Viewer -&gt; Windows Logs -&gt; System, filter for Event Source "cpumcupdate"</p><p><br></p><p>To Update:</p><p>1) Use the Uninstall instructions, without restarting.</p><p>2) Use the Install instructions, with restarting.</p><p><br></p><p>To Uninstall:</p><p>1) Extract "VMware CPU Microcode Update Driver" contents into a folder of your choice, for this demo we'll call it uCode.</p><p>2) Run uninstall.bat as Administrator</p><p>3) Reboot the PC</p><p>4) Verify the Microcode is not being updated by the service:</p><p>- Method 1: Event Viewer -&gt; Windows Logs -&gt; System, filter for Event Source "cpumcupdate" – You should see no Event Logs since the reboot.</p>

    • Birraque

      18 January, 2018 - 8:03 am

      <blockquote><a href="#238597"><em>In reply to Jacob Klein:</em></a> Only a Firmware update from manufacturer can handle Spectre security vulnerability. VMWare only patch the OS side.</blockquote><p><br></p>

      • Jacob Klein

        21 January, 2018 - 12:13 am

        <blockquote><a href="#238657"><em>In reply to Birraque:</em></a></blockquote><p>The solution applies the patch, at OS-load-time. It's not quite the same as having it installed by the BIOS at BIOS-load-time, but the solution does protect you while you use the OS..</p>

  • ZeroPageX

    18 January, 2018 - 12:19 am

    <p>Cool utility. Unfortunately, many motherboards will not have BIOS updates released, even from a few years ago. Intel released microcode updates for Linux which is a nice alternative for those people who run Linux, but for some reason, Microsoft is not doing this. So, I guess those of us who don't have a brand new machine are hosed. :-\</p>

  • wright_is

    Premium Member
    18 January, 2018 - 2:44 am

    <p>My ThinkPad is good, my Ryzen 7 is party good – no hardware fix for Spectre yet.</p>

  • Stooks

    18 January, 2018 - 7:56 am

    <p>Personally I would not install any of these patches for a while. </p><p><br></p><p>First there is no known threat. Even if there is all it could do is peak into those pipelines on the CPU to get bits of information. It would take a long time to MAYBE find some info that is worth anything, days and days.</p><p><br></p><p>Also over on Neowin right now is post about how these BIOS updates from some vendors are causing un-expected reboots after the updates.</p><p><br></p><p>Let AV software block the threats, if and when the come out. Let Intel and the PC maker come out with GOOD updates via a BIOS updates because this a is a HARDWARE issue. Personally avoid the Microsoft updates as long as possible as the have the potential to kill performance or if you have a AMD box, brick it.</p><p><br></p><p><br></p>

    • NT6.1

      19 January, 2018 - 1:04 pm

      <blockquote><a href="#238655"><em>In reply to Stooks:</em></a></blockquote><p><br></p><p>I agree. My Windows 10 Anniversary version is updated. If there's a problem I could uninstall the security patch or clean install Windows. I'm not messing with firmware after all the reboots issues people are having.</p>

  • jwpear

    Premium Member
    18 January, 2018 - 8:12 am

    <p>I'd like to see Intel offer a trade in program to get a discounted replacement processor. I think that's the right thing to do. </p><p><br></p><p>I have a custom-built machine with an i7-3770 and an Intel motherboard. I'm guessing I won't see a Spectre patch for it. And even if I do, it is guaranteed to slow the machine. It's a perfectly good machine otherwise and probably would have carried me through several more years. The question now is whether to trust that I can keep malware off the machine that might try to leverage the Spectre vulnerability. </p>

  • Corbey

    Premium Member
    18 January, 2018 - 2:57 pm

    <p>Dell XPS 8900 tower from a couple of years ago with Skylake i7. Windows patched and BIOS updated. No problems.</p><p><br></p><p>Thanks for this post, Paul!</p>

  • jtf

    21 February, 2018 - 4:12 pm

    <p>has anyone successfully got the command line "probe" to work with this tool?</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC