PowerShell script for CPU information, incl. CPUID

Page 2 of 13 FirstFirst 123412 ... LastLast
  1. muchomurka's Avatar
    Posts : 710
    finally UPGRADED from ltsc to win7
       #11

    But it isn't response to my question; definitely I know what I am doing

    So am I alone who refuse to tolerate serious performance drop (at the cost of implementing of new workflow to maintain security on home systems)?
      My Computer

  2. ddelo's Avatar
    Posts : 1,826
    Windows 10 Pro x64
    Thread Starter
       #12

    muchomurka said:
    But it isn't response to my question; definitely I know what I am doing

    So am I alone who refuse to tolerate serious performance drop (at the cost of implementing of new workflow to maintain security on home systems)?
    That's why I answered the way I did.
    Since you do face serious performance issues, it's up to you to evaluate the risks and decide what is best for you i.e performance VS security.
      My Computer

  3. lx07's Avatar
    Posts : 5,477
    1903
       #13

    muchomurka said:
    So am I alone who refuse to tolerate serious performance drop (at the cost of implementing of new workflow to maintain security on home systems)?
    I never saw any performance drop (that I noticed - I didn't benchmark it). I run a lot of VM (mostly in fact).

    If I had I'd have done the same as you as I don't really feel Spectre/Meldown is a big issue for me. As a home user I don't have unknown programs running (as far as I can tell obviously) so I don't really care.

    I'm not really sure it is a big deal for anyone to be honest (it all seems theoretical) but perhaps I don't understand it well enough.
      My Computer

  4. muchomurka's Avatar
    Posts : 710
    finally UPGRADED from ltsc to win7
       #14

    muchomurka said:
    I decided to disable all that protections... Am I alone?

    ddelo said:
    Since you do face serious performance issues, it's up to you to evaluate the risks and decide what is best for you i.e performance VS security.

    If you don't want to reply directly to simple and unambiguous question then there's really no need to answer.
      My Computer

  5. muchomurka's Avatar
    Posts : 710
    finally UPGRADED from ltsc to win7
       #15

    lx07 said:
    I never saw any performance drop (that I noticed - I didn't benchmark it). I run a lot of VM (mostly in fact).

    It depends. If you have last gen processor and don't need to perform tasks like sql data processing or running virtual machines under nested hypervisors, you perhaps don't notice significant performance drop.
      My Computer

  6. ddelo's Avatar
    Posts : 1,826
    Windows 10 Pro x64
    Thread Starter
       #16

    muchomurka said:
    If you don't want to reply directly to simple and unambiguous question then there's really no need to answer.
    My answer is that it's your call. Personally, I would accept some (not major) performance degradation, to have peace of mind from these vulnerabilities. But I do not do SQL data processing, not at home at least. I leave that stuff for the Enterprise servers, in a closed, secure environment.

    If you're alone? I don't know. Maybe for such heavy home use, if the slowdown is significant like yours, then you disable the mitigations, be extra careful and backup regularly.
      My Computer


  7. muchomurka's Avatar
    Posts : 710
    finally UPGRADED from ltsc to win7
       #17

    ddelo said:
    My answer is that it's your call. Personally, I would accept some (not major) performance degradation, to have peace of mind from these vulnerabilities. But I do not do SQL data processing, not at home at least. I leave that stuff for the Enterprise servers, in a closed, secure environment.
    As I already wrote above, I don't need neither advices nor opinions, they both have zero value for me. I already decided and I understand consequencies & responsibilities. So please don't continue this way if you can.

    I'm only curious whether other people made the same decision as I did. This is my only one question, nothing more. So once again:

    muchomurka said:
    Btw after observations of visible performance drop during regular use (and catastrophic while using nested virtualization) I decided to disable all that protections on all my home systems using InSpectre & downgrade BIOSes when necessary. Am I alone?
      My Computer

  8. Barefoot's Avatar
    Posts : 52
    Windows 10 Pro 64-Bit
       #18

    muchomurka, I have reverted to BIOS F22 (date of Aug 23 2017) for my Gigabyte GA-Z170X Designare board. I built my machine with top performing parts a couple years ago and had not had any crashes or BSOD, just a very stable, smoking fast computer. I was very disappointed that all of that changed when I flashed the BIOS to F23G, installed the microcode software update from Microsoft and installed the latest Intel Management software. I keep meticulous backups as the previous poster mentioned, but that's not really the main issue. A backup might contain your important data, but it won't help when your passwords and personal sensitive information is out in the wild for the highest bidder, and supposedly you won't even know your data was stolen.
      My Computer


  9. Posts : 214
    Windows 10 Home x64
       #19

    Thank you @ddelo.

    If they match like on your screenshot does that mean that the BIOS/UEFI uCode is working and in use even if OS patches are also at the 0x2B level? I did the PowerShell speculation script and posted it here b/c do not understand it at all even with the documentation. Sorry this is sort of a cross-post.

    My guess is that something like this:
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True

    Means what can be protected by my BIOS is the latest version and what can be protected by the OS is being protected by the latest version. But what confuses is why is the Windows OS support enabled if there is hardware mitigation present?

    Also does CPU-info install any modules or scripts in a directory and if so where? Or is it just the one script on the desktop?

    Last the "Set-ExecutionPolicy Bypass -Scope Process –force" just causes that policy for that PowerShell session? When I reopened and did GetList I got:
    Scope ExecutionPolicy
    ----- ---------------
    MachinePolicy Undefined
    UserPolicy Undefined
    Process Undefined
    CurrentUser RemoteSigned
    LocalMachine Undefined
    This is the proper default?
      My Computer

  10. ddelo's Avatar
    Posts : 1,826
    Windows 10 Pro x64
    Thread Starter
       #20

    andyouf said:
    Thank you @ddelo.

    If they match like on your screenshot does that mean that the BIOS/UEFI uCode is working and in use even if OS patches are also at the 0x2B level?

    You're most welcome, Andy!
    If BIOS/UEFI microcode revision and Current microcode revision match, it means that the installed update at the BIOS/UEFI level is the same with the one currently running at the OS level. i.e. If you have applied any OS update, this OS update is the same or lower than the one of the BIOS/UEFI, in which case the OS update is discarded.


    andyouf said:
    I did the PowerShell speculation script and posted it here b/c do not understand it at all even with the documentation. Sorry this is sort of a cross-post.

    My guess is that something like this:
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True

    Means what can be protected by my BIOS is the latest version and what can be protected by the OS is being protected by the latest version. But what confuses is why is the Windows OS support enabled if there is hardware mitigation present?
    Hardware support for branch target injection mitigation is present: True
    This line tells you if hardware features are present to support the branch target injection mitigation. The device OEM is responsible for providing the updated BIOS/firmware that contains the microcode provided by CPU manufacturers. If this line is True, the required hardware features are present.

    Windows OS support for branch target injection mitigation is present: True
    This line tells you if Windows operating system support is present for the branch target injection mitigation. If it is True, the operating system supports enabling the branch target injection mitigation (and therefore has installed the appropriate update). Again if the BIOS/UEFI update is later than the available OS update, then OS update is discarded, but at OS level you're protected.

    Windows OS support for branch target injection mitigation is enabled: True
    This line tells you if Windows operating system support is enabled (if it's present from the previous line) for the branch target injection mitigation. If it is True, hardware support and OS support for the branch target injection mitigation is enabled for the device, thus protecting against CVE-2017-5715.

    andyouf said:
    Also does CPU-info install any modules or scripts in a directory and if so where? Or is it just the one script on the desktop?

    It's just a script on your Desktop. Nothing is installed anywhere.


    andyouf said:
    Last the "Set-ExecutionPolicy Bypass -Scope Process –force" just causes that policy for that PowerShell session? When I reopened and did GetList I got:
    This is the proper default?
    Yes, only for this session. (By the -Scope Process switch)

    The default settings are the following:

    PowerShell script for CPU information, incl. CPUID-default-exec.policy.png


    My settings are:

    PowerShell script for CPU information, incl. CPUID-capture.png

    I hope this helps. Cheers. Dimitri
      My Computer


 
Page 2 of 13 FirstFirst 123412 ... LastLast

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:22.
Find Us




Windows 10 Forums