Windows Client Guidance against speculative execution vulnerabilities

fdegrove said:

Hi,



Disabling it and then re-enabling it is pretty easy to do actually.



The Spectre patch is at hardware level so I doubt that that can be toggled. It's a bit like if you could toggle between BIOS\UEFI versions which you can't.


Cheers,

Yes, that does seem odd. However, if you run it, and scroll down you find it says:

The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

So I suppose all it will do in either case is edit the Registry to either allow or disallow the protection, PROVIDED that either the MS updates OR the BIOS update is installed as appropriate.

UPDATE: @johngalt was the first to post about this utility and I just re-read his posts (#307, 308) in which he has copied from the GRC website and that is pretty much what he said in the first place!

VBF said:

Yes, that does seem odd. However, if you run it, and scroll down you find it says:

The system's registry is configured to enable both of the Spectre and Meltdown protections. Within the bounds of any limitations described above, Windows will work with the system's processor to prevent the exploitation of these vulnerabilities.

So I suppose all it will do in either case is edit the Registry to either allow or disallow the protection, PROVIDED that either the MS updates OR the BIOS update is installed as appropriate.

UPDATE: @johngalt was the first to post about this utility and I just re-read his posts (#307, 308) in which he has copied from the GRC website and that is pretty much what he said in the first place!

Thanks - yeah, it is a lot of reading at his site, but here is the gist:

If the buttons are disabled - nothing you can do until your OEM either provides you with the necessary files (usually the BIOS), or else your OS provides you with the necessary files (kernel, etc), *OR* (in the case of Meltdown) you're on an AMD processor-based machine.

If the buttons are enabled then that means you have the files / firmware necessary to implement protection. That leads to 2 cases:

• The buttons show Enable, which means the protection is available but not actually enabled - so click it!
• The button shows Disable, which means the protection is available and enabled, which means you don't need to do anything.

The reason for having this is an easy way for folks with the fixes in place to easily enable and disable the protection - for example, a gamer notices that his FPS has dropped 15%, may then choose to disable protection while in game, and then re-enable it after his gaming session is done. Or, a videographer haws noticed a 10% increase in time it takes to encode his videos for publishing to his stream, so he temporarily disables the protection while encoding.

The site has more info, and a lot of what is at the site is in the app itself as well.

Also, be aware that he has revised the app a few times already since the initial release, so it is a good idea to keep checking his site to see if a newer version is available that may have more enhancements.

(Also, Post#308 was actually all directly from the app itself.)

Bravo!

SO, you can rest assured, now that these things are not able to affect you anymore.

Also, with this utility, you can benchmark your system to see how badly it affects your performance, if you so choose.

Ground Sloth said:

I think that tool is a bit misleading. Even with a microcode update, I'm pretty sure that any processor that does speculative execution is still vulnerable to Spectre to some degree.

And what exactly happens when you click on "Disable Meltdown Protection" or "Disable Spectre Protection"? Do you get a UAC prompt?

Your opinion. I'd trust Gibson over any of the hoopla being spouted by the Media - he didn't start doing this yesterday.

As for what happens when you press the button - well, considering the buttons are disabled on my machine considering that I'm most likely not receiving a BIOS update and am currently running FCU, well, I can't exactly press the buttons and find out, can I?

If you read what Gibson wrote at his site and in the software, there is nothing that is misleading. But, at the same time, we're all entitled to our own opinions.

Neil Macready said:

Wow thanks Toshiba, that's a big help!!! How much longer do we have to wait???

Intel, AMD & Microsoft Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method Security Vulnerabilities

Same here..... my laptop, a Satellite L755-13K Part Number : PSK1WE is amongst the many listed against "TBD"
Being a 2011 model, somehow I don't think it will get an update...

Could this all be "False News".....scaremongering in a bid to increase the sale or upgrading of computers???

Not one recorded infiltration.....it makes you think huh!!!....food for thought.